Report of <WIN-8FFL85VFQP9>

Navigation

AIDA64 Extreme


		Version	AIDA64 v5.00.3335 Beta/vn
		Benchmark Module	4.1.627-x64
		Homepage	http://www.aida64.com/
		Report Type	Quick Report
		Computer	WIN-8FFL85VFQP9
		Generator	Quanravita
		Operating System	Microsoft Windows 8.1 Professional 6.3.10041.0
		Date	2015-04-09
		Time	06:40

Summary


Computer:
	Computer Type	ACPI x64-based PC (Mobile)
	Operating System	Microsoft Windows 8.1 Professional
	OS Service Pack	-
	Internet Explorer	11.0.10011.0
	DirectX	DirectX 12.0
	Computer Name	WIN-8FFL85VFQP9
	User Name	Quanravita
	Logon Domain	WIN-8FFL85VFQP9
	Date / Time	2015-04-09 / 06:40

Motherboard:
	CPU Type	Mobile DualCore Intel Core i3-2370M, 2400 MHz (24 x 100)
	Motherboard Name	Asus X45C Series Notebook
	Motherboard Chipset	Intel Panther Point HM76, Intel Sandy Bridge
	System Memory	5579 MB (DDR3-1333 DDR3 SDRAM)
	DIMM1: Samsung M471B5273DH0-CH9	4 GB DDR3-1333 DDR3 SDRAM (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-20 @ 533 MHz) (6-6-6-17 @ 457 MHz) (5-5-5-14 @ 380 MHz)
	BIOS Type	AMI (02/06/12)

Display:
	Video Adapter	Intel(R) HD Graphics 3000 (2556 MB)
	Video Adapter	Intel(R) HD Graphics 3000 (2556 MB)
	3D Accelerator	Intel HD Graphics 3000
	Monitor	CMN N140BGE-L22 [14" LCD]

Multimedia:
	Audio Adapter	Intel Panther Point HDMI @ Intel Panther Point PCH - High Definition Audio Controller [C-1]
	Audio Adapter	Realtek ALC270 @ Intel Panther Point PCH - High Definition Audio Controller [C-1]

Storage:
	IDE Controller	Realtek PCIE CardReader
	IDE Controller	Standard SATA AHCI Controller
	Storage Controller	Microsoft Storage Spaces Controller
	Disk Drive	WDC WD5000LPVT-80G33T2 (500 GB, 5400 RPM, SATA-II)
	Optical Drive	MATSHITA DVD-RAM UJ8E1 (DVD+R9:4x, DVD-R9:4x, DVD+RW:8x/8x, DVD-RW:8x/6x, DVD-RAM:5x, DVD-ROM:8x, CD:24x/16x/24x DVD+RW/DVD-RW/DVD-RAM)
	SMART Hard Disks Status	OK

Partitions:
	C: (NTFS)	76398 MB (36074 MB free)
	E: (NTFS)	390.6 GB (390.5 GB free)
	Total Size	465.2 GB (425.7 GB free)

Input:
	Keyboard	PC/AT Enhanced PS/2 Keyboard (101/102-Key)
	Mouse	ASUS PS/2 Port Clickpad

Network:
	Primary IP Address	192.168.0.102
	Primary MAC Address	6C-71-D9-81-D0-BC
	Network Adapter	Microsoft Wi-Fi Direct Virtual Adapter
	Network Adapter	Qualcomm Atheros AR9485 Wireless Network Adapter (192.168.0.102)
	Network Adapter	Realtek PCIe GBE Family Controller

Peripherals:
	Printer	Fax
	Printer	Microsoft XPS Document Writer
	Printer	Print as a PDF
	Printer	Send To OneNote 2013
	USB2 Controller	Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1]
	USB2 Controller	Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1]
	USB3 Controller	Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1]
	USB Device	Generic USB Hub
	USB Device	Generic USB Hub
	USB Device	USB Composite Device
	USB Device	USB2.0 HD UVC WebCam
	Battery	Microsoft AC Adapter
	Battery	Microsoft ACPI-Compliant Control Method Battery

DMI:
	DMI BIOS Vendor	American Megatrends Inc.
	DMI BIOS Version	X45C.208
	DMI System Manufacturer	ASUSTeK COMPUTER INC.
	DMI System Product	X45C
	DMI System Version	1.0
	DMI System Serial Number	D4N0CX300598155
	DMI System UUID	11000000-00000000-000074D0-2B454FD6
	DMI Motherboard Manufacturer	ASUSTeK COMPUTER INC.
	DMI Motherboard Product	X45C
	DMI Motherboard Version	1.0
	DMI Motherboard Serial Number	BSN12345678901234567
	DMI Chassis Manufacturer	ASUSTeK COMPUTER INC.
	DMI Chassis Version	1.0
	DMI Chassis Serial Number	D4N0CX300598155
	DMI Chassis Asset Tag	No Asset Tag
	DMI Chassis Type	Notebook

Computer Name


Type	Class	Computer Name
Computer Comment	Logical
NetBIOS Name	Logical	WIN-8FFL85VFQP9
DNS Host Name	Logical	WIN-8FFL85VFQP9
DNS Domain Name	Logical
Fully Qualified DNS Name	Logical	WIN-8FFL85VFQP9
NetBIOS Name	Physical	WIN-8FFL85VFQP9
DNS Host Name	Physical	WIN-8FFL85VFQP9
DNS Domain Name	Physical
Fully Qualified DNS Name	Physical	WIN-8FFL85VFQP9

DMI


[ BIOS ]

	BIOS Properties:
		Vendor	American Megatrends Inc.
		Version	X45C.208
		Release Date	05/14/2013
		Size	6 MB
		System BIOS Version	4.6
		Boot Devices	Floppy Disk, Hard Disk, CD-ROM
		Capabilities	Flash BIOS, Shadow BIOS, Selectable Boot, EDD, BBS, Smart Battery
		Supported Standards	DMI, ACPI, UEFI
		Expansion Capabilities	PCI, USB
		Virtual Machine	No

	BIOS Manufacturer:
		Company Name	American Megatrends Inc.
		Product Information	http://www.ami.com/amibios
		BIOS Upgrades	http://www.aida64.com/bios-updates

[ System ]

	System Properties:
		Manufacturer	ASUSTeK COMPUTER INC.
		Product	X45C
		Version	1.0
		Serial Number	D4N0CX300598155
		SKU#	ASUS-NotebookSKU
		Family	X
		Universal Unique ID	11000000-00000000-000074D0-2B454FD6
		Wake-Up Type	Power Switch

[ Motherboard ]

	Motherboard Properties:
		Manufacturer	ASUSTeK COMPUTER INC.
		Product	X45C
		Version	1.0
		Serial Number	BSN12345678901234567
		Asset Tag	ATN12345678901234567

	Motherboard Manufacturer:
		Company Name	ASUSTeK Computer Inc.
		Product Information	http://www.asus.com/Motherboards
		BIOS Download	http://support.asus.com/download/download.aspx?SLanguage=en-us
		Driver Update	http://www.aida64.com/driver-updates
		BIOS Upgrades	http://www.aida64.com/bios-updates

[ Chassis ]

	Chassis Properties:
		Manufacturer	ASUSTeK COMPUTER INC.
		Version	1.0
		Serial Number	D4N0CX300598155
		Asset Tag	No Asset Tag
		Chassis Type	Notebook
		Boot-Up State	Safe
		Power Supply State	Safe
		Thermal State	Safe
		Security Status	None

[ Processors / Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz ]

	Processor Properties:
		Manufacturer	Intel(R) Corporation
		Version	Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
		Asset Tag	Fill By OEM
		Part Number	Fill By OEM
		External Clock	100 MHz
		Maximum Clock	3800 MHz
		Current Clock	2400 MHz
		Type	Central Processor
		Voltage	:.1 V
		Status	Enabled
		Upgrade	Socket rPGA988B
		Socket Designation	SOCKET 0
		HTT / CMP Units	2 / 2
		Capabilities	64-bit

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel Core i3-2370M
		Driver Update	http://www.aida64.com/driver-updates

[ Caches / CPU Internal L2 ]

	Cache Properties:
		Type	Internal
		Status	Enabled
		Operational Mode	Write-Through
		Associativity	8-way Set-Associative
		Maximum Size	512 KB
		Installed Size	512 KB
		Error Correction	Multi-bit ECC
		Socket Designation	CPU Internal L2

[ Caches / CPU Internal L1 ]

	Cache Properties:
		Type	Internal
		Status	Enabled
		Operational Mode	Write-Through
		Associativity	8-way Set-Associative
		Maximum Size	128 KB
		Installed Size	128 KB
		Error Correction	Parity
		Socket Designation	CPU Internal L1

[ Caches / CPU Internal L3 ]

	Cache Properties:
		Type	Internal
		Status	Enabled
		Operational Mode	Write-Back
		Associativity	12-way Set-Associative
		Maximum Size	3072 KB
		Installed Size	3072 KB
		Error Correction	Multi-bit ECC
		Socket Designation	CPU Internal L3

[ Memory Arrays / System Memory ]

	Memory Array Properties:
		Location	Motherboard
		Memory Array Function	System Memory
		Error Correction	None
		Max. Memory Capacity	32 GB
		Memory Devices	4

[ Memory Devices / ChannelA-DIMM0 ]

	Memory Device Properties:
		Form Factor	SODIMM
		Type	DDR3
		Type Detail	Synchronous
		Size	4 GB
		Max. Clock Speed	1333 MHz
		Current Clock Speed	1333 MHz
		Total Width	64-bit
		Data Width	64-bit
		Ranks	2
		Device Locator	ChannelA-DIMM0
		Bank Locator	BANK 0
		Manufacturer	Samsung
		Serial Number	0099B3F7
		Asset Tag	9876543210
		Part Number	M471B5273DH0-CH9

[ Memory Devices / ChannelA-DIMM1 ]

	Memory Device Properties:
		Form Factor	DIMM
		Device Locator	ChannelA-DIMM1
		Bank Locator	BANK 1
		Manufacturer	[Empty]
		Serial Number	[Empty]
		Asset Tag	9876543210
		Part Number	[Empty]

[ Memory Devices / ChannelB-DIMM0 ]

	Memory Device Properties:
		Form Factor	SODIMM
		Type	DDR3
		Type Detail	Synchronous
		Size	2 GB
		Max. Clock Speed	1333 MHz
		Current Clock Speed	1333 MHz
		Total Width	64-bit
		Data Width	64-bit
		Ranks	1
		Device Locator	ChannelB-DIMM0
		Bank Locator	BANK 2
		Manufacturer	Hynix/Hyundai
		Serial Number	00000000
		Asset Tag	9876543210
		Part Number	HMT325S6CFR8C-PB

[ Memory Devices / ChannelB-DIMM1 ]

	Memory Device Properties:
		Form Factor	DIMM
		Device Locator	ChannelB-DIMM1
		Bank Locator	BANK 3
		Manufacturer	[Empty]
		Serial Number	[Empty]
		Asset Tag	9876543210
		Part Number	[Empty]

[ On-Board Devices / VGA ]

	On-Board Device Properties:
		Description	VGA
		Type	Video
		Status	Enabled

[ On-Board Devices / GLAN ]

	On-Board Device Properties:
		Description	GLAN
		Type	Ethernet
		Status	Enabled

[ On-Board Devices / WLAN ]

	On-Board Device Properties:
		Description	WLAN
		Type	Ethernet
		Status	Enabled

[ Intel vPro ]

	Intel vPro Properties:
		ME Firmware Version	8.1.0.1248
		PCH PCI Bus / Device / Function	0 / 31 / 0
		PCH PCI Device ID	8086-1E59
		Wired NIC PCI Bus / Device / Function	0 / 25 / 0
		Wired NIC PCI Device ID	8086-FFFF
		AMT	Not Supported
		Anti-Theft	Supported, Disabled
		Anti-Theft PBA for Recovery	Supported
		Anti-Theft WWAN	Not Supported
		BIOS TXT	Supported
		BIOS VT-d	Supported
		BIOS VT-x	Supported
		CPU VT-x	Supported, Enabled
		CPU TXT	Not Supported
		KVM	Not Supported
		Local Wakeup Timer	Not Supported
		Management Engine	Enabled
		Small Business Advantage	Not Supported
		Standard Manageability	Not Supported

[ Miscellaneous ]

	Miscellaneous:
		OEM String	pBb6V6hGYwxCJ
		OEM String	8csFDx-0pX+mq
		OEM String	rzg0KbHCEM-76
		OEM String	90NUOA219A29260016UU
		System Configuration Option	DSN: W -DXW12AA527887
		System Configuration Option	DSN:6DF454B20D47
		System Configuration Option	DSN:74D02B454FD6
		System Configuration Option	SMI:00B2CA

Overclock


CPU Properties:
	CPU Type	Mobile DualCore Intel Core i3-2370M
	CPU Alias	Sandy Bridge-MB
	CPU Stepping	D2
	Engineering Sample	No
	CPUID CPU Name	Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
	CPUID Revision	000206A7h
	CPU VID	1.1259 V

CPU Speed:
	CPU Clock	2394.8 MHz (original: 2400 MHz)
	CPU Multiplier	24x
	CPU FSB	99.8 MHz (original: 100 MHz)
	North Bridge Clock	2394.8 MHz
	Memory Bus	665.2 MHz
	DRAM:FSB Ratio	20:3

CPU Cache:
	L1 Code Cache	32 KB per core
	L1 Data Cache	32 KB per core
	L2 Cache	256 KB per core (On-Die, ECC, Full-Speed)
	L3 Cache	3 MB (On-Die, ECC, Full-Speed)

Motherboard Properties:
	Motherboard ID	63-0100-000001-00101111-020612-Chipset$1APTJ013_BIOS DATE: 05/14/13 11:04:29 VER: 04.06.05
	Motherboard Name	Asus X45C Series Notebook

Chipset Properties:
	Motherboard Chipset	Intel Panther Point HM76, Intel Sandy Bridge
	Memory Timings	9-9-9-24 (CL-RCD-RP-RAS)
	Command Rate (CR)	1T
	DIMM1: Samsung M471B5273DH0-CH9	4 GB DDR3-1333 DDR3 SDRAM (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-20 @ 533 MHz) (6-6-6-17 @ 457 MHz) (5-5-5-14 @ 380 MHz)

BIOS Properties:
	System BIOS Date	02/06/12
	Video BIOS Date	03/14/12
	DMI BIOS Version	X45C.208

Graphics Processor Properties:
	Video Adapter	Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2)
	GPU Code Name	Sandy Bridge-MB GT2 (Integrated 8086 / 0116, Rev 09)
	GPU Clock	649 MHz (original: 649 MHz)

Power Management


Power Management Properties:
	Current Power Source	Battery
	Battery Status	11 % (Low Level)
	Full Battery Lifetime	Unknown
	Remaining Battery Lifetime	1233 sec (20 min, 33 sec)

Battery Properties:
	Device Name	K55--44
	Manufacturer	ASUSTeK
	Unique ID	ASUSTeKK55--44
	Battery Type	Rechargeable Li-Ion
	Designed Capacity	47520 mWh
	Fully Charged Capacity	38847 mWh
	Current Capacity	4298 mWh (11 %)
	Battery Voltage	10.800 V
	Charge-Discharge Cycle Count	475
	Wear Level	18 %
	Power State	Discharging
	Discharge Rate	12128 mW

Portable Computer


Centrino (Carmel) Platform Compliancy:
	CPU: Intel Pentium M (Banias/Dothan)	No (Mobile Intel Core i3-2370M)
	Chipset: Intel i855GM/PM	No (Intel Panther Point HM76, Intel Sandy Bridge)
	WLAN: Intel PRO/Wireless	No
	System: Centrino Compliant	No

Centrino (Sonoma) Platform Compliancy:
	CPU: Intel Pentium M (Dothan)	No (Mobile Intel Core i3-2370M)
	Chipset: Intel i915GM/PM	No (Intel Panther Point HM76, Intel Sandy Bridge)
	WLAN: Intel PRO/Wireless 2200/2915	No
	System: Centrino Compliant	No

Centrino (Napa) Platform Compliancy:
	CPU: Intel Core (Yonah) / Core 2 (Merom)	No (Mobile Intel Core i3-2370M)
	Chipset: Intel i945GM/PM	No (Intel Panther Point HM76, Intel Sandy Bridge)
	WLAN: Intel PRO/Wireless 3945/3965	No
	System: Centrino Compliant	No

Centrino (Santa Rosa) Platform Compliancy:
	CPU: Intel Core 2 (Merom/Penryn)	No (Mobile Intel Core i3-2370M)
	Chipset: Intel GM965/PM965	No (Intel Panther Point HM76, Intel Sandy Bridge)
	WLAN: Intel Wireless WiFi Link 4965	No
	System: Centrino Compliant	No

Centrino 2 (Montevina) Platform Compliancy:
	CPU: Intel Core 2 (Penryn)	No (Mobile Intel Core i3-2370M)
	Chipset: Mobile Intel 4 Series	No (Intel Panther Point HM76, Intel Sandy Bridge)
	WLAN: Intel WiFi Link 5000 Series	No
	System: Centrino 2 Compliant	No

Centrino (Calpella) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Arrandale/Clarksfield)	No (Mobile Intel Core i3-2370M)
	Chipset: Mobile Intel 5 Series	No (Intel Panther Point HM76, Intel Sandy Bridge)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Centrino (Huron River) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Sandy Bridge-MB)	Yes (Mobile Intel Core i3-2370M)
	Chipset: Mobile Intel 6 Series	No (Intel Panther Point HM76, Intel Sandy Bridge)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Centrino (Chief River) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Ivy Bridge-MB)	No (Mobile Intel Core i3-2370M)
	Chipset: Mobile Intel 7 Series	Yes (Intel Panther Point HM76, Intel Sandy Bridge)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Centrino (Shark Bay-MB) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Haswell-MB)	No (Mobile Intel Core i3-2370M)
	Chipset: Mobile Intel 8/9 Series	No (Intel Panther Point HM76, Intel Sandy Bridge)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Sensor


Sensor Properties:
	Sensor Type	CPU, HDD, Asus NB ACPI, PCH, SNB

Temperatures:
	CPU	55 °C (131 °F)
	CPU Package	61 °C (142 °F)
	CPU IA Cores	61 °C (142 °F)
	CPU GT Cores	52 °C (126 °F)
	CPU #1 / Core #1	61 °C (142 °F)
	CPU #1 / Core #2	55 °C (131 °F)
	PCH Diode	61 °C (141 °F)
	WDC WD5000LPVT-80G33T2	33 °C (91 °F)

Cooling Fans:
	CPU	2200 RPM

Voltage Values:
	CPU Core	1.126 V
	Battery	10.800 V

Power Values:
	CPU Package	17.60 W
	CPU IA Cores	5.40 W
	CPU GT Cores	0.13 W
	CPU Uncore	12.07 W
	Battery Charge Rate	-27.95 W

CPU


CPU Properties:
	CPU Type	Mobile DualCore Intel Core i3-2370M, 2400 MHz (24 x 100)
	CPU Alias	Sandy Bridge-MB
	CPU Stepping	D2
	Instruction Set	x86, x86-64, MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AVX
	Original Clock	2400 MHz
	Min / Max CPU Multiplier	8x / 24x
	Engineering Sample	No
	L1 Code Cache	32 KB per core
	L1 Data Cache	32 KB per core
	L2 Cache	256 KB per core (On-Die, ECC, Full-Speed)
	L3 Cache	3 MB (On-Die, ECC, Full-Speed)

CPU Physical Info:
	Package Type	1023/1224 Ball BGA
	Package Size	31 mm x 24 mm
	Transistors	624 million
	Process Technology	32 nm, CMOS, Cu, High-K + Metal Gate
	Die Size	149 mm2
	Typical Power	35 W

CPU Manufacturer:
	Company Name	Intel Corporation
	Product Information	http://ark.intel.com/search.aspx?q=Intel Core i3-2370M
	Driver Update	http://www.aida64.com/driver-updates

Multi CPU:
	Motherboard ID	Notebook _ASUS_
	CPU #1	Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz, 2395 MHz
	CPU #2	Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz, 2395 MHz
	CPU #3	Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz, 2395 MHz
	CPU #4	Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz, 2395 MHz

CPU Utilization:
	CPU #1 / Core #1 / HTT Unit #1	33%
	CPU #1 / Core #1 / HTT Unit #2	33%
	CPU #1 / Core #2 / HTT Unit #1	33%
	CPU #1 / Core #2 / HTT Unit #2	0%

CPUID


CPUID Properties:
	CPUID Manufacturer	GenuineIntel
	CPUID CPU Name	Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
	CPUID Revision	000206A7h
	IA Brand ID	00h (Unknown)
	Platform ID	2Ah / MC 10h (BGA1023/BGA1224)
	Microcode Update Revision	29h
	HTT / CMP Units	2 / 2
	Tjmax Temperature	100 °C (212 °F)
	CPU Thermal Design Power	35 W
	CPU IA Cores Thermal Design Current	112 A
	CPU GT Cores Thermal Design Current	46 A
	CPU Max Power Limit	44 W / 32.00 sec
	CPU Power Limit 1 (Long Duration)	35 W / 32.00 sec (Locked)
	CPU Power Limit 2 (Short Duration)	43.8 W / Unlimited Time (Locked)

Instruction Set:
	64-bit x86 Extension (AMD64, Intel64)	Supported
	AMD 3DNow!	Not Supported
	AMD 3DNow! Professional	Not Supported
	AMD 3DNowPrefetch	Not Supported
	AMD Enhanced 3DNow!	Not Supported
	AMD Extended MMX	Not Supported
	AMD FMA4	Not Supported
	AMD MisAligned SSE	Not Supported
	AMD SSE4A	Not Supported
	AMD XOP	Not Supported
	Cyrix Extended MMX	Not Supported
	Enhanced REP MOVSB/STOSB	Not Supported
	Float-16 Conversion Instructions	Not Supported
	IA-64	Not Supported
	IA AES Extensions	Not Supported
	IA AVX	Supported, Enabled
	IA AVX2	Not Supported
	IA AVX-512 (AVX512F)	Not Supported
	IA AVX-512 52-bit Integer Instructions (AVX512IFMA52)	Not Supported
	IA AVX-512 Byte and Word Instructions (AVX512BW)	Not Supported
	IA AVX-512 Conflict Detection Instructions (AVX512CD)	Not Supported
	IA AVX-512 Doubleword and Quadword Instructions (AVX512DQ)	Not Supported
	IA AVX-512 Exponential and Reciprocal Instructions (AVX512ER)	Not Supported
	IA AVX-512 Prefetch Instructions (AVX512PF)	Not Supported
	IA AVX-512 Vector Bit Manipulation Instructions (AVX512VBMI)	Not Supported
	IA AVX-512 Vector Length Extensions (AVX512VL)	Not Supported
	IA BMI1	Not Supported
	IA BMI2	Not Supported
	IA FMA	Not Supported
	IA MMX	Supported
	IA SHA Extensions	Not Supported
	IA SSE	Supported
	IA SSE2	Supported
	IA SSE3	Supported
	IA Supplemental SSE3	Supported
	IA SSE4.1	Supported
	IA SSE4.2	Supported
	VIA Alternate Instruction Set	Not Supported
	ADCX / ADOX Instruction	Not Supported
	CLFLUSH Instruction	Supported
	CLFLUSHOPT Instruction	Not Supported
	CLWB Instruction	Not Supported
	CMPXCHG8B Instruction	Supported
	CMPXCHG16B Instruction	Supported
	Conditional Move Instruction	Supported
	INVPCID Instruction	Not Supported
	LAHF / SAHF Instruction	Supported
	LZCNT Instruction	Not Supported
	MONITOR / MWAIT Instruction	Supported
	MONITORX / MWAITX Instruction	Not Supported
	MOVBE Instruction	Not Supported
	PCLMULQDQ Instruction	Supported
	PCOMMIT Instruction	Not Supported
	POPCNT Instruction	Supported
	PREFETCHWT1 Instruction	Not Supported
	RDFSBASE / RDGSBASE / WRFSBASE / WRGSBASE Instruction	Not Supported
	RDRAND Instruction	Not Supported
	RDSEED Instruction	Not Supported
	RDTSCP Instruction	Supported
	SKINIT / STGI Instruction	Not Supported
	SYSCALL / SYSRET Instruction	Not Supported
	SYSENTER / SYSEXIT Instruction	Supported
	Trailing Bit Manipulation Instructions	Not Supported
	VIA FEMMS Instruction	Not Supported

Security Features:
	Advanced Cryptography Engine (ACE)	Not Supported
	Advanced Cryptography Engine 2 (ACE2)	Not Supported
	Data Execution Prevention (DEP, NX, EDB)	Supported
	Hardware Random Number Generator (RNG)	Not Supported
	Hardware Random Number Generator 2 (RNG2)	Not Supported
	Memory Protection Extensions (MPX)	Not Supported
	PadLock Hash Engine (PHE)	Not Supported
	PadLock Hash Engine 2 (PHE2)	Not Supported
	PadLock Montgomery Multiplier (PMM)	Not Supported
	PadLock Montgomery Multiplier 2 (PMM2)	Not Supported
	Processor Serial Number (PSN)	Not Supported
	Safer Mode Extensions (SMX)	Not Supported
	Software Guard Extensions (SGX)	Not Supported
	Supervisor Mode Access Prevention (SMAP)	Not Supported
	Supervisor Mode Execution Protection (SMEP)	Not Supported

Power Management Features:
	Application Power Management (APM)	Not Supported
	Automatic Clock Control	Supported
	Core C6 State (CC6)	Not Supported
	Digital Thermometer	Supported
	Dynamic FSB Frequency Switching	Not Supported
	Enhanced Halt State (C1E)	Supported, Enabled
	Enhanced SpeedStep Technology (EIST, ESS)	Supported, Enabled
	Frequency ID Control	Not Supported
	Hardware P-State Control	Not Supported
	Hardware Thermal Control (HTC)	Not Supported
	LongRun	Not Supported
	LongRun Table Interface	Not Supported
	Overstress	Not Supported
	Package C6 State (PC6)	Not Supported
	Parallax	Not Supported
	PowerSaver 1.0	Not Supported
	PowerSaver 2.0	Not Supported
	PowerSaver 3.0	Not Supported
	Processor Duty Cycle Control	Supported
	Software Thermal Control	Not Supported
	Temperature Sensing Diode	Not Supported
	Thermal Monitor 1	Supported
	Thermal Monitor 2	Supported
	Thermal Monitor 3	Not Supported
	Thermal Monitoring	Not Supported
	Thermal Trip	Not Supported
	Voltage ID Control	Not Supported

Virtualization Features:
	Extended Page Table (EPT)	Supported
	Hypervisor	Not Present
	INVEPT Instruction	Supported
	INVVPID Instruction	Supported
	Nested Paging (NPT, RVI)	Not Supported
	Secure Virtual Machine (SVM, Pacifica)	Not Supported
	Virtual Machine Extensions (VMX, Vanderpool)	Supported
	Virtual Processor ID (VPID)	Supported

CPUID Features:
	1 GB Page Size	Not Supported
	36-bit Page Size Extension	Supported
	64-bit DS Area	Supported
	Adaptive Overclocking	Not Supported
	Address Region Registers (ARR)	Not Supported
	Configurable TDP (cTDP)	Not Supported
	Core Performance Boost (CPB)	Not Supported
	Core Performance Counters	Not Supported
	CPL Qualified Debug Store	Supported
	Data Breakpoint Extension	Not Supported
	Debug Trace Store	Supported
	Debugging Extension	Supported
	Deprecated FPU CS and FPU DS	Not Supported
	Direct Cache Access	Not Supported
	Dynamic Acceleration Technology (IDA)	Not Supported
	Dynamic Configurable TDP (DcTDP)	Not Supported
	Extended APIC Register Space	Not Supported
	Fast Save & Restore	Supported
	Hardware Lock Elision (HLE)	Not Supported
	Hybrid Boost	Not Supported
	Hyper-Threading Technology (HTT)	Supported, Enabled
	Instruction Based Sampling	Not Supported
	Invariant Time Stamp Counter	Supported
	L1 Context ID	Not Supported
	L2I Performance Counters	Not Supported
	Lightweight Profiling	Not Supported
	Local APIC On Chip	Supported
	Machine Check Architecture (MCA)	Supported
	Machine Check Exception (MCE)	Supported
	Memory Configuration Registers (MCR)	Not Supported
	Memory Type Range Registers (MTRR)	Supported
	Model Specific Registers (MSR)	Supported
	NB Performance Counters	Not Supported
	Page Attribute Table (PAT)	Supported
	Page Global Extension	Supported
	Page Size Extension (PSE)	Supported
	Pending Break Event (PBE)	Supported
	Performance Time Stamp Counter (PTSC)	Not Supported
	Physical Address Extension (PAE)	Supported
	Platform Quality of Service Enforcement (PQE)	Not Supported
	Platform Quality of Service Monitoring (PQM)	Not Supported
	Process Context Identifiers (PCID)	Supported
	Processor Feedback Interface	Not Supported
	Processor Trace (PT)	Not Supported
	Restricted Transactional Memory (RTM)	Not Supported
	Self-Snoop	Supported
	Time Stamp Counter (TSC)	Supported
	Turbo Boost	Not Supported
	Virtual Mode Extension	Supported
	Watchdog Timer	Not Supported
	x2APIC	Supported, Disabled
	XGETBV / XSETBV OS Enabled	Supported
	XSAVE / XRSTOR / XSETBV / XGETBV Extended States	Supported
	XSAVEOPT	Supported

CPUID Registers (CPU #1):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000206A7-00100800-1DBAE3BF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000 [SL 00]
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000 [SL 01]
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000 [SL 02]
	CPUID 00000004	1C03C163-02C0003F-00000FFF-00000006 [SL 03]
	CPUID 00000005	00000040-00000040-00000003-00021120
	CPUID 00000006	00000075-00000002-00000009-00000000
	CPUID 00000007	00000000-00000000-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000000 [SL 00]
	CPUID 0000000B	00000004-00000004-00000201-00000000 [SL 01]
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000 [SL 00]
	CPUID 0000000D	00000001-00000000-00000000-00000000 [SL 01]
	CPUID 0000000D	00000100-00000240-00000000-00000000 [SL 02]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-49202020-6C65746E-20295228 [ Intel(R) ]
	CPUID 80000003	65726F43-294D5428-2D336920-30373332 [Core(TM) i3-2370]
	CPUID 80000004	5043204D-20402055-30342E32-007A4847 [M CPU @ 2.40GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #2 Virtual):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000206A7-01100800-1DBAE3BF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000 [SL 00]
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000 [SL 01]
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000 [SL 02]
	CPUID 00000004	1C03C163-02C0003F-00000FFF-00000006 [SL 03]
	CPUID 00000005	00000040-00000040-00000003-00021120
	CPUID 00000006	00000075-00000002-00000009-00000000
	CPUID 00000007	00000000-00000000-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000001 [SL 00]
	CPUID 0000000B	00000004-00000004-00000201-00000001 [SL 01]
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000 [SL 00]
	CPUID 0000000D	00000001-00000000-00000000-00000000 [SL 01]
	CPUID 0000000D	00000100-00000240-00000000-00000000 [SL 02]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-49202020-6C65746E-20295228 [ Intel(R) ]
	CPUID 80000003	65726F43-294D5428-2D336920-30373332 [Core(TM) i3-2370]
	CPUID 80000004	5043204D-20402055-30342E32-007A4847 [M CPU @ 2.40GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #3):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000206A7-02100800-1DBAE3BF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000 [SL 00]
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000 [SL 01]
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000 [SL 02]
	CPUID 00000004	1C03C163-02C0003F-00000FFF-00000006 [SL 03]
	CPUID 00000005	00000040-00000040-00000003-00021120
	CPUID 00000006	00000075-00000002-00000009-00000000
	CPUID 00000007	00000000-00000000-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000002 [SL 00]
	CPUID 0000000B	00000004-00000004-00000201-00000002 [SL 01]
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000 [SL 00]
	CPUID 0000000D	00000001-00000000-00000000-00000000 [SL 01]
	CPUID 0000000D	00000100-00000240-00000000-00000000 [SL 02]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-49202020-6C65746E-20295228 [ Intel(R) ]
	CPUID 80000003	65726F43-294D5428-2D336920-30373332 [Core(TM) i3-2370]
	CPUID 80000004	5043204D-20402055-30342E32-007A4847 [M CPU @ 2.40GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #4 Virtual):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000206A7-03100800-1DBAE3BF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000 [SL 00]
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000 [SL 01]
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000 [SL 02]
	CPUID 00000004	1C03C163-02C0003F-00000FFF-00000006 [SL 03]
	CPUID 00000005	00000040-00000040-00000003-00021120
	CPUID 00000006	00000075-00000002-00000009-00000000
	CPUID 00000007	00000000-00000000-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000003 [SL 00]
	CPUID 0000000B	00000004-00000004-00000201-00000003 [SL 01]
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000 [SL 00]
	CPUID 0000000D	00000001-00000000-00000000-00000000 [SL 01]
	CPUID 0000000D	00000100-00000240-00000000-00000000 [SL 02]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-49202020-6C65746E-20295228 [ Intel(R) ]
	CPUID 80000003	65726F43-294D5428-2D336920-30373332 [Core(TM) i3-2370]
	CPUID 80000004	5043204D-20402055-30342E32-007A4847 [M CPU @ 2.40GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

MSR Registers:
	MSR 00000017	0010-0000-0000-0000 [PlatID = 4]
	MSR 0000001B	0000-0000-FEE0-0900
	MSR 00000035	0000-0000-0002-0004
	MSR 0000008B	0000-0029-0000-0000
	MSR 000000CE	0000-0800-6001-1800
	MSR 000000E7	0000-0000-0000-F9AC [S200]
	MSR 000000E7	0000-0000-0093-BC70
	MSR 000000E7	0000-0000-021A-FDE0 [S200]
	MSR 000000E8	0000-0000-0005-27AC
	MSR 000000E8	0000-0000-0033-B69C [S200]
	MSR 000000E8	0000-0000-0093-F2DF [S200]
	MSR 00000194	0000-0000-0001-0000
	MSR 00000198	0000-2407-0000-1800
	MSR 00000198	0000-2407-0000-1800 [S200]
	MSR 00000198	0000-2407-0000-1800 [S200]
	MSR 00000199	0000-0000-0000-1800
	MSR 0000019A	0000-0000-0000-0000
	MSR 0000019B	0000-0000-0000-0000
	MSR 0000019C	0000-0000-8827-0008
	MSR 0000019C	0000-0000-8828-0008 [S200]
	MSR 0000019C	0000-0000-882A-0008 [S200]
	MSR 0000019D	0000-0000-0000-0000
	MSR 000001A0	0000-0000-0085-0089
	MSR 000001A2	0000-0000-0064-0E00
	MSR 000001A4	0000-0000-0000-0000
	MSR 000001AA	0000-0000-0040-0000
	MSR 000001AC	< FAILED >
	MSR 000001AD	0000-0000-1818-1818
	MSR 000001B0	0000-0000-0000-0009
	MSR 000001B1	0000-0000-8827-0008
	MSR 000001B2	0000-0000-0000-0000
	MSR 000001FC	0000-0000-0004-005F
	MSR 00000300	< FAILED >
	MSR 00000480	00DA-0400-0000-0010
	MSR 00000481	0000-007F-0000-0016
	MSR 00000482	FFF9-FFFE-0401-E172
	MSR 00000483	007F-FFFF-0003-6DFF
	MSR 00000484	0000-FFFF-0000-11FF
	MSR 00000485	0000-0000-1004-01E5
	MSR 00000486	0000-0000-8000-0021
	MSR 00000487	0000-0000-FFFF-FFFF
	MSR 00000488	0000-0000-0000-2000
	MSR 00000489	0000-0000-0006-27FF
	MSR 0000048A	0000-0000-0000-002A
	MSR 0000048B	0000-00FF-0000-0000
	MSR 0000048C	0000-0F01-0611-4141
	MSR 0000048D	0000-007F-0000-0016
	MSR 0000048E	FFF9-FFFE-0400-6172
	MSR 0000048F	007F-FFFF-0003-6DFB
	MSR 00000490	0000-FFFF-0000-11FB
	MSR 00000601	1814-1494-8000-0380
	MSR 00000602	1814-1494-8000-0170
	MSR 00000603	0000-0000-8030-3030
	MSR 00000604	0000-0000-8064-6464
	MSR 00000606	0000-0000-000A-1003
	MSR 0000060A	0000-0000-0000-8850
	MSR 0000060B	0000-0000-0000-8868
	MSR 0000060C	0000-0000-0000-886D
	MSR 0000060D	0000-000C-BDA2-5B80
	MSR 00000610	8000-815E-001E-8118
	MSR 00000611	0000-0000-1D0C-B54C [S200]
	MSR 00000611	0000-0000-1D0E-8199 [S200]
	MSR 00000611	0000-0000-1D11-5FFE
	MSR 00000613	< FAILED >
	MSR 00000614	000F-0160-00C0-0118
	MSR 00000618	< FAILED >
	MSR 00000619	< FAILED >
	MSR 0000061B	< FAILED >
	MSR 0000061C	< FAILED >
	MSR 00000638	0000-0000-0000-0000
	MSR 00000639	0000-0000-0EA9-EE01 [S200]
	MSR 00000639	0000-0000-0EAC-00D1 [S200]
	MSR 00000639	0000-0000-0EAE-116A
	MSR 0000063A	0000-0000-0000-0000
	MSR 0000063B	< FAILED >
	MSR 00000640	0000-0000-0000-0000
	MSR 00000641	0000-0000-01DB-EDA6 [S200]
	MSR 00000641	0000-0000-01DB-F74C [S200]
	MSR 00000641	0000-0000-01DC-010B
	MSR 00000642	0000-0000-0000-0018

Motherboard


Motherboard Properties:
	Motherboard ID	63-0100-000001-00101111-020612-Chipset$1APTJ013_BIOS DATE: 05/14/13 11:04:29 VER: 04.06.05
	Motherboard Name	Asus X45C Series Notebook

Front Side Bus Properties:
	Bus Type	BCLK
	Real Clock	100 MHz
	Effective Clock	100 MHz

Memory Bus Properties:
	Bus Type	Dual DDR3 SDRAM
	Bus Width	128-bit
	DRAM:FSB Ratio	20:3
	Real Clock	667 MHz (DDR)
	Effective Clock	1333 MHz
	Bandwidth	21333 MB/s

Chipset Bus Properties:
	Bus Type	Intel Direct Media Interface v2.0

Motherboard Manufacturer:
	Company Name	ASUSTeK Computer Inc.
	Product Information	http://www.asus.com/Motherboards
	BIOS Download	http://support.asus.com/download/download.aspx?SLanguage=en-us
	Driver Update	http://www.aida64.com/driver-updates
	BIOS Upgrades	http://www.aida64.com/bios-updates

Memory


Physical Memory:
	Total	5580 MB
	Used	2671 MB
	Free	2909 MB
	Utilization	48 %

Swap Space:
	Total	7180 MB
	Used	2711 MB
	Free	4469 MB
	Utilization	38 %

Virtual Memory:
	Total	12759 MB
	Used	5382 MB
	Free	7378 MB
	Utilization	42 %

Paging File:
	Paging File	C:\pagefile.sys
	Current Size	1600 MB
	Current / Peak Usage	96 MB / 151 MB
	Utilization	6 %

Physical Address Extension (PAE):
	Supported by Operating System	Yes
	Supported by CPU	Yes
	Active	Yes

SPD


[ DIMM1: Samsung M471B5273DH0-CH9 ]

	Memory Module Properties:
		Module Name	Samsung M471B5273DH0-CH9
		Serial Number	0099B3F7h (4155742464)
		Manufacture Date	Week 4 / 2012
		Module Size	4 GB (2 ranks, 8 banks)
		Module Type	SO-DIMM
		Memory Type	DDR3 SDRAM
		Memory Speed	DDR3-1333 (667 MHz)
		Module Width	64 bit
		Module Voltage	1.5 V
		Error Detection Method	None
		Refresh Rate	Normal (7.8 us)
		DRAM Manufacturer	Samsung

	Memory Timings:
		@ 666 MHz	9-9-9-24 (CL-RCD-RP-RAS) / 33-107-4-10-5-5-20 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 609 MHz	8-8-8-22 (CL-RCD-RP-RAS) / 30-98-4-10-5-5-19 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 533 MHz	7-7-7-20 (CL-RCD-RP-RAS) / 27-86-4-8-4-4-16 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 457 MHz	6-6-6-17 (CL-RCD-RP-RAS) / 23-74-3-7-4-4-14 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 380 MHz	5-5-5-14 (CL-RCD-RP-RAS) / 19-61-3-6-3-3-12 (RC-RFC-RRD-WR-WTR-RTP-FAW)

	Memory Module Features:
		Auto Self Refresh (ASR)	Not Supported
		DLL-Off Mode	Supported
		Extended Temperature Range	Supported
		Extended Temperature Refresh Rate	Not Supported
		On-Die Thermal Sensor Readout (ODTS)	Not Supported
		Partial Array Self Refresh (PASR)	Not Supported
		RZQ/6	Supported
		RZQ/7	Supported

	Memory Module Manufacturer:
		Company Name	Samsung
		Product Information	http://www.samsung.com/global/business/semiconductor

Chipset


[ North Bridge: Intel Sandy Bridge-MB IMC ]

	North Bridge Properties:
		North Bridge	Intel Sandy Bridge-MB IMC
		Supported Memory Types	DDR3-1066, DDR3-1333 SDRAM
		Maximum Memory Amount	16 GB
		Revision	09
		Process Technology	32 nm
		VT-d	Not Supported
		Extended APIC (x2APIC)	Supported

	Memory Controller:
		Type	Dual Channel (128-bit)
		Active Mode	Dual Channel (128-bit)

	Memory Timings:
		CAS Latency (CL)	9T
		RAS To CAS Delay (tRCD)	9T
		RAS Precharge (tRP)	9T
		RAS Active Time (tRAS)	24T
		Row Refresh Cycle Time (tRFC)	107T
		Command Rate (CR)	1T
		RAS To RAS Delay (tRRD)	4T
		Write Recovery Time (tWR)	10T
		Read To Read Delay (tRTR)	Same Rank: 4T, Different Rank: 1T, Different DIMM: 3T
		Read To Write Delay (tRTW)	Same Rank: 3T, Different Rank: 3T, Different DIMM: 3T
		Write To Read Delay (tWTR)	5T, Different Rank: 1T, Different DIMM: 1T
		Write To Write Delay (tWTW)	Same Rank: 4T, Different Rank: 3T, Different DIMM: 4T
		Read To Precharge Delay (tRTP)	5T
		Four Activate Window Delay (tFAW)	20T
		Write CAS Latency (tWCL)	7T
		CKE Min. Pulse Width (tCKE)	4T
		Refresh Period (tREF)	5200T
		Round Trip Latency (tRTL)	DIMM1: 33T, DIMM2: 32T, DIMM3: 32T, DIMM4: 32T
		I/O Latency (tIOL)	DIMM1: 1T, DIMM2: 0T, DIMM3: 0T, DIMM4: 0T
		Burst Length (BL)	8

	Error Correction:
		ECC	Not Supported
		ChipKill ECC	Not Supported
		RAID	Not Supported
		ECC Scrubbing	Not Supported

	Memory Slots:
		DRAM Slot #1	4 GB (DDR3-1333 DDR3 SDRAM)
		DRAM Slot #2	2 GB (DDR3-1333 DDR3 SDRAM)

	Integrated Graphics Controller:
		Graphics Controller Type	Intel HD Graphics 3000
		Graphics Controller Status	Enabled
		Graphics Frame Buffer Size	512 MB

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ South Bridge: Intel Panther Point HM76 ]

	South Bridge Properties:
		South Bridge	Intel Panther Point HM76
		Revision / Stepping	04 / C1
		Package Type	989 Pin FC-BGA
		Package Size	25 mm x 25 mm
		Process Technology	65 nm
		Die Size	100.73 mm2
		Core Voltage	1.05 V
		TDP	4.1 W

	High Definition Audio:
		Codec Name	Realtek ALC270
		Codec ID	10EC0270h / 10431567h
		Codec Revision	1001h
		Codec Type	Audio

	High Definition Audio:
		Codec Name	Intel Panther Point HDMI
		Codec ID	80862806h / 80860101h
		Codec Revision	1000h
		Codec Type	Audio

	PCI Express Controller:
		PCI-E 2.0 x1 port #1	Empty
		PCI-E 2.0 x1 port #2	In Use @ x1 (Atheros AR9485 Wireless Network Adapter)
		PCI-E 2.0 x1 port #4	In Use @ x1 (Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter, Realtek RTS5289 PCI-E Card Reader)

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

BIOS


BIOS Properties:
	BIOS Type	AMI
	BIOS Version	X45C.208
	System BIOS Date	02/06/12
	Video BIOS Date	03/14/12

BIOS Manufacturer:
	Company Name	American Megatrends Inc.
	Product Information	http://www.ami.com/amibios
	BIOS Upgrades	http://www.aida64.com/bios-updates

ACPI


[ APIC: Multiple APIC Description Table ]

	ACPI Table Properties:
		ACPI Signature	APIC
		Table Description	Multiple APIC Description Table
		Memory Address	BE8A0468h
		Table Length	114 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h
		Local APIC Address	FEE00000h

	Processor Local APIC:
		ACPI Processor ID	01h
		APIC ID	00h
		Status	Enabled

	Processor Local APIC:
		ACPI Processor ID	02h
		APIC ID	02h
		Status	Enabled

	Processor Local APIC:
		ACPI Processor ID	03h
		APIC ID	01h
		Status	Enabled

	Processor Local APIC:
		ACPI Processor ID	04h
		APIC ID	03h
		Status	Enabled

	I/O APIC:
		I/O APIC ID	02h
		I/O APIC Address	FEC00000h
		Global System Interrupt Base	00000000h

	Interrupt Source Override:
		Bus	ISA
		Source	IRQ0
		Global System Interrupt	00000002h
		Polarity	Conforms to the specifications of the bus
		Trigger Mode	Conforms to the specifications of the bus

	Interrupt Source Override:
		Bus	ISA
		Source	IRQ9
		Global System Interrupt	00000009h
		Polarity	Active High
		Trigger Mode	Level-Triggered

	Local APIC NMI:
		ACPI Processor ID	FFh
		Local ACPI LINT#	01h
		Polarity	Active High
		Trigger Mode	Edge-Triggered

[ DSDT: Differentiated System Description Table ]

	ACPI Table Properties:
		ACPI Signature	DSDT
		Table Description	Differentiated System Description Table
		Memory Address	BE88F188h
		Table Length	70096 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	00000013h
		Creator ID	INTL
		Creator Revision	20091112h

	nVIDIA SLI:
		SLI Certification	Not Present
		PCI 0-0-0-0 (Direct I/O)	8086-0104 (Intel)
		PCI 0-0-0-0 (HAL)	8086-0104 (Intel)

	Lucid Virtu:
		Virtu Certification	Not Present

[ ECDT: Embedded Controller Boot Resources Table ]

	ACPI Table Properties:
		ACPI Signature	ECDT
		Table Description	Embedded Controller Boot Resources Table
		Memory Address	BE8A0528h
		Table Length	193 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI.
		Creator Revision	00000005h

[ FACP: Fixed ACPI Description Table ]

	ACPI Table Properties:
		ACPI Signature	FACP
		Table Description	Fixed ACPI Description Table
		Memory Address	BE88F100h
		Table Length	132 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h
		FACS Address	BE8B6040h
		DSDT Address	BE88F188h
		SMI Command Port	000000B2h
		PM Timer	00000408h

[ FACP: Fixed ACPI Description Table ]

	ACPI Table Properties:
		ACPI Signature	FACP
		Table Description	Fixed ACPI Description Table
		Memory Address	00000000-BE8A0358h
		Table Length	268 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h
		FACS Address	BE8B6080h / 00000000-00000000h
		DSDT Address	BE88F188h / 00000000-BE88F188h
		SMI Command Port	000000B2h
		PM Timer	00000408h

[ FACS: Firmware ACPI Control Structure ]

	ACPI Table Properties:
		ACPI Signature	FACS
		Table Description	Firmware ACPI Control Structure
		Memory Address	BE8B6040h
		Table Length	64 bytes
		Hardware Signature	00000000h
		Waking Vector	00000000h
		Global Lock	00000000h

[ FBPT: Firmware Basic Boot Performance Table ]

	ACPI Table Properties:
		ACPI Signature	FBPT
		Table Description	Firmware Basic Boot Performance Table
		Memory Address	00000000-BE122038h
		Table Length	56 bytes

[ FPDT: Firmware Performance Data Table ]

	ACPI Table Properties:
		ACPI Signature	FPDT
		Table Description	Firmware Performance Data Table
		Memory Address	BE8A04E0h
		Table Length	68 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h
		FBPT Address	00000000-BE122038h
		S3PT Address	00000000-BE122018h

[ HPET: IA-PC High Precision Event Timer Table ]

	ACPI Table Properties:
		ACPI Signature	HPET
		Table Description	IA-PC High Precision Event Timer Table
		Memory Address	BE8A0630h
		Table Length	56 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI.
		Creator Revision	00000005h
		HPET Address	00000000-FED00000h
		Vendor ID	8086h
		Revision ID	01h
		Number of Timers	8
		Counter Size	64-bit
		Minimum Clock Ticks	14318
		Page Protection	No Guarantee
		OEM Attribute	0h
		LegacyReplacement IRQ Routing	Supported

[ MCFG: Memory Mapped Configuration Space Base Address Description Table ]

	ACPI Table Properties:
		ACPI Signature	MCFG
		Table Description	Memory Mapped Configuration Space Base Address Description Table
		Memory Address	BE8A05F0h
		Table Length	60 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	MSFT
		Creator Revision	00000097h
		Config Space Address	00000000-F8000000h
		PCI Segment	0000h
		Start Bus Number	00h
		End Bus Number	3Fh

[ RSD PTR: Root System Description Pointer ]

	ACPI Table Properties:
		ACPI Signature	RSD PTR
		Table Description	Root System Description Pointer
		Memory Address	000F0000h
		Table Length	36 bytes
		OEM ID	_ASUS_
		RSDP Revision	2 (ACPI 2.0+)
		RSDT Address	BE88F028h
		XSDT Address	00000000-BE88F078h

[ RSDT: Root System Description Table ]

	ACPI Table Properties:
		ACPI Signature	RSDT
		Table Description	Root System Description Table
		Memory Address	BE88F028h
		Table Length	76 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	MSFT
		Creator Revision	00010013h
		RSDT Entry #0	BE88F100h (FACP)
		RSDT Entry #1	BE8A0468h (APIC)
		RSDT Entry #2	BE8A04E0h (FPDT)
		RSDT Entry #3	BE8A0528h (ECDT)
		RSDT Entry #4	BE8A05F0h (MCFG)
		RSDT Entry #5	BE8A0630h (HPET)
		RSDT Entry #6	BE8A0668h (SSDT)
		RSDT Entry #7	BE8A0CA0h (SSDT)
		RSDT Entry #8	BE8A1140h (SSDT)
		RSDT Entry #9	BE8A1B10h (SSDT)

[ S3PT: S3 Performance Table ]

	ACPI Table Properties:
		ACPI Signature	S3PT
		Table Description	S3 Performance Table
		Memory Address	00000000-BE122018h
		Table Length	32 bytes

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	BE8A0668h
		Table Length	1586 bytes
		OEM ID	AhciR1
		OEM Table ID	AhciTab1
		OEM Revision	00001000h
		Creator ID	INTL
		Creator Revision	20091112h

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	BE8A0CA0h
		Table Length	1182 bytes
		OEM ID	AhciR2
		OEM Table ID	AhciTab2
		OEM Revision	00001000h
		Creator ID	INTL
		Creator Revision	20091112h

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	BE8A1140h
		Table Length	2512 bytes
		OEM ID	PmRef
		OEM Table ID	Cpu0Ist
		OEM Revision	00003000h
		Creator ID	INTL
		Creator Revision	20051117h

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	BE8A1B10h
		Table Length	2706 bytes
		OEM ID	PmRef
		OEM Table ID	CpuPm
		OEM Revision	00003000h
		Creator ID	INTL
		Creator Revision	20051117h

[ XSDT: Extended System Description Table ]

	ACPI Table Properties:
		ACPI Signature	XSDT
		Table Description	Extended System Description Table
		Memory Address	00000000-BE88F078h
		Table Length	116 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h
		XSDT Entry #0	00000000-BE8A0358h (FACP)
		XSDT Entry #1	00000000-BE8A0468h (APIC)
		XSDT Entry #2	00000000-BE8A04E0h (FPDT)
		XSDT Entry #3	00000000-BE8A0528h (ECDT)
		XSDT Entry #4	00000000-BE8A05F0h (MCFG)
		XSDT Entry #5	00000000-BE8A0630h (HPET)
		XSDT Entry #6	00000000-BE8A0668h (SSDT)
		XSDT Entry #7	00000000-BE8A0CA0h (SSDT)
		XSDT Entry #8	00000000-BE8A1140h (SSDT)
		XSDT Entry #9	00000000-BE8A1B10h (SSDT)

Operating System


Operating System Properties:
	OS Name	Microsoft Windows 8.1 Professional
	OS Language	Tie?ng Vie?t (Vie?t Nam)
	OS Installer Language	Tie?ng Anh (My?)
	OS Kernel Type	Multiprocessor Free (64-bit)
	OS Version	6.3.10041.0
	OS Service Pack	-
	OS Installation Date	31/03/2015
	OS Root	C:\Windows

License Information:
	Registered Owner	Quanravita
	Registered Organization
	Product ID	00137-10010-52743-AA225
	Product Key	NKJFK-GPHP7-G8C3J-P6JXR-HQRJR
	Product Activation (WPA)	Not Required

Current Session:
	Computer Name	WIN-8FFL85VFQP9
	User Name	Quanravita
	Logon Domain	WIN-8FFL85VFQP9
	UpTime	348350 sec (4 days, 0 hours, 45 min, 50 sec)

Components Version:
	Common Controls	6.16
	Windows Mail	10.0.10041.0 (fbl_impressive.150313-1821)
	Windows Media Player	12.0.10041.0 (fbl_impressive.150313-1821)
	Windows Messenger	-
	MSN Messenger	-
	Internet Information Services (IIS)	-
	.NET Framework	4.6.42.0 built by: NETFXREL1
	Novell Client	-
	DirectX	DirectX 12.0
	OpenGL	10.0.10041.0 (fbl_impressive.150313-1821)
	ASPI	-

Operating System Features:
	Debug Version	No
	DBCS Version	No
	Domain Controller	No
	Security Present	No
	Network Present	Yes
	Remote Session	No
	Safe Mode	No
	Slow Processor	No
	Terminal Services	Yes

Processes


Process Name	Process File Name	Type	Used Memory	Used Swap
aida64.exe	C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe	32-bit	73028 KB	59 KB
ApplicationFrameHost.exe	C:\Windows\system32\ApplicationFrameHost.exe	64-bit	41724 KB	32 KB
AsLdrSrv.exe	C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe	32-bit	3880 KB	0 KB
AsusTPCenter.exe	C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe	64-bit	14600 KB	2 KB
AsusTPLoader.exe	C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe	64-bit	11860 KB	1 KB
AsusTPHelper.exe	C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe	64-bit	4136 KB	0 KB
ATKOSD2.exe	C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe	32-bit	11592 KB	1 KB
audiodg.exe		64-bit	19100 KB	13 KB
csrss.exe		64-bit	3688 KB	1 KB
csrss.exe		64-bit	9476 KB	2 KB
chili-keygen.exe	C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.106\chili-keygen.exe	32-bit	8604 KB	2 KB
chrome.exe	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	32-bit	60772 KB	60 KB
chrome.exe	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	32-bit	185 MB	124 KB
chrome.exe	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	32-bit	139 MB	128 KB
chrome.exe	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	32-bit	41644 KB	40 KB
chrome.exe	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	32-bit	66888 KB	64 KB
chrome.exe	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	32-bit	67696 KB	60 KB
chrome.exe	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	32-bit	137 MB	114 KB
chrome.exe	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	32-bit	142 MB	136 KB
chrome.exe	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	32-bit	27332 KB	21 KB
chrome.exe	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	32-bit	33692 KB	30 KB
chrome.exe	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	32-bit	56496 KB	51 KB
dasHost.exe	C:\Windows\system32\dashost.exe	32-bit	5188 KB	1 KB
dllhost.exe	C:\Windows\system32\DllHost.exe	64-bit	9548 KB	2 KB
DMedia.exe	C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe	32-bit	6256 KB	1 KB
dwm.exe	C:\Windows\system32\dwm.exe	64-bit	93 MB	92 KB
explorer.exe	C:\Windows\Explorer.EXE	64-bit	153 MB	72 KB
fontdrvhost.exe	C:\Windows\system32\fontdrvhost.exe	64-bit	3240 KB	0 KB
GFNEXSrv.exe	C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe	32-bit	3172 KB	0 KB
HControl.exe	C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe	32-bit	9120 KB	2 KB
hkcmd.exe	C:\Windows\System32\hkcmd.exe	64-bit	8248 KB	1 KB
IDMan.exe	C:\Program Files (x86)\Internet Download Manager\IDMan.exe	32-bit	30460 KB	8 KB
idmBroker.exe	C:\Program Files (x86)\Internet Download Manager\idmBroker.exe	32-bit	6492 KB	1 KB
IDMIntegrator64.exe	C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe	64-bit	13708 KB	4 KB
IEMonitor.exe	C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe	32-bit	7820 KB	1 KB
iexplore.exe	C:\Program Files\Internet Explorer\iexplore.exe	64-bit	40532 KB	10 KB
iexplore.exe	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	32-bit	40780 KB	17 KB
igfxpers.exe	C:\Windows\System32\igfxpers.exe	64-bit	10008 KB	1 KB
igfxtray.exe	C:\Windows\System32\igfxtray.exe	64-bit	8444 KB	1 KB
lsass.exe	C:\Windows\system32\lsass.exe	64-bit	16056 KB	5 KB
MpCmdRun.exe	C:\Program Files\Windows Defender\MpCmdRun.exe	64-bit	10532 KB	2 KB
MSASCui.exe	C:\Program Files\Windows Defender\MSASCui.exe	64-bit	20428 KB	5 KB
MsMpEng.exe		64-bit	90 MB	106 KB
NetworkUXBroker.exe	C:\Windows\System32\NetworkUXBroker.exe	64-bit	19004 KB	6 KB
NetworkUXBroker.exe	C:\Windows\System32\NetworkUXBroker.exe	64-bit	48 KB	3 KB
NisSrv.exe		64-bit	6912 KB	9 KB
OneDrive.exe	C:\Users\Quanravita\AppData\Local\Microsoft\OneDrive\OneDrive.exe	32-bit	37616 KB	10 KB
POWERPNT.EXE	C:\Program Files\Microsoft Office\Office15\POWERPNT.EXE	64-bit	88916 KB	59 KB
QuickGesture.exe	C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe	32-bit	7556 KB	1 KB
QuickGesture64.exe	C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe	64-bit	7876 KB	1 KB
RAVCpl64.exe	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	64-bit	12628 KB	3 KB
RuntimeBroker.exe	C:\Windows\System32\RuntimeBroker.exe	64-bit	48064 KB	14 KB
SearchFilterHost.exe	C:\Windows\system32\SearchFilterHost.exe	64-bit	5700 KB	1 KB
SearchIndexer.exe	C:\Windows\system32\SearchIndexer.exe	64-bit	30888 KB	25 KB
SearchProtocolHost.exe	C:\Windows\system32\SearchProtocolHost.exe	64-bit	9820 KB	2 KB
SearchProtocolHost.exe	C:\Windows\system32\SearchProtocolHost.exe	64-bit	7588 KB	1 KB
searchui.exe	C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\SearchUI.exe	64-bit	74060 KB	34 KB
services.exe		64-bit	6608 KB	2 KB
SettingSyncHost.exe	C:\Windows\system32\SettingSyncHost.exe	64-bit	18860 KB	17 KB
ShellExperienceHost.exe	C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe	64-bit	116 MB	45 KB
sihost.exe	C:\Windows\system32\sihost.exe	64-bit	30592 KB	6 KB
smss.exe		64-bit	708 KB	0 KB
SnippingTool.exe	C:\Windows\system32\SnippingTool.exe	64-bit	15192 KB	2 KB
splwow64.exe	C:\Windows\splwow64.exe	64-bit	6056 KB	1 KB
spoolsv.exe	C:\Windows\System32\spoolsv.exe	64-bit	13328 KB	4 KB
sppsvc.exe		64-bit	13540 KB	3 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	19360 KB	8 KB
svchost.exe	C:\Windows\System32\svchost.exe	64-bit	19632 KB	8 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	25176 KB	14 KB
svchost.exe	C:\Windows\System32\svchost.exe	64-bit	39696 KB	18 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	8516 KB	1 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	16420 KB	5 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	54604 KB	22 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	7908 KB	2 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	85880 KB	68 KB
svchost.exe	C:\Windows\System32\svchost.exe	64-bit	32472 KB	17 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	17068 KB	5 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	13640 KB	7 KB
System Idle Process			4 KB	0 KB
System		64-bit	3164 KB	0 KB
SystemSettings.exe	C:\Windows\ImmersiveControlPanel\SystemSettings.exe	64-bit	48 KB	18 KB
SystemSettingsBroker.exe	C:\Windows\System32\SystemSettingsBroker.exe	64-bit	17132 KB	3 KB
taskhostex.exe	C:\Windows\system32\taskhostex.exe	64-bit	18932 KB	10 KB
TiWorker.exe	C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe	64-bit	14044 KB	9 KB
ThumbnailExtractionHost.exe	C:\Windows\System32\ThumbnailExtractionHost.exe	64-bit	6336 KB	1 KB
TransMac.exe	C:\Program Files (x86)\TransMac\TransMac.exe	32-bit	40540 KB	19 KB
TrustedInstaller.exe	C:\Windows\servicing\TrustedInstaller.exe	64-bit	6396 KB	2 KB
UniKeyNT.exe	C:\Users\Quanravita\Downloads\UniKeyNT.exe	64-bit	10372 KB	2 KB
USBChargerPlus.exe	C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe	32-bit	376 KB	1 KB
uTorrent.exe	C:\Users\Quanravita\AppData\Roaming\uTorrent\uTorrent.exe	32-bit	52832 KB	24 KB
wininit.exe		64-bit	4520 KB	0 KB
winlogon.exe	C:\Windows\system32\winlogon.exe	64-bit	10260 KB	1 KB
WinRAR.exe	C:\Program Files\WinRAR\WinRAR.exe	64-bit	23264 KB	7 KB
WinRAR.exe	C:\Program Files\WinRAR\WinRAR.exe	64-bit	25008 KB	7 KB
WmiPrvSE.exe	C:\Windows\system32\wbem\wmiprvse.exe	32-bit	10428 KB	3 KB
WmiPrvSE.exe	C:\Windows\sysWOW64\wbem\wmiprvse.exe	64-bit	8352 KB	3 KB
WmiPrvSE.exe	C:\Windows\system32\wbem\wmiprvse.exe	64-bit	7596 KB	1 KB
WSHost.exe	C:\Windows\WinStore\WSHost.exe	64-bit	25948 KB	7 KB

System Drivers


Driver Name	Driver Description	File Name	Version	Type	State
1394ohci	1394 OHCI Compliant Host Controller	1394ohci.sys	10.0.10041.0	Kernel Driver	Stopped
3ware	3ware	3ware.sys	5.1.0.51	Kernel Driver	Stopped
ACPI	Microsoft ACPI Driver	ACPI.sys	10.0.10041.0	Kernel Driver	Running
acpiex	Microsoft ACPIEx Driver	acpiex.sys	10.0.10041.0	Kernel Driver	Running
acpipagr	ACPI Processor Aggregator Driver	acpipagr.sys	10.0.10041.0	Kernel Driver	Stopped
AcpiPmi	ACPI Power Meter Driver	acpipmi.sys	10.0.10041.0	Kernel Driver	Stopped
acpitime	ACPI Wake Alarm Driver	acpitime.sys	10.0.10041.0	Kernel Driver	Stopped
ADP80XX	ADP80XX	ADP80XX.SYS	1.0.0.254	Kernel Driver	Stopped
AFD	Ancillary Function Driver for Winsock	afd.sys	10.0.10041.0	Kernel Driver	Running
agp440	Intel AGP Bus Filter	agp440.sys	10.0.10041.0	Kernel Driver	Stopped
ahcache	Application Compatibility Cache	ahcache.sys	10.0.10041.0	Kernel Driver	Running
AiCharger	ASUS Charger Driver	AiCharger.sys	6.1.7600.16385	Kernel Driver	Running
AIDA64Driver	FinalWire AIDA64 Kernel Driver	kerneld.x64		Kernel Driver	Running
AmdK8	AMD K8 Processor Driver	amdk8.sys	10.0.10041.0	Kernel Driver	Stopped
AmdPPM	AMD Processor Driver	amdppm.sys	10.0.10041.0	Kernel Driver	Stopped
amdsata	amdsata	amdsata.sys	1.3.1.267	Kernel Driver	Stopped
amdsbs	amdsbs	amdsbs.sys	3.7.1540.43	Kernel Driver	Stopped
amdxata	amdxata	amdxata.sys	1.3.1.267	Kernel Driver	Stopped
AppID	AppID Driver	appid.sys	10.0.10041.0	Kernel Driver	Stopped
arcsas	Adaptec SAS/SATA-II RAID Storport's Miniport Driver	arcsas.sys	7.5.0.32038	Kernel Driver	Stopped
ASMMAP64	ASMMAP64	ASMMAP64.sys	1.0.9.1	Kernel Driver	Running
atapi	IDE Channel	atapi.sys	10.0.10041.0	Kernel Driver	Stopped
ATKWMIACPIIO	ATKWMIACPI Driver	atkwmiacpi64.sys	1.0.5.1	Kernel Driver	Running
ATP	ASUS PS/2 Port Input Device	AsusTP.sys	1.0.0.125	Kernel Driver	Running
athr	Qualcomm Atheros Extensible Wireless LAN device driver	athw8x.sys	3.0.2.163	Kernel Driver	Running
b06bdrv	Broadcom NetXtreme II VBD	bxvbda.sys	7.4.14.0	Kernel Driver	Stopped
BasicDisplay	BasicDisplay	BasicDisplay.sys	10.0.10041.0	Kernel Driver	Running
BasicRender	BasicRender	BasicRender.sys	10.0.10041.0	Kernel Driver	Running
bcmfn2	bcmfn2 Service	bcmfn2.sys	6.3.9391.6	Kernel Driver	Stopped
Beep	Beep			Kernel Driver	Running
bowser	Browser Support Driver	bowser.sys	10.0.10041.0	File System Driver	Running
BthAvrcpTg	Bluetooth Audio/Video Remote Control HID	BthAvrcpTg.sys	10.0.10041.0	Kernel Driver	Stopped
BthHFEnum	Bluetooth Hands-Free Audio and Call Control HID Enumerator	bthhfenum.sys	10.0.10041.0	Kernel Driver	Stopped
bthhfhid	Bluetooth Hands-Free Call Control HID	BthHFHid.sys	10.0.10041.0	Kernel Driver	Stopped
BTHMODEM	Bluetooth Serial Communications Driver	bthmodem.sys	10.0.10041.0	Kernel Driver	Stopped
buttonconverter	Service for Portable Device Control devices	buttonconverter.sys	10.0.10041.0	Kernel Driver	Stopped
CapImg	HID driver for CapImg touch screen	capimg.sys	10.0.10041.0	Kernel Driver	Stopped
cdfs	CD/DVD File System Reader	cdfs.sys	10.0.10041.0	File System Driver	Stopped
cdrom	CD-ROM Driver	cdrom.sys	10.0.10041.0	Kernel Driver	Running
circlass	Consumer IR Devices	circlass.sys	10.0.10041.0	Kernel Driver	Stopped
CLFS	Common Log (CLFS)	CLFS.sys	10.0.10041.0	Kernel Driver	Running
CmBatt	Microsoft ACPI Control Method Battery Driver	CmBatt.sys	10.0.10041.0	Kernel Driver	Running
CNG	CNG	cng.sys	10.0.10041.0	Kernel Driver	Running
cnghwassist	CNG Hardware Assist algorithm provider	cnghwassist.sys	10.0.10041.0	Kernel Driver	Stopped
CompositeBus	Composite Bus Enumerator Driver	CompositeBus.sys	10.0.10041.0	Kernel Driver	Running
condrv	Console Driver	condrv.sys	10.0.10041.0	Kernel Driver	Running
CSC	Offline Files Driver	csc.sys	10.0.10041.0	Kernel Driver	Running
dam	Desktop Activity Moderator Driver	dam.sys	10.0.10041.0	Kernel Driver	Stopped
Dfsc	DFS Namespace Client Driver	dfsc.sys	10.0.10041.0	File System Driver	Running
dg_ssudbus	SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)	ssudbus.sys	2.11.7.0	Kernel Driver	Stopped
disk	Disk Driver	disk.sys	10.0.10041.0	Kernel Driver	Running
dmvsc	dmvsc	dmvsc.sys	10.0.10041.0	Kernel Driver	Stopped
drmkaud	Microsoft Trusted Audio Drivers	drmkaud.sys	10.0.10041.0	Kernel Driver	Stopped
DXGKrnl	LDDM Graphics Subsystem	dxgkrnl.sys	10.0.10041.0	Kernel Driver	Running
ebdrv	QLogic 10 Gigabit Ethernet Adapter VBD	evbda.sys	7.12.2.3	Kernel Driver	Stopped
EhStorClass	Enhanced Storage Filter Driver	EhStorClass.sys	10.0.10041.0	Kernel Driver	Stopped
EhStorTcgDrv	Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols	EhStorTcgDrv.sys	10.0.10041.0	Kernel Driver	Stopped
ErrDev	Microsoft Hardware Error Device Driver	errdev.sys	10.0.10041.0	Kernel Driver	Stopped
exfat	exFAT File System Driver			File System Driver	Stopped
fastfat	FAT12/16/32 File System Driver			File System Driver	Running
fcvsc	fcvsc	fcvsc.sys	10.0.10041.0	Kernel Driver	Stopped
fdc	Floppy Disk Controller Driver	fdc.sys	10.0.10041.0	Kernel Driver	Stopped
FileCrypt	FileCrypt	filecrypt.sys	10.0.10041.0	File System Driver	Running
FileInfo	File Information FS MiniFilter	fileinfo.sys	10.0.10041.0	File System Driver	Running
Filetrace	FileTrace	filetrace.sys	10.0.10041.0	File System Driver	Stopped
flpydisk	Floppy Disk Driver	flpydisk.sys	10.0.10041.0	Kernel Driver	Stopped
FltMgr	FltMgr	fltmgr.sys	10.0.10041.0	File System Driver	Running
FsDepends	File System Dependency Minifilter	FsDepends.sys	10.0.10041.0	File System Driver	Stopped
fvevol	BitLocker Drive Encryption Filter Driver	fvevol.sys	10.0.10041.0	Kernel Driver	Running
gagp30kx	Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms	gagp30kx.sys	10.0.10041.0	Kernel Driver	Stopped
gencounter	Microsoft Hyper-V Generation Counter	vmgencounter.sys	10.0.10041.0	Kernel Driver	Stopped
genericusbfn	Generic USB Function Class	genericusbfnclass.sys	10.0.10041.0	Kernel Driver	Stopped
GPIOClx0101	Microsoft GPIO Class Extension Driver	msgpioclx.sys	10.0.10041.0	Kernel Driver	Stopped
HdAudAddService	Microsoft 1.1 UAA Function Driver for High Definition Audio Service	HdAudio.sys	10.0.10041.0	Kernel Driver	Running
HDAudBus	Microsoft UAA Bus Driver for High Definition Audio	HDAudBus.sys	10.0.10041.0	Kernel Driver	Running
HidBatt	HID UPS Battery Driver	HidBatt.sys	10.0.10041.0	Kernel Driver	Stopped
HidBth	Microsoft Bluetooth HID Miniport	hidbth.sys	10.0.10041.0	Kernel Driver	Stopped
hidi2c	Microsoft I2C HID Miniport Driver	hidi2c.sys	10.0.10041.0	Kernel Driver	Stopped
hidinterrupt	Common Driver for HID Buttons implemented with interrupts	hidinterrupt.sys	10.0.10041.0	Kernel Driver	Stopped
HidIr	Microsoft Infrared HID Driver	hidir.sys	10.0.10041.0	Kernel Driver	Stopped
HIDSwitch	ASUS Wireless Radio Control	AsHIDSwitch64.sys	1.0.0.3	Kernel Driver	Running
HidUsb	Microsoft HID Class Driver	hidusb.sys	10.0.10041.0	Kernel Driver	Stopped
HpSAMD	HpSAMD	HpSAMD.sys	8.0.4.0	Kernel Driver	Stopped
HTTP	HTTP Service	HTTP.sys	10.0.10041.0	Kernel Driver	Running
hwpolicy	Hardware Policy Driver	hwpolicy.sys	10.0.10041.0	Kernel Driver	Stopped
hyperkbd	hyperkbd	hyperkbd.sys	10.0.10041.0	Kernel Driver	Stopped
HyperVideo	HyperVideo	HyperVideo.sys	10.0.10041.0	Kernel Driver	Stopped
i8042prt	PS/2 Keyboard and Mouse Port Driver	i8042prt.sys	10.0.10041.0	Kernel Driver	Running
iaLPSSi_GPIO	Intel(R) Serial IO GPIO Controller Driver	iaLPSSi_GPIO.sys	1.1.163.0	Kernel Driver	Stopped
iaLPSSi_I2C	Intel(R) Serial IO I2C Controller Driver	iaLPSSi_I2C.sys	1.1.163.0	Kernel Driver	Stopped
iaStorAV	Intel(R) SATA RAID Controller Windows	iaStorAV.sys	13.2.0.1018	Kernel Driver	Stopped
iaStorV	Intel RAID Controller Windows 7	iaStorV.sys	8.6.2.1019	Kernel Driver	Stopped
ibbus	Mellanox InfiniBand Bus/AL (Filter Driver)	ibbus.sys	4.91.10723.0	Kernel Driver	Stopped
IDMWFP	IDMWFP	idmwfp.sys	6.23.9.58	Kernel Driver	Running
igfx	igfx	igdkmd64.sys	9.17.10.3347	Kernel Driver	Running
IntcAzAudAddService	Service for Realtek HD Audio (WDM)	RTKVHD64.sys	6.0.1.7458	Kernel Driver	Running
intelide	intelide	intelide.sys	10.0.10041.0	Kernel Driver	Stopped
intelpep	Intel(R) Power Engine Plug-in Driver	intelpep.sys	10.0.10041.0	Kernel Driver	Running
intelppm	Intel Processor Driver	intelppm.sys	10.0.10041.0	Kernel Driver	Running
IoQos	IoQos	ioqos.sys	10.0.10041.0	File System Driver	Stopped
IpFilterDriver	IP Traffic Filter Driver	ipfltdrv.sys	10.0.10041.0	Kernel Driver	Stopped
IPMIDRV	IPMIDRV	IPMIDrv.sys	10.0.10041.0	Kernel Driver	Stopped
IPNAT	IP Network Address Translator	ipnat.sys	10.0.10041.0	Kernel Driver	Stopped
IRENUM	IR Bus Enumerator	irenum.sys	10.0.10041.0	Kernel Driver	Stopped
isapnp	isapnp	isapnp.sys	10.0.10041.0	Kernel Driver	Stopped
iScsiPrt	iScsiPort Driver	msiscsi.sys	10.0.10041.0	Kernel Driver	Stopped
kbdclass	Keyboard Class Driver	kbdclass.sys	10.0.10041.0	Kernel Driver	Running
kbdhid	Keyboard HID Driver	kbdhid.sys	10.0.10041.0	Kernel Driver	Stopped
kbldfltr	kbldfltr	kbldfltr.sys	10.0.10041.0	Kernel Driver	Stopped
kdnic	Microsoft Kernel Debug Network Miniport (NDIS 6.20)	kdnic.sys	6.1.0.0	Kernel Driver	Running
KSecDD	KSecDD	ksecdd.sys	10.0.10041.0	Kernel Driver	Running
KSecPkg	KSecPkg	ksecpkg.sys	10.0.10041.0	Kernel Driver	Running
ksthunk	Kernel Streaming Thunks	ksthunk.sys	10.0.10041.0	Kernel Driver	Running
lltdio	Link-Layer Topology Discovery Mapper I/O Driver	lltdio.sys	10.0.10041.0	Kernel Driver	Running
LSI_SAS	LSI_SAS	lsi_sas.sys	1.34.3.82	Kernel Driver	Stopped
LSI_SAS2i	LSI_SAS2i	lsi_sas2i.sys	2.0.72.80	Kernel Driver	Stopped
LSI_SAS3i	LSI_SAS3i	lsi_sas3i.sys	2.50.89.80	Kernel Driver	Stopped
LSI_SSS	LSI_SSS	lsi_sss.sys	2.10.61.81	Kernel Driver	Stopped
luafv	UAC File Virtualization	luafv.sys	10.0.10041.0	File System Driver	Running
megasas	megasas	megasas.sys	6.705.5.0	Kernel Driver	Stopped
megasr	megasr	megasr.sys	15.2.2013.129	Kernel Driver	Stopped
MEIx64	Intel(R) Management Engine Interface	HECIx64.sys	8.1.0.1263	Kernel Driver	Running
mirahid	Miracast Virtual USB HID Driver	mirahid.sys	10.0.10041.0	Kernel Driver	Running
mlx4_bus	Mellanox ConnectX Bus Enumerator	mlx4_bus.sys	4.91.10723.0	Kernel Driver	Stopped
MMCSS	Multimedia Class Scheduler	mmcss.sys	10.0.10041.0	Kernel Driver	Running
Modem	Modem	modem.sys	10.0.10041.0	Kernel Driver	Stopped
monitor	Microsoft Monitor Class Function Driver Service	monitor.sys	10.0.10041.0	Kernel Driver	Running
mouclass	Mouse Class Driver	mouclass.sys	10.0.10041.0	Kernel Driver	Running
mouhid	Mouse HID Driver	mouhid.sys	10.0.10041.0	Kernel Driver	Stopped
mountmgr	Mount Point Manager	mountmgr.sys	10.0.10041.0	Kernel Driver	Running
mpsdrv	Windows Firewall Authorization Driver	mpsdrv.sys	10.0.10041.0	Kernel Driver	Running
MRxDAV	WebDav Client Redirector Driver	mrxdav.sys	10.0.10041.0	File System Driver	Stopped
mrxsmb	SMB MiniRedirector Wrapper and Engine	mrxsmb.sys	10.0.10041.0	File System Driver	Running
mrxsmb10	SMB 1.x MiniRedirector	mrxsmb10.sys	10.0.10041.0	File System Driver	Running
mrxsmb20	SMB 2.0 MiniRedirector	mrxsmb20.sys	10.0.10041.0	File System Driver	Running
MsBridge	Microsoft MAC Bridge	bridge.sys	10.0.10041.0	Kernel Driver	Stopped
Msfs	Msfs			File System Driver	Running
msgpiowin32	Common Driver for Buttons, DockMode and Laptop/Slate Indicator	msgpiowin32.sys	10.0.10041.0	Kernel Driver	Stopped
mshidkmdf	mshidkmdf	mshidkmdf.sys	10.0.10041.0	Kernel Driver	Stopped
mshidumdf	Pass-through HID to UMDF Driver	mshidumdf.sys	10.0.10041.0	Kernel Driver	Stopped
msisadrv	msisadrv	msisadrv.sys	10.0.10041.0	Kernel Driver	Running
MSKSSRV	Microsoft Streaming Service Proxy	MSKSSRV.sys	10.0.10041.0	Kernel Driver	Stopped
MsLldp	Microsoft Link-Layer Discovery Protocol	mslldp.sys	10.0.10041.0	Kernel Driver	Running
MSPCLOCK	Microsoft Streaming Clock Proxy	MSPCLOCK.sys	10.0.10041.0	Kernel Driver	Stopped
MSPQM	Microsoft Streaming Quality Manager Proxy	MSPQM.sys	10.0.10041.0	Kernel Driver	Stopped
MsRPC	MsRPC			Kernel Driver	Stopped
mssmbios	Microsoft System Management BIOS Driver	mssmbios.sys	10.0.10041.0	Kernel Driver	Running
MSTEE	Microsoft Streaming Tee/Sink-to-Sink Converter	MSTEE.sys	10.0.10041.0	Kernel Driver	Stopped
MTConfig	Microsoft Input Configuration Driver	MTConfig.sys	10.0.10041.0	Kernel Driver	Stopped
Mup	MUP	mup.sys	10.0.10041.0	File System Driver	Running
mvumis	mvumis	mvumis.sys	1.0.5.1016	Kernel Driver	Stopped
NativeWifiP	NativeWiFi Filter	nwifi.sys	10.0.10041.0	Kernel Driver	Running
ndfltr	NetworkDirect Service	ndfltr.sys	4.91.10723.0	Kernel Driver	Stopped
NDIS	NDIS System Driver	ndis.sys	10.0.10041.0	Kernel Driver	Running
NdisCap	Microsoft NDIS Capture	ndiscap.sys	10.0.10041.0	Kernel Driver	Stopped
NdisImPlatform	Microsoft Network Adapter Multiplexor Protocol	NdisImPlatform.sys	10.0.10041.0	Kernel Driver	Stopped
NdisTapi	Remote Access NDIS TAPI Driver	ndistapi.sys	10.0.10041.0	Kernel Driver	Stopped
Ndisuio	NDIS Usermode I/O Protocol	ndisuio.sys	10.0.10041.0	Kernel Driver	Running
NdisVirtualBus	Microsoft Virtual Network Adapter Enumerator	NdisVirtualBus.sys	10.0.10041.0	Kernel Driver	Running
NdisWan	Remote Access NDIS WAN Driver	ndiswan.sys	10.0.10041.0	Kernel Driver	Stopped
NdisWanLegacy	Remote Access LEGACY NDIS WAN Driver	ndiswan.sys	10.0.10041.0	Kernel Driver	Stopped
NDProxy	NDIS Proxy			Kernel Driver	Stopped
Ndu	Windows Network Data Usage Monitoring Driver	Ndu.sys	10.0.10041.0	Kernel Driver	Running
NetAdapterCx	Network Adapter Wdf Class Extension Library	NetAdapterCx.sys		Kernel Driver	Stopped
NetBIOS	@%SystemRoot%\system32\todo.dll,-2;TODO: find a home for this string	netbios.sys	10.0.10041.0	File System Driver	Running
NetBT	NETBT	netbt.sys	10.0.10041.0	Kernel Driver	Running
netvsc	netvsc	netvsc.sys	10.0.10041.0	Kernel Driver	Stopped
NETVSCVFPP	NETVSCVFPP	netvsc.sys	10.0.10041.0	Kernel Driver	Stopped
Npfs	Npfs			File System Driver	Running
npsvctrig	Named pipe service trigger provider	npsvctrig.sys	10.0.10041.0	Kernel Driver	Running
nsiproxy	NSI Proxy Service Driver	nsiproxy.sys	10.0.10041.0	Kernel Driver	Running
Ntfs	Ntfs			File System Driver	Running
Null	Null			Kernel Driver	Running
nv_agp	NVIDIA nForce AGP Bus Filter	nv_agp.sys	10.0.10041.0	Kernel Driver	Stopped
nvraid	nvraid	nvraid.sys	10.6.0.23	Kernel Driver	Stopped
nvstor	nvstor	nvstor.sys	10.6.0.23	Kernel Driver	Stopped
Parport	Parallel port driver	parport.sys	10.0.10041.0	Kernel Driver	Stopped
partmgr	Partition Manager	partmgr.sys	10.0.10041.0	Kernel Driver	Running
pci	PCI Bus Driver	pci.sys	10.0.10041.0	Kernel Driver	Running
pciide	pciide	pciide.sys	10.0.10041.0	Kernel Driver	Stopped
pcmcia	pcmcia	pcmcia.sys	10.0.10041.0	Kernel Driver	Stopped
pcw	Performance Counters for Windows Driver	pcw.sys	10.0.10041.0	Kernel Driver	Running
pdc	PDC	pdc.sys	10.0.10041.0	Kernel Driver	Running
PEAUTH	PEAUTH	peauth.sys	10.0.10041.0	Kernel Driver	Running
percsas2i	percsas2i	percsas2i.sys	6.803.21.0	Kernel Driver	Stopped
percsas3i	percsas3i	percsas3i.sys	6.602.12.0	Kernel Driver	Stopped
Processor	Processor Driver	processr.sys	10.0.10041.0	Kernel Driver	Stopped
Psched	QoS Packet Scheduler	pacer.sys	10.0.10041.0	Kernel Driver	Running
QWAVEdrv	QWAVE driver	qwavedrv.sys	10.0.10041.0	Kernel Driver	Stopped
RasAcd	Remote Access Auto Connection Driver	rasacd.sys	10.0.10041.0	Kernel Driver	Stopped
RasPppoe	Remote Access PPPOE Driver	raspppoe.sys	10.0.10041.0	Kernel Driver	Stopped
rdbss	Redirected Buffering Sub System	rdbss.sys	10.0.10041.0	File System Driver	Running
rdpbus	Remote Desktop Device Redirector Bus Driver	rdpbus.sys	10.0.10041.0	Kernel Driver	Running
RDPDR	Remote Desktop Device Redirector Driver	rdpdr.sys	10.0.10041.0	Kernel Driver	Stopped
RdpVideoMiniport	Remote Desktop Video Miniport Driver	rdpvideominiport.sys	10.0.10041.0	Kernel Driver	Stopped
rdyboost	ReadyBoost	rdyboost.sys	10.0.10041.0	Kernel Driver	Running
ReFS	ReFS			File System Driver	Stopped
ReFSv1	ReFSv1			File System Driver	Stopped
RSBASTOR	Realtek PCIE CardReader Driver - BA	RtsBaStor.sys	6.1.7601.27012	Kernel Driver	Running
rspndr	Link-Layer Topology Discovery Responder	rspndr.sys	10.0.10041.0	Kernel Driver	Running
rt640x64	Realtek RT640 NT Driver	rt640x64.sys	9.1.128.2015	Kernel Driver	Running
s3cap	s3cap	vms3cap.sys	10.0.10041.0	Kernel Driver	Stopped
sbp2port	SBP-2 Transport/Protocol Bus Driver	sbp2port.sys	10.0.10041.0	Kernel Driver	Stopped
scfilter	Smart card PnP Class Filter Driver	scfilter.sys	10.0.10041.0	Kernel Driver	Stopped
sdbus	sdbus	sdbus.sys	10.0.10041.0	Kernel Driver	Stopped
sdstor	SD Storage Port Driver	sdstor.sys	10.0.10041.0	Kernel Driver	Stopped
secdrv	Security Driver			Kernel Driver	Running
SerCx	Serial UART Support Library	SerCx.sys	10.0.10041.0	Kernel Driver	Stopped
SerCx2	Serial UART Support Library	SerCx2.sys	10.0.10041.0	Kernel Driver	Stopped
Serenum	Serenum Filter Driver	serenum.sys	10.0.10041.0	Kernel Driver	Stopped
Serial	Serial port driver	serial.sys	10.0.10041.0	Kernel Driver	Stopped
sermouse	Serial Mouse Driver	sermouse.sys	10.0.10041.0	Kernel Driver	Stopped
sfloppy	High-Capacity Floppy Disk Drive	sfloppy.sys	10.0.10041.0	Kernel Driver	Stopped
SiSRaid2	SiSRaid2	SiSRaid2.sys	5.1.1039.2600	Kernel Driver	Stopped
SiSRaid4	SiSRaid4	sisraid4.sys	5.1.1039.3600	Kernel Driver	Stopped
spaceport	Storage Spaces Driver	spaceport.sys	10.0.10041.0	Kernel Driver	Running
SpbCx	Simple Peripheral Bus Support Library	SpbCx.sys	10.0.10041.0	Kernel Driver	Stopped
srv	Server SMB 1.xxx Driver	srv.sys	10.0.10041.0	File System Driver	Running
srv2	Server SMB 2.xxx Driver	srv2.sys	10.0.10041.0	File System Driver	Running
srvnet	srvnet	srvnet.sys	10.0.10041.0	File System Driver	Running
ssudmdm	SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)	ssudmdm.sys	2.11.7.0	Kernel Driver	Stopped
stexstor	stexstor	stexstor.sys	5.1.0.10	Kernel Driver	Stopped
storahci	Microsoft Standard SATA AHCI Driver	storahci.sys	10.0.10041.0	Kernel Driver	Running
storflt	Microsoft Hyper-V Storage Accelerator	vmstorfl.sys	10.0.10041.0	Kernel Driver	Stopped
stornvme	Microsoft Standard NVM Express Driver	stornvme.sys	10.0.10041.0	Kernel Driver	Stopped
storqosflt	Storage QoS Filter Driver	storqosflt.sys	10.0.10041.0	File System Driver	Running
storufs	Microsoft Universal Flash Storage (UFS) Driver	storufs.sys	10.0.10041.0	Kernel Driver	Stopped
storvsc	storvsc	storvsc.sys	10.0.10041.0	Kernel Driver	Stopped
swenum	Software Bus Driver	swenum.sys	10.0.10041.0	Kernel Driver	Running
Synth3dVsc	Synth3dVsc	Synth3dVsc.sys	10.0.10041.0	Kernel Driver	Stopped
Tcpip	TCP/IP Protocol Driver	tcpip.sys	10.0.10041.0	Kernel Driver	Running
Tcpip6	@todo.dll,-100;Microsoft IPv6 Protocol Driver	tcpip.sys	10.0.10041.0	Kernel Driver	Stopped
tcpipreg	TCP/IP Registry Compatibility	tcpipreg.sys	10.0.10041.0	Kernel Driver	Running
tdx	NetIO Legacy TDI Support Driver	tdx.sys	10.0.10041.0	Kernel Driver	Running
terminpt	Microsoft Remote Desktop Input Driver	terminpt.sys	10.0.10041.0	Kernel Driver	Stopped
TPM	TPM	tpm.sys	10.0.10041.0	Kernel Driver	Stopped
tsusbflt	tsusbflt	tsusbflt.sys	10.0.10041.0	Kernel Driver	Stopped
TsUsbGD	Remote Desktop Generic USB Device	TsUsbGD.sys	10.0.10041.0	Kernel Driver	Stopped
tunnel	Microsoft Tunnel Miniport Adapter Driver	tunnel.sys	10.0.10041.0	Kernel Driver	Running
uagp35	Microsoft AGPv3.5 Filter	uagp35.sys	10.0.10041.0	Kernel Driver	Stopped
UASPStor	USB Attached SCSI (UAS) Driver	uaspstor.sys	10.0.10041.0	Kernel Driver	Stopped
Ucx01000	USB Host Support Library	ucx01000.sys	10.0.10041.0	Kernel Driver	Running
UdeCx	USB Device Emulation Support Library	udecx.sys		Kernel Driver	Stopped
udfs	udfs	udfs.sys	10.0.10041.0	File System Driver	Running
UEFI	Microsoft UEFI Driver	UEFI.sys	10.0.10041.0	Kernel Driver	Stopped
Ufx01000	USB Function Class Extension	ufx01000.sys	10.0.10041.0	Kernel Driver	Stopped
UfxChipidea	USB Chipidea Controller	UfxChipidea.sys	10.0.10041.0	Kernel Driver	Stopped
ufxsynopsys	USB Synopsys Controller	ufxsynopsys.sys	10.0.10041.0	Kernel Driver	Stopped
uliagpkx	Uli AGP Bus Filter	uliagpkx.sys	10.0.10041.0	Kernel Driver	Stopped
umbus	UMBus Enumerator Driver	umbus.sys	10.0.10041.0	Kernel Driver	Running
UmPass	Microsoft UMPass Driver	umpass.sys	10.0.10041.0	Kernel Driver	Stopped
UrsCx01000	USB Role-Switch Support Library	urscx01000.sys	10.0.10041.0	Kernel Driver	Stopped
UrsChipidea	USB Dual-Role Controller	urschipidea.sys	10.0.10041.0	Kernel Driver	Stopped
UrsSynopsys	USB Dual-Role Controller	urssynopsys.sys	10.0.10041.0	Kernel Driver	Stopped
usbccgp	Microsoft USB Generic Parent Driver	usbccgp.sys	10.0.10041.0	Kernel Driver	Running
usbcir	eHome Infrared Receiver (USBCIR)	usbcir.sys	10.0.10041.0	Kernel Driver	Stopped
usbehci	Microsoft USB 2.0 Enhanced Host Controller Miniport Driver	usbehci.sys	10.0.10041.0	Kernel Driver	Running
usbhub	Microsoft USB Standard Hub Driver	usbhub.sys	10.0.10041.0	Kernel Driver	Running
USBHUB3	SuperSpeed Hub	UsbHub3.sys	10.0.10041.0	Kernel Driver	Running
usbohci	Microsoft USB Open Host Controller Miniport Driver	usbohci.sys	10.0.10041.0	Kernel Driver	Stopped
usbprint	Microsoft USB PRINTER Class	usbprint.sys	10.0.10041.0	Kernel Driver	Stopped
usbser	Microsoft USB Serial Driver	usbser.sys	10.0.10041.0	Kernel Driver	Stopped
USBSTOR	USB Mass Storage Driver	USBSTOR.SYS	10.0.10041.0	Kernel Driver	Stopped
usbuhci	Microsoft USB Universal Host Controller Miniport Driver	usbuhci.sys	10.0.10041.0	Kernel Driver	Stopped
usbvideo	USB Video Device (WDM)	usbvideo.sys	10.0.10041.0	Kernel Driver	Running
USBXHCI	USB xHCI Compliant Host Controller	USBXHCI.SYS	10.0.10041.0	Kernel Driver	Running
vdrvroot	Microsoft Virtual Drive Enumerator	vdrvroot.sys	10.0.10041.0	Kernel Driver	Running
VerifierExt	VerifierExt	VerifierExt.sys	10.0.10041.0	Kernel Driver	Stopped
vhdmp	vhdmp	vhdmp.sys	10.0.10041.0	Kernel Driver	Stopped
vhf	Virtual HID Framework (VHF) Driver	vhf.sys	10.0.10041.0	Kernel Driver	Stopped
vmbus	Virtual Machine Bus	vmbus.sys	10.0.10041.0	Kernel Driver	Stopped
VMBusHID	VMBusHID	VMBusHID.sys	10.0.10041.0	Kernel Driver	Stopped
volmgr	Volume Manager Driver	volmgr.sys	10.0.10041.0	Kernel Driver	Running
volmgrx	Dynamic Volume Manager	volmgrx.sys	10.0.10041.0	Kernel Driver	Running
volsnap	Storage volumes	volsnap.sys	10.0.10041.0	Kernel Driver	Running
vpci	Microsoft Hyper-V Virtual PCI Bus	vpci.sys	10.0.10041.0	Kernel Driver	Stopped
vsmraid	vsmraid	vsmraid.sys	7.0.9600.6352	Kernel Driver	Stopped
VSTXRAID	VIA StorX Storage RAID Controller Windows Driver	vstxraid.sys	8.0.9200.8110	Kernel Driver	Stopped
vwifibus	Virtual WiFi Bus Driver	vwifibus.sys	10.0.10041.0	Kernel Driver	Running
vwififlt	Virtual WiFi Filter Driver	vwififlt.sys	10.0.10041.0	Kernel Driver	Running
vwifimp	Virtual WiFi Miniport Service	vwifimp.sys	10.0.10041.0	Kernel Driver	Running
WacomPen	Wacom Serial Pen HID Driver	wacompen.sys	10.0.10041.0	Kernel Driver	Stopped
WdBoot	Windows Defender Boot Driver	WdBoot.sys	4.8.10041.0	Kernel Driver	Stopped
Wdf01000	Kernel Mode Driver Frameworks service	Wdf01000.sys	1.15.10041.0	Kernel Driver	Running
WdFilter	Windows Defender Mini-Filter Driver	WdFilter.sys	4.8.10041.0	File System Driver	Running
wdiwifi	WDI Driver Framework	wdiwifi.sys	10.0.10041.0	Kernel Driver	Stopped
WdNisDrv	Windows Defender Network Inspection System Driver	WdNisDrv.sys	4.8.10041.0	Kernel Driver	Running
WFPLWFS	Microsoft Windows Filtering Platform	wfplwfs.sys	10.0.10041.0	Kernel Driver	Running
WIMMount	WIMMount	wimmount.sys	10.0.10041.0	File System Driver	Stopped
WinMad	WinMad Service	winmad.sys	4.91.10723.0	Kernel Driver	Stopped
WINUSB	SAMSUNG Android USB Driver	WinUSB.SYS	10.0.10041.0	Kernel Driver	Stopped
WinVerbs	WinVerbs Service	winverbs.sys	4.4.13905.0	Kernel Driver	Stopped
WmiAcpi	Microsoft Windows Management Interface for ACPI	wmiacpi.sys	10.0.10041.0	Kernel Driver	Running
Wof	Windows Overlay File System Filter Driver			File System Driver	Running
wpcfltr	Family Safety Filter Driver	wpcfltr.sys	10.0.10041.0	Kernel Driver	Stopped
WpdUpFltr	WPD Upper Class Filter Driver	WpdUpFltr.sys	10.0.10041.0	Kernel Driver	Stopped
ws2ifsl	Winsock IFS Driver	ws2ifsl.sys	10.0.10041.0	Kernel Driver	Stopped
WudfPf	User Mode Driver Frameworks Platform Driver	WudfPf.sys	10.0.10041.0	Kernel Driver	Running
WUDFRd	Windows Driver Foundation - User-mode Driver Framework Reflector	WUDFRd.sys	10.0.10041.0	Kernel Driver	Stopped
WUDFWpdFs	WUDFWpdFs	WUDFRd.sys	10.0.10041.0	Kernel Driver	Stopped
WUDFWpdMtp	WUDFWpdMtp	WUDFRd.sys	10.0.10041.0	Kernel Driver	Stopped

Services


Service Name	Service Description	File Name	Version	Type	State	Account
AJRouter	AllJoyn Router Service	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
ALG	Application Layer Gateway Service	alg.exe	10.0.10041.0	Own Process	Stopped	NT AUTHORITY\LocalService
AppIDSvc	Application Identity	svchost.exe	10.0.10041.0	Share Process	Stopped	NT Authority\LocalService
Appinfo	Application Information	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
AppMgmt	Application Management	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
AppReadiness	App Readiness	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
AppXSvc	AppX Deployment Service (AppXSVC)	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
ASLDRService	ASLDR Service	ASLDRSrv.exe	1.0.64.1	Own Process	Running	LocalSystem
ATKGFNEXSrv	ATKGFNEX Service	GFNEXSrv.exe	1.0.11.1	Own Process	Running	LocalSystem
AudioEndpointBuilder	Windows Audio Endpoint Builder	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
Audiosrv	Windows Audio	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\LocalService
AxInstSV	ActiveX Installer (AxInstSV)	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
BDESVC	BitLocker Drive Encryption Service	svchost.exe	10.0.10041.0	Share Process	Stopped	localSystem
BFE	Base Filtering Engine	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\LocalService
BITS	Background Intelligent Transfer Service	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
BrokerInfrastructure	Background Tasks Infrastructure Service	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
Browser	Computer Browser	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
BthHFSrv	Bluetooth Handsfree Service	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
bthserv	Bluetooth Support Service	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
CertPropSvc	Certificate Propagation	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
ClipSVC	Client License Service (ClipSVC)	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
COMSysApp	COM+ System Application	dllhost.exe	10.0.10041.0	Own Process	Stopped	LocalSystem
CoreUIRegistrar	CoreMessaging	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\LocalService
cphs	Intel(R) Content Protection HECI Service	IntelCpHeciSvc.exe	9.0.0.1340	Own Process	Stopped	LocalSystem
CryptSvc	Cryptographic Services	svchost.exe	10.0.10041.0	Share Process	Running	NT Authority\NetworkService
CscService	Offline Files	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
DcomLaunch	DCOM Server Process Launcher	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
DcpSvc	DcpSvc	svchost.exe	10.0.10041.0	Share Process	Running
defragsvc	Optimize drives	svchost.exe	10.0.10041.0	Own Process	Stopped	localSystem
DeviceAssociationService	Device Association Service	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
DeviceInstall	Device Install Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
DevQueryBroker	DevQuery Backgroud Discovery Broker	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
Dhcp	DHCP Client	svchost.exe	10.0.10041.0	Share Process	Running	NT Authority\LocalService
DiagTrack	Diagnostics Tracking Service	svchost.exe	10.0.10041.0	Own Process	Running	LocalSystem
DmEnrollmentSvc	Device Management Enrollment Service	svchost.exe	10.0.10041.0	Own Process	Stopped	LocalSystem
dmwappushservice	dmwappushsvc	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
Dnscache	DNS Client	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\NetworkService
DoSvc	Delivery Optimization	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
dot3svc	Wired AutoConfig	svchost.exe	10.0.10041.0	Share Process	Stopped	localSystem
DPS	Diagnostic Policy Service	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\LocalService
DsmSvc	Device Setup Manager	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
DsSvc	Data Sharing Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
Eaphost	Extensible Authentication Protocol	svchost.exe	10.0.10041.0	Share Process	Running	localSystem
EFS	Encrypting File System (EFS)	lsass.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
EventLog	Windows Event Log	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\LocalService
EventSystem	COM+ Event System	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\LocalService
Fax	Fax	fxssvc.exe	10.0.10041.0	Own Process	Stopped	NT AUTHORITY\NetworkService
fdPHost	Function Discovery Provider Host	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
FDResPub	Function Discovery Resource Publication	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
fhsvc	File History Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
FontCache	Windows Font Cache Service	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\LocalService
gpsvc	Group Policy Client	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
gupdate	Google Update Service (gupdate)	GoogleUpdate.exe	1.3.26.9	Own Process	Stopped	LocalSystem
gupdatem	Google Update Service (gupdatem)	GoogleUpdate.exe	1.3.26.9	Own Process	Stopped	LocalSystem
hidserv	Human Interface Device Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
HomeGroupListener	HomeGroup Listener	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
HomeGroupProvider	HomeGroup Provider	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
icssvc	Windows Mobile Hotspot Service	svchost.exe	10.0.10041.0	Share Process	Stopped	NT Authority\LocalService
IEEtwCollectorService	Internet Explorer ETW Collector Service	IEEtwCollector.exe	11.0.10041.0	Own Process	Stopped	LocalSystem
IKEEXT	IKE and AuthIP IPsec Keying Modules	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
iphlpsvc	IP Helper	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
KeyIso	CNG Key Isolation	lsass.exe	10.0.10041.0	Share Process	Running	LocalSystem
KtmRm	KtmRm for Distributed Transaction Coordinator	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\NetworkService
LanmanServer	Server	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
LanmanWorkstation	Workstation	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\NetworkService
lfsvc	Geolocation Service	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
lltdsvc	Link-Layer Topology Discovery Mapper	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
lmhosts	TCP/IP NetBIOS Helper	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
LSM	Local Session Manager	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
MapsBroker	Downloaded Maps Manager	svchost.exe	10.0.10041.0	Own Process	Stopped	NT AUTHORITY\NetworkService
MpsSvc	Windows Firewall	svchost.exe	10.0.10041.0	Share Process	Running	NT Authority\LocalService
MSDTC	Distributed Transaction Coordinator	msdtc.exe	2001.12.10941.0	Own Process	Stopped	NT AUTHORITY\NetworkService
MSiSCSI	Microsoft iSCSI Initiator Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
msiserver	Windows Installer	msiexec.exe	5.0.10041.0	Own Process	Stopped	LocalSystem
MsKeyboardFilter	Microsoft Keyboard Filter	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
NcaSvc	Network Connectivity Assistant	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
NcbService	Network Connection Broker	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
NcdAutoSetup	Network Connected Devices Auto-Setup	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
Netlogon	Netlogon	lsass.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
Netman	Network Connections	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
netprofm	Network List Service	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\LocalService
NetSetupSvc	Network Setup Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
NetTcpPortSharing	Net.Tcp Port Sharing Service	SMSvcHost.exe	4.6.42.0	Share Process	Stopped	NT AUTHORITY\LocalService
NlaSvc	Network Location Awareness	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\NetworkService
nsi	Network Store Interface Service	svchost.exe	10.0.10041.0	Share Process	Running	NT Authority\LocalService
NgcCtnrSvc	Next Generation Credential Container Service	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
NgcSvc	Next Generation Credentials	lsass.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
OneSyncSvc	Sync Host	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
ose64	Office 64 Source Engine	OSE.EXE	15.0.4454.1000	Own Process	Stopped	LocalSystem
p2pimsvc	Peer Networking Identity Manager	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
p2psvc	Peer Networking Grouping	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
PcaSvc	Program Compatibility Assistant Service	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
PeerDistSvc	BranchCache	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\NetworkService
PerfHost	Performance Counter DLL Host	perfhost.exe	10.0.10041.0	Own Process	Stopped	NT AUTHORITY\LocalService
PimIndexMaintenanceSvc	Du? lie?u Lien he?	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
pla	Performance Logs & Alerts	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
PlugPlay	Plug and Play	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
PNRPAutoReg	PNRP Machine Name Publication Service	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
PNRPsvc	Peer Name Resolution Protocol	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
PolicyAgent	IPsec Policy Agent	svchost.exe	10.0.10041.0	Share Process	Stopped	NT Authority\NetworkService
Power	Power	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
PrintNotify	Printer Extensions and Notifications	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
ProfSvc	User Profile Service	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
PhoneSvc	Phone Service	svchost.exe	10.0.10041.0	Share Process	Stopped	NT Authority\LocalService
QWAVE	Quality Windows Audio Video Experience	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
RasAuto	Remote Access Auto Connection Manager	svchost.exe	10.0.10041.0	Share Process	Stopped	localSystem
RasMan	Remote Access Connection Manager	svchost.exe	10.0.10041.0	Share Process	Stopped	localSystem
RemoteAccess	Routing and Remote Access	svchost.exe	10.0.10041.0	Share Process	Stopped	localSystem
RemoteRegistry	Remote Registry	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
RetailDemo	Retail Demo Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
RpcEptMapper	RPC Endpoint Mapper	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\NetworkService
RpcLocator	Remote Procedure Call (RPC) Locator	locator.exe	10.0.10041.0	Own Process	Stopped	NT AUTHORITY\NetworkService
RpcSs	Remote Procedure Call (RPC)	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\NetworkService
SamSs	Security Accounts Manager	lsass.exe	10.0.10041.0	Share Process	Running	LocalSystem
SCardSvr	Smart Card	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
ScDeviceEnum	Smart Card Device Enumeration Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
SCPolicySvc	Smart Card Removal Policy	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
Schedule	Task Scheduler	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
seclogon	Secondary Logon	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
SENS	System Event Notification Service	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
SensorDataService	Sensor Data Service	SensorDataService.exe		Own Process	Stopped	LocalSystem
SensorService	Sensor Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
SensrSvc	Sensor Monitoring Service	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
SessionEnv	Remote Desktop Configuration	svchost.exe	10.0.10041.0	Share Process	Stopped	localSystem
SharedAccess	Internet Connection Sharing (ICS)	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
ShellHWDetection	Shell Hardware Detection	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
smphost	Microsoft Storage Spaces SMP	svchost.exe	10.0.10041.0	Own Process	Stopped	NT AUTHORITY\NetworkService
SmsRouter	Microsoft Windows SMS Router Service.	svchost.exe	10.0.10041.0	Share Process	Stopped	localSystem
SNMPTRAP	SNMP Trap	snmptrap.exe	10.0.10041.0	Own Process	Stopped	NT AUTHORITY\LocalService
Spooler	Print Spooler	spoolsv.exe	10.0.10041.0	Own Process	Running	LocalSystem
sppsvc	Software Protection	sppsvc.exe	10.0.10041.0	Own Process	Running	NT AUTHORITY\NetworkService
SSDPSRV	SSDP Discovery	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\LocalService
SstpSvc	Secure Socket Tunneling Protocol Service	svchost.exe	10.0.10041.0	Share Process	Stopped	NT Authority\LocalService
StateRepository	State Repository Service (StateRepository)	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
stisvc	Windows Image Acquisition (WIA)	svchost.exe	10.0.10041.0	Own Process	Running	NT Authority\LocalService
StorSvc	Storage Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
svsvc	Spot Verifier	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
swprv	Microsoft Software Shadow Copy Provider	svchost.exe	10.0.10041.0	Own Process	Stopped	LocalSystem
SysMain	Superfetch	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
SystemEventsBroker	System Events Broker	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
TabletInputService	Touch Keyboard and Handwriting Panel Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
TapiSrv	Telephony	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\NetworkService
TermService	Remote Desktop Services	svchost.exe	10.0.10041.0	Share Process	Stopped	NT Authority\NetworkService
tiledatamodelsvc	tiledatamodelsvc	svchost.exe	10.0.10041.0	Share Process	Running
TimeBroker	Time Broker	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\LocalService
Themes	Themes	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
TrkWks	Distributed Link Tracking Client	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
TrustedInstaller	Windows Modules Installer	TrustedInstaller.exe	10.0.10041.0	Own Process	Running	localSystem
UI0Detect	Interactive Services Detection	UI0Detect.exe	10.0.10041.0	Own Process	Stopped	LocalSystem
UmRdpService	Remote Desktop Services UserMode Port Redirector	svchost.exe	10.0.10041.0	Share Process	Stopped	localSystem
UnistoreSvc	Luu tru? Du? lie?u Nguo?i du?ng	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
upnphost	UPnP Device Host	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
UserDataSvc	Truy ca?p Du? lie?u Nguo?i du?ng	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
UserManager	User Manager	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
UsoSvc	Update Orchestrator Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
VaultSvc	Credential Manager	lsass.exe	10.0.10041.0	Share Process	Running	LocalSystem
vds	Virtual Disk	vds.exe	10.0.10041.0	Own Process	Stopped	LocalSystem
vmicguestinterface	Hyper-V Guest Service Interface	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
vmickvpexchange	Hyper-V Data Exchange Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
vmicrdv	Hyper-V Remote Desktop Virtualization Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
vmicshutdown	Hyper-V Guest Shutdown Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
vmictimesync	Hyper-V Time Synchronization Service	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
vmicvmsession	Hyper-V VM Session Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
vmicvss	Hyper-V Volume Shadow Copy Requestor	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
vmicheartbeat	Hyper-V Heartbeat Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
VSS	Volume Shadow Copy	vssvc.exe	10.0.10041.0	Own Process	Stopped	LocalSystem
W32Time	Windows Time	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
wbengine	Block Level Backup Engine Service	wbengine.exe	10.0.10041.0	Own Process	Stopped	localSystem
WbioSrvc	Windows Biometric Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
Wcmsvc	Windows Connection Manager	svchost.exe	10.0.10041.0	Share Process	Running	NT Authority\LocalService
wcncsvc	Windows Connect Now - Config Registrar	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
WcsPlugInService	Windows Color System	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
WdiServiceHost	Diagnostic Service Host	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\LocalService
WdiSystemHost	Diagnostic System Host	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
WdNisSvc	Windows Defender Network Inspection Service	NisSrv.exe		Own Process	Running	NT AUTHORITY\LocalService
WebClient	WebClient	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
Wecsvc	Windows Event Collector	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\NetworkService
WEPHOSTSVC	Windows Encryption Provider Host Service	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
wercplsupport	Problem Reports and Solutions Control Panel Support	svchost.exe	10.0.10041.0	Share Process	Stopped	localSystem
WerSvc	Windows Error Reporting Service	svchost.exe	10.0.10041.0	Own Process	Stopped	localSystem
WiaRpc	Still Image Acquisition Events	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
WinDefend	Windows Defender Service	MsMpEng.exe		Own Process	Running	LocalSystem
WinHttpAutoProxySvc	WinHTTP Web Proxy Auto-Discovery Service	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\LocalService
Winmgmt	Windows Management Instrumentation	svchost.exe	10.0.10041.0	Share Process	Running	localSystem
WinRM	Windows Remote Management (WS-Management)	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\NetworkService
WlanSvc	WLAN AutoConfig	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
wlidsvc	Microsoft Account Sign-in Assistant	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
wmiApSrv	WMI Performance Adapter	WmiApSrv.exe	10.0.10041.0	Own Process	Stopped	localSystem
WMPNetworkSvc	Windows Media Player Network Sharing Service	wmpnetwk.exe		Own Process	Stopped	NT AUTHORITY\NetworkService
workfolderssvc	Work Folders	svchost.exe	10.0.10041.0	Share Process	Stopped	NT AUTHORITY\LocalService
WPDBusEnum	Portable Device Enumerator Service	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
WpnService	WpnService	svchost.exe	10.0.10041.0	Share Process	Stopped
wscsvc	Security Center	svchost.exe	10.0.10041.0	Share Process	Running	NT AUTHORITY\LocalService
WSearch	Windows Search	SearchIndexer.exe	7.0.10041.0	Own Process	Running	LocalSystem
WSService	Windows Store Service (WSService)	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
wuauserv	Windows Update	svchost.exe	10.0.10041.0	Share Process	Stopped	LocalSystem
wudfsvc	Windows Driver Foundation - User-mode Driver Framework	svchost.exe	10.0.10041.0	Share Process	Running	LocalSystem
WwanSvc	WWAN AutoConfig	svchost.exe	10.0.10041.0	Share Process	Stopped	NT Authority\LocalService

AX Files


AX File	Version	Description
bdaplgin.ax	10.0.10041.0	Microsoft BDA Device Control Plug-in for MPEG2 based networks.
g711codc.ax	10.0.10041.0	Intel G711 CODEC
iac25_32.ax	2.0.5.53	Indeo® audio software
ir41_32.ax	10.0.10041.0	IR41_32 WRAPPER DLL
ivfsrc.ax	5.10.2.51	Intel Indeo® video IVF Source Filter 5.10
ksproxy.ax	10.0.10041.0	WDM Streaming ActiveMovie Proxy
kstvtune.ax	10.0.10041.0	WDM Streaming TvTuner
kswdmcap.ax	10.0.10041.0	WDM Streaming Video Capture
ksxbar.ax	10.0.10041.0	WDM Streaming Crossbar
mpeg2data.ax	10.0.10041.0	Microsoft MPEG-2 Section and Table Acquisition Module
mpg2splt.ax	10.0.10041.0	DirectShow MPEG-2 Splitter.
msdvbnp.ax	10.0.10041.0	Microsoft Network Provider for MPEG2 based networks.
msnp.ax	10.0.10041.0	Microsoft Network Provider for MPEG2 based networks.
psisrndr.ax	10.0.10041.0	Microsoft Transport Information Filter for MPEG2 based networks.
vbicodec.ax	10.0.10041.0	Microsoft VBI Codec
vbisurf.ax	10.0.10041.0	VBI Surface Allocator Filter
vidcap.ax	10.0.10041.0	Video Capture Interface Server
wstpager.ax	10.0.10041.0	Microsoft Teletext Server

DLL Files


DLL File	Version	Description
abovelockapphost.dll	10.0.10041.0	AboveLockAppHost
accessibilitycpl.dll	10.0.10041.0	Pa-nen die?u khie?n de? truy nha?p
accountscontrolinternal.dll	10.0.10041.0	Accounts Control Broker Objects
acctres.dll	10.0.10041.0	Microsoft Internet Account Manager Resources
acledit.dll	10.0.10041.0	Access Control List Editor
aclui.dll	10.0.10041.0	Security Descriptor Editor
acppage.dll	10.0.10041.0	Compatibility Tab Shell Extension Library
actioncenter.dll	10.0.10041.0	Ba?o ma?t va? Ba?o tri?
actioncentercpl.dll	10.0.10041.0	Pa-nen Die?u khie?n B?o m?t va B?o tri
activeds.dll	10.0.10041.0	ADs Router Layer DLL
actxprxy.dll	10.0.10041.0	ActiveX Interface Marshaling Library
admtmpl.dll	10.0.10041.0	Administrative Templates Extension
adprovider.dll	10.0.10041.0	adprovider DLL
adrclient.dll	10.0.10041.0	Microsoft® Access Denied Remediation Client
adsldp.dll	10.0.10041.0	ADs LDAP Provider DLL
adsldpc.dll	10.0.10041.0	ADs LDAP Provider C DLL
adsmsext.dll	10.0.10041.0	ADs LDAP Provider DLL
adsnt.dll	10.0.10041.0	ADs Windows NT Provider DLL
adtschema.dll	10.0.10041.0	Security Audit Schema DLL
advapi32.dll	10.0.10041.0	Advanced Windows 32 Base API
advapi32res.dll	10.0.10041.0	Advanced Windows 32 Base API
advpack.dll	11.0.10041.0	ADVPACK
aeevts.dll	10.0.10041.0	Application Experience Event Resources
amsi.dll	4.8.10041.0	Anti-Malware Scan Interface
amstream.dll	10.0.10041.0	DirectShow Runtime.
apds.dll	10.0.10041.0	Mo-dun Di?ch vu? Du? lie?u Tro? giup Microsoft®
appcapture.dll	10.0.10041.0	Windows Runtime AppCapture DLL
appcontracts.dll	10.0.10041.0	Windows AppContracts API Server
appidapi.dll	10.0.10041.0	Application Identity APIs Dll
appidpolicyengineapi.dll	10.0.10041.0	AppId Policy Engine API Module
applockercsp.dll	10.0.10041.0	AppLockerCSP
appmgmts.dll	10.0.10041.0	Software installation Service
appmgr.dll	10.0.10041.0	Software Installation Snapin Extenstion
apprepapi.dll	10.0.10041.0	Application Reputation APIs Dll
apprepsync.dll	10.0.10041.0	AppRepSync Task
appxalluserstore.dll	10.0.10041.0	AppX All User Store DLL
appxapplicabilityengine.dll	10.0.10041.0	AppX Applicability Engine
appxdeploymentclient.dll	10.0.10041.0	AppX Deployment Client DLL
appxpackaging.dll	10.0.10041.0	Native Code Appx Packaging Library
appxsip.dll	10.0.10041.0	Appx Subject Interface Package
apphelp.dll	10.0.10041.0	Application Compatibility Client Library
apphlpdm.dll	10.0.10041.0	Application Compatibility Help Module
asferror.dll	12.0.10041.0	ASF Error Definitions
aspnet_counters.dll	4.6.42.0	Microsoft ASP.NET Performance Counter Shim DLL
asycfilt.dll	10.0.10041.0
atl.dll	3.5.2284.0	ATL Module for Windows XP (Unicode)
atl100.dll	10.0.40219.325	ATL Module for Windows
atlthunk.dll	10.0.10041.0	atlthunk.dll
atmfd.dll	5.1.2.241	Windows NT OpenType/Type 1 Font Driver
atmlib.dll	5.1.2.241	Windows NT OpenType/Type 1 API Library.
audiodev.dll	10.0.10041.0	Portable Media Devices Shell Extension
audioeng.dll	10.0.10041.0	Audio Engine
audiokse.dll	10.0.10041.0	Audio Ks Endpoint
audioses.dll	10.0.10041.0	Audio Session
auditnativesnapin.dll	10.0.10041.0	Audit Policy Group Policy Editor Extension
auditpolicygpinterop.dll	10.0.10041.0	Audit Policy GP Module
auditpolmsg.dll	10.0.10041.0	Audit Policy MMC SnapIn Messages
autoplay.dll	10.0.10041.0	Pa-nen Die?u khie?n Phat Tu? do?ng
authbroker.dll	10.0.10041.0	Xa?c thu?c Web WinRT API
authbrokerui.dll	10.0.10041.0	AuthBroker UI
authext.dll	10.0.10041.0	Authentication Extensions
authfwcfg.dll	10.0.10041.0	Windows Firewall with Advanced Security Configuration Helper
authfwgp.dll	10.0.10041.0	Windows Firewall with Advanced Security Group Policy Editor Extension
authfwsnapin.dll	10.0.10041.0	Microsoft.WindowsFirewall.SnapIn
authfwwizfwk.dll	10.0.10041.0	Wizard Framework
authui.dll	10.0.10041.0	Giao die?n Xac thu?c cu?a Windows
authz.dll	10.0.10041.0	Authorization Framework
avicap32.dll	10.0.10041.0	AVI Capture window class
avifil32.dll	10.0.10041.0	Microsoft AVI File support library
avrt.dll	10.0.10041.0	Multimedia Realtime Runtime
azroles.dll	10.0.10041.0	azroles Module
azroleui.dll	10.0.10041.0	Authorization Manager
azsqlext.dll	10.0.10041.0	AzMan Sql Audit Extended Stored Procedures Dll
azuresettingsyncprovider.dll	10.0.10041.0	Azure Setting Sync Provider
backgroundmediapolicy.dll	10.0.10041.0	<d> Background Media Policy DLL
basecsp.dll	10.0.10041.0	Microsoft Base Smart Card Crypto Provider
batmeter.dll	10.0.10041.0	DLL Bo? tro? giup Do?ng ho? Do Pin
bcastdvr.proxy.dll	10.0.10041.0	Broadcast DVR Proxy
bcd.dll	10.0.10041.0	BCD DLL
bcp47langs.dll	10.0.10041.0	BCP47 Language Classes
bcrypt.dll	10.0.10041.0	Windows Cryptographic Primitives Library
bcryptprimitives.dll	10.0.10041.0	Windows Cryptographic Primitives Library
bidispl.dll	10.0.10041.0	Bidispl DLL
bingmaps.dll	10.0.10041.0	Bing Map Control
biocredprov.dll	10.0.10041.2	WinBio Credential Provider
bitsperf.dll	7.8.10041.0	Perfmon Counter Access
bitsproxy.dll	7.8.10041.0	Background Intelligent Transfer Service Proxy
biwinrt.dll	10.0.10041.0	Windows Background Broker Infrastructure
blackbox.dll	11.0.10041.0	BlackBox DLL
bluetoothapis.dll	10.0.10041.0	Bluetooth Usermode Api host
bootvid.dll	10.0.10041.0	VGA Boot Driver
browcli.dll	10.0.10041.0	Browser Service Client DLL
browsersettingsync.dll	10.0.10041.0	Browser Setting Synchronization
browseui.dll	10.0.10041.0	Shell Browser UI Library
btpanui.dll	10.0.10041.0	Bluetooth PAN User Interface
bwcontexthandler.dll	1.0.0.1	U?ng du?ng ngu? ca?nhH
c_g18030.dll	10.0.10041.0	GB18030 DBCS-Unicode Conversion DLL
c_gsm7.dll	10.0.10041.0	GSM 7bit Code Page Translation DLL for SMS
c_is2022.dll	10.0.10041.0	ISO-2022 Code Page Translation DLL
c_iscii.dll	10.0.10041.0	ISCII Code Page Translation DLL
cabinet.dll	10.0.10041.0	Microsoft® Cabinet File API
cabview.dll	10.0.10041.0	Tri?nh xem Te?p Cabinet cu?a Mo? ro?ng Vo?
callbuttons.dll	10.0.10041.0	Windows Runtime CallButtonsServer DLL
callbuttons.proxystub.dll	10.0.10041.0	Windows Runtime CallButtonsServer ProxyStub DLL
capiprovider.dll	10.0.10041.0	capiprovider DLL
capisp.dll	10.0.10041.0	Sysprep cleanup dll for CAPI
catsrv.dll	2001.12.10941.0	COM+ Configuration Catalog Server
catsrvps.dll	2001.12.10941.0	COM+ Configuration Catalog Server Proxy/Stub
catsrvut.dll	2001.12.10941.0	COM+ Configuration Catalog Server Utilities
cca.dll	10.0.10041.0	CCA DirectShow Filter.
cdosys.dll	6.6.10041.0	Microsoft CDO for Windows Library
certca.dll	10.0.10041.0	Microsoft® Active Directory Certificate Services CA
certcli.dll	10.0.10041.0	Microsoft® Active Directory Certificate Services Client
certcredprovider.dll	10.0.10041.0	Cert Credential Provider
certenc.dll	10.0.10041.0	Active Directory Certificate Services Encoding
certenroll.dll	10.0.10041.0	Microsoft® Active Directory Certificate Services Enrollment Client
certenrollui.dll	10.0.10041.0	X509 Certificate Enrollment UI
certmgr.dll	10.0.10041.0	Certificates snap-in
certpoleng.dll	10.0.10041.0	Certificate Policy Engine
cewmdm.dll	12.0.10041.0	Windows CE WMDM Service Provider
cfgbkend.dll	10.0.10041.0	Configuration Backend Interface
cfgmgr32.dll	10.0.10041.0	Configuration Manager DLL
cfmifs.dll	10.0.10041.0	FmIfs Engine
cfmifsproxy.dll	10.0.10041.0	Microsoft® FmIfs Proxy Library
cic.dll	10.0.10041.0	CIC - MMC controls for Taskpad
clb.dll	10.0.10041.0	Column List Box
clbcatq.dll	2001.12.10941.0	COM+ Configuration Catalog
cleanpol.dll	10.0.10041.0	CleanPol.dll
clfsw32.dll	10.0.10041.0	Common Log Marshalling Win32 DLL
cliconfg.dll	10.0.10041.0	SQL Client Configuration Utility DLL
clipboardserver.dll	10.0.10041.0	Modern Clipboard API Server
clipc.dll	10.0.10041.0	Client Licensing Platform Client
cloudbackupsettings.dll	10.0.10041.0	Nha? cung ca?p Thie?t da?t Sao luu Da?m may
clrhost.dll	10.0.10041.0	In Proc server for managed servers in the Windows Runtime
clusapi.dll	10.0.10041.0	Cluster API Library
cmcfg32.dll	7.2.10041.0	Microsoft Connection Manager Configuration Dll
cmdext.dll	10.0.10041.0	cmd.exe Extension DLL
cmdial32.dll	7.2.10041.0	Microsoft Connection Manager
cmifw.dll	10.0.10041.0	Windows Firewall rule configuration plug-in
cmipnpinstall.dll	10.0.10041.0	PNP plugin installer for CMI
cmlua.dll	7.2.10041.0	Connection Manager Admin API Helper
cmpbk32.dll	7.2.10041.0	Microsoft Connection Manager Phonebook
cmstplua.dll	7.2.10041.0	Connection Manager Admin API Helper for Setup
cmutil.dll	7.2.10041.0	Microsoft Connection Manager Utility Lib
cnvfat.dll	10.0.10041.0	FAT File System Conversion Utility DLL
cngcredui.dll	10.0.10041.0	Nha? cung ca?p Microsoft CNG CredUI
cngprovider.dll	10.0.10041.0	cngprovider DLL
colbact.dll	2001.12.10941.0	COM+
colorcnv.dll	10.0.10041.0	Windows Media Color Conversion
colorui.dll	10.0.10041.0	Microsoft Color Control Panel
combase.dll	10.0.10041.0	Microsoft COM for Windows
comcat.dll	10.0.10041.0	Microsoft Component Category Manager Library
comctl32.dll	5.82.10041.0	Thu vie?n Die?u khie?n Tra?i nghie?m Nguo?i du?ng
comdlg32.dll	10.0.10041.0	Common Dialogs DLL
coml2.dll	10.0.10041.0	Microsoft COM for Windows
commstypehelperutil_ca.dll	10.0.10041.0	Comms Type Helper Util
compobj.dll	3.10.0.103	Windows Win16 Application Launcher
comppkgsup.dll	12.0.10041.0	Component Package Support DLL
compstui.dll	10.0.10041.0	Common Property Sheet User Interface DLL
comrepl.dll	2001.12.10941.0	COM+
comres.dll	2001.12.10941.0	COM+ Resources
comsnap.dll	2001.12.10941.0	COM+ Explorer MMC Snapin
comsvcs.dll	2001.12.10941.0	COM+ Services
comuid.dll	2001.12.10941.0	COM+ Explorer UI
configureexpandedstorage.dll	10.0.10041.0	ConfigureExpandedStorage
connect.dll	10.0.10041.0	Get Connected Wizards
connectedaccountstate.dll	10.0.10041.0	ConnectedAccountState.dll
console.dll	10.0.10041.0	Control Panel Console Applet
coremessaging.dll	10.0.10011.0	Microsoft CoreMessaging Dll
coremmres.dll	10.0.10041.0	General Core Multimedia Resources
coreuicomponents.dll
cortanamapihelper.dll	10.0.10041.0	CortanaMapiHelper
cortanamapihelper.proxystub.dll	10.0.10041.0	CortanaMapiHelper.ProxyStub
cpfilters.dll	10.0.10041.0	PTFilter & Encypter/Decrypter Tagger Filters.
credentialmigrationhandler.dll	10.0.10041.0	Credential Migration Handler
credprovdatamodel.dll	10.0.10041.4	Cred Prov Data Model
credprovhost.dll	10.0.10041.0	May ch? luu tr? Khung cong vi?c Nha cung c?p Thong tin dang nh?p
credprovs.dll	10.0.10041.0	Nha cung c?p Thong tin dang nh?p
credssp.dll	10.0.10041.0	Credential Delegation Security Package
credui.dll	10.0.10041.0	Credential Manager User Interface
crossdeviceappmodelprotocol.dll	10.0.10041.0	Windows CrossDevice Appmodel Protocol
crossdeviceappmodelserver.dll	10.0.10041.0	Windows CrossDevice Appmodel Server
crossdeviceappmodelwinrt.dll	10.0.10041.0	Windows CrossDevice Appmodel WinRT
crtdll.dll	4.0.1183.1	Microsoft C Runtime Library
crypt32.dll	10.0.10041.0	Crypto API32
cryptbase.dll	10.0.10041.0	Base cryptographic API DLL
cryptdlg.dll	10.0.10041.0	Microsoft Common Certificate Dialogs
cryptdll.dll	10.0.10041.0	Cryptography Manager
cryptext.dll	10.0.10041.0	Crypto Shell Extensions
cryptnet.dll	10.0.10041.0	Crypto Network Related API
cryptngc.dll	10.0.10041.0	Windows NGC key API
cryptowinrt.dll	10.0.10041.0	Crypto WinRT Library
cryptsp.dll	10.0.10041.0	Cryptographic Service Provider API
crypttpmeksvc.dll	10.0.10041.0	Cryptographic TPM Endorsement Key Services
cryptui.dll	10.0.10041.0	Microsoft Trust UI Provider
cryptuiwizard.dll	10.0.10041.0	Microsoft Trust UI Provider
cryptxml.dll	10.0.10041.0	XML DigSig API
cscapi.dll	10.0.10041.0	Offline Files Win32 API
cscdll.dll	10.0.10041.0	Offline Files Temporary Shim
cscobj.dll	10.0.10041.0	In-proc COM object used by clients of CSC API
ctl3d32.dll	2.31.0.0	Ctl3D 3D Windows Controls
chakra.dll	11.0.10041.0	Microsoft ® JScript
chakradiag.dll	11.0.10041.0	Microsoft ® JScript Diagnostics
chartv.dll	10.0.10041.0	Chart View
chxreadingstringime.dll	10.0.10041.0	CHxReadingStringIME
d2d1.dll	10.0.10041.0	Microsoft D2D Library
d3d10.dll	10.0.10041.0	Direct3D 10 Runtime
d3d10_1.dll	10.0.10041.0	Direct3D 10.1 Runtime
d3d10_1core.dll	10.0.10041.0	Direct3D 10.1 Runtime
d3d10core.dll	10.0.10041.0	Direct3D 10 Runtime
d3d10level9.dll	10.0.10041.0	Direct3D 10 to Direct3D9 Translation Runtime
d3d10warp.dll	10.0.10041.0	Direct3D 10 Rasterizer
d3d11.dll	10.0.10041.0	Direct3D 11 Runtime
d3d12.dll	10.0.10041.0	Direct3D 12 Runtime
d3d8.dll	10.0.10041.0	Microsoft Direct3D
d3d8thk.dll	10.0.10041.0	Microsoft Direct3D OS Thunk Layer
d3d9.dll	10.0.10041.0	Direct3D 9 Runtime
d3dcompiler_47.dll	10.0.10041.0	Direct3D HLSL Compiler
d3dim.dll	10.0.10041.0	Microsoft Direct3D
d3dim700.dll	10.0.10041.0	Microsoft Direct3D
d3dramp.dll	10.0.10041.0	Microsoft Direct3D
d3dxof.dll	10.0.10041.0	DirectX Files DLL
dabapi.dll	10.0.10041.0	Desktop Activity Broker API
dafprintprovider.dll	10.0.10041.0	DAF Print Provider DLL
daotpcredentialprovider.dll	10.0.10041.0	DirectAccess One-Time Password Credential Provider
dataclen.dll	10.0.10041.0	Tri?nh do?n Khong gian Di?a cho Windows
dataexchange.dll	10.0.10041.0	Data exchange
davclnt.dll	10.0.10041.0	Web DAV Client DLL
davhlpr.dll	10.0.10041.0	DAV Helper DLL
dbgcore.dll	10.0.10041.0	Windows Core Debugging Helpers
dbgeng.dll	10.0.10041.0	Windows Symbolic Debugger Engine
dbghelp.dll	10.0.10041.0	Windows Image Helper
dbgmodel.dll	10.0.10041.0	Windows Debugger Data Model
dbnetlib.dll	10.0.10041.0	Winsock Oriented Net DLL for SQL Clients
dbnmpntw.dll	10.0.10041.0	Named Pipes Net DLL for SQL Clients
dciman32.dll	10.0.10041.0	DCI Manager
dcomp.dll	10.0.10041.0	Microsoft DirectComposition Library
ddaclsys.dll	10.0.10041.0	SysPrep module for Resetting Data Drive ACL
ddoiproxy.dll	10.0.10041.0	DDOI Interface Proxy
ddores.dll	10.0.10041.0	Thong tin danh mu?c thie?t bi? va? ta?i nguyen
ddraw.dll	10.0.10041.0	Microsoft DirectDraw
ddrawex.dll	10.0.10041.0	Direct Draw Ex
defaultdevicemanager.dll	10.0.10041.0	Default Device Manager
defaultprinterprovider.dll	10.0.10041.0	Nha? cung ca?p Ma?y in Ma?c di?nh cu?a Microsoft Windows
delegatorprovider.dll	10.0.10041.0	WMI PassThru Provider for Storage Management
deskadp.dll	10.0.10041.0	Advanced display adapter properties
deskmon.dll	10.0.10041.0	Advanced display monitor properties
devdispitemprovider.dll	10.0.10041.0	DeviceItem inproc devquery subsystem
devenum.dll	10.0.10041.0	Device enumeration.
deviceaccess.dll	10.0.10041.0	Device Broker And Policy COM Server
deviceassociation.dll	10.0.10041.0	Device Association Client DLL
devicecenter.dll	10.0.10041.0	Trung tam Thie?t bi?
devicedisplaystatusmanager.dll	10.0.10041.0	Tri?nh Qua?n ly? Tra?ng tha?i Hie?n thi? Thie?t bi?
devicepairing.dll	10.0.10041.0	Pha?n mo? ro?ng vo? cho Ca?p doi Thie?t bi?
devicepairingfolder.dll	10.0.10041.0	Device Pairing Folder
devicepairingproxy.dll	10.0.10041.0	Device Pairing Proxy Dll
devicesetupstatusprovider.dll	10.0.10041.0	Dll Bo? cung ca?p Tra?ng tha?i Thie?t la?p Thie?t bi?
deviceuxres.dll	10.0.10041.0	Windows Device User Experience Resource File
devmgr.dll	10.0.10041.0	Device Manager MMC Snapin
devobj.dll	10.0.10041.0	Device Information Set DLL
devrtl.dll	10.0.10041.0	Device Management Run Time Library
dfscli.dll	10.0.10041.0	Windows NT Distributed File System Client DLL
dfshim.dll	10.0.10041.0	ClickOnce Application Deployment Support Library
dfsshlex.dll	10.0.10041.0	Distributed File System shell extension
dhcpcmonitor.dll	10.0.10041.0	DHCP Client Monitor Dll
dhcpcore.dll	10.0.10041.0	DHCP Client Service
dhcpcore6.dll	10.0.10041.0	DHCPv6 Client
dhcpcsvc.dll	10.0.10041.0	DHCP Client Service
dhcpcsvc6.dll	10.0.10041.0	DHCPv6 Client
dhcpsapi.dll	10.0.10041.0	DHCP Server API Stub DLL
dialclient.dll	12.0.10041.0	DIAL DLL
dictationmanager.dll	10.0.0.1	Dictation Manager
difxapi.dll	2.1.0.0	Driver Install Frameworks for API library module
dimsjob.dll	10.0.10041.0	DIMS Job DLL
dimsroam.dll	10.0.10041.0	Key Roaming DIMS Provider DLL
dinput.dll	10.0.10041.0	Microsoft DirectInput
dinput8.dll	10.0.10041.0	Microsoft DirectInput
directdb.dll	10.0.10041.0	Microsoft Direct Database API
directmanipulation.dll	10.0.10041.0	Microsoft Direct Manipulation Component
dismapi.dll	10.0.10041.0	DISM API Framework
dispex.dll	5.12.10041.0	Microsoft ® DispEx
display.dll	10.0.10041.0	Pa-nen Die?u khie?n Hie?n thi?
displaymanager.dll	10.0.10041.0	DisplayManager
dlnashext.dll	12.0.10041.0	DLNA Namespace DLL
dmband.dll	10.0.10041.0	Microsoft DirectMusic Band
dmcompos.dll	10.0.10041.0	Microsoft DirectMusic Composer
dmdlgs.dll	10.0.10041.0	Disk Management Snap-in Dialogs
dmdskmgr.dll	10.0.10041.0	Disk Management Snap-in Support Library
dmdskres.dll	10.0.10041.0	Disk Management Snap-in Resources
dmdskres2.dll	10.0.10041.0	Disk Management Snap-in Resources
dmime.dll	10.0.10041.0	Microsoft DirectMusic Interactive Engine
dmintf.dll	10.0.10041.0	Disk Management DCOM Interface Stub
dmloader.dll	10.0.10041.0	Microsoft DirectMusic Loader
dmocx.dll	10.0.10041.0	TreeView OCX
dmscript.dll	10.0.10041.0	Microsoft DirectMusic Scripting
dmstyle.dll	10.0.10041.0	Microsoft DirectMusic Style Engline
dmsynth.dll	10.0.10041.0	Microsoft DirectMusic Software Synthesizer
dmusic.dll	10.0.10041.0	Microsoft DirectMusic Core Services
dmutil.dll	10.0.10041.0	Logical Disk Manager Utility Library
dmvdsitf.dll	10.0.10041.0	Disk Management Snap-in Support Library
dnsapi.dll	10.0.10041.0	DNS Client API DLL
dnscmmc.dll	10.0.10041.0	DNS Client MMC Snap-in DLL
docprop.dll	10.0.10041.0	Trang Thuo?c tinh OLE DocFile
dolbydecmft.dll	10.0.10041.0	Media Foundation Dolby Digital Decoders
dot3api.dll	10.0.10041.0	802.3 Autoconfiguration API
dot3cfg.dll	10.0.10041.0	802.3 Netsh Helper
dot3dlg.dll	10.0.10041.0	802.3 UI Helper
dot3gpclnt.dll	10.0.10041.0	802.3 Group Policy Client
dot3gpui.dll	10.0.10041.0	802.3 Network Policy Management Snap-in
dot3hc.dll	10.0.10041.0	Dot3 Helper Class
dot3msm.dll	10.0.10041.0	802.3 Media Specific Module
dot3ui.dll	10.0.10041.0	802.3 Advanced UI
dpapi.dll	10.0.10041.0	Data Protection API
dpapiprovider.dll	10.0.10041.0	dpapiprovider DLL
dplayx.dll	10.0.10041.0	DirectPlay Stub
dpmodemx.dll	10.0.10041.0	DirectPlay Stub
dpnaddr.dll	10.0.10041.0	DirectPlay Stub
dpnathlp.dll	10.0.10041.0	DirectPlay Stub
dpnet.dll	10.0.10041.0	DirectPlay Stub
dpnlobby.dll	10.0.10041.0	DirectPlay Stub
dpnhpast.dll	10.0.10041.0	DirectPlay Stub
dpnhupnp.dll	10.0.10041.0	DirectPlay Stub
dpwsockx.dll	10.0.10041.0	DirectPlay Stub
dpx.dll	10.0.10041.0	Microsoft(R) Delta Package Expander
drmmgrtn.dll	11.0.10041.0	DRM Migration DLL
drmv2clt.dll	11.0.10041.0	DRMv2 Client DLL
drprov.dll	10.0.10041.0	Microsoft Remote Desktop Session Host Server Network Provider
drt.dll	10.0.10041.0	Distributed Routing Table
drtprov.dll	10.0.10041.0	Distributed Routing Table Providers
drttransport.dll	10.0.10041.0	Distributed Routing Table Transport Provider
drvstore.dll	10.0.10041.0	Driver Store API
dsauth.dll	10.0.10041.0	DS Authorization for Services
dsccoreconfprov.dll	6.2.9200.16384	DSC
dsclient.dll	10.0.10041.0	Data Sharing Service Client DLL
dsdmo.dll	10.0.10041.0	DirectSound Effects
dskquota.dll	10.0.10041.0	Windows Shell Disk Quota Support DLL
dskquoui.dll	10.0.10041.0	Windows Shell Disk Quota UI DLL
dsound.dll	10.0.10041.0	DirectSound
dsparse.dll	10.0.10041.0	Active Directory Domain Services API
dsprop.dll	10.0.10041.0	Windows Active Directory Property Pages
dsquery.dll	10.0.10041.0	Directory Service Find
dsrole.dll	10.0.10041.0	DS Setup Client DLL
dssec.dll	10.0.10041.0	Directory Service Security UI
dssenh.dll	10.0.10041.0	Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
dsui.dll	10.0.10041.0	Device Setup UI Pages
dsuiext.dll	10.0.10041.0	Directory Service Common UI
dswave.dll	10.0.10041.0	Microsoft DirectMusic Wave
dtsh.dll	10.0.10041.0	Detection and Sharing Status API
dui70.dll	10.0.10041.0	Windows DirectUI Engine
duser.dll	10.0.10041.0	Windows DirectUser Engine
dwmapi.dll	10.0.10041.0	Microsoft Desktop Window Manager API
dwmcore.dll	10.0.10041.2	Microsoft DWM Core Library
dwrite.dll	10.0.10041.0	Microsoft DirectX Typography Services
dxdiagn.dll	10.0.10041.0	Microsoft DirectX Diagnostic Tool
dxgi.dll	10.0.10041.0	DirectX Graphics Infrastructure
dxmasf.dll	12.0.10041.0	Microsoft Windows Media Component Removal File.
dxptasksync.dll	10.0.10041.0	Microsoft Windows DXP Sync.
dxtmsft.dll	11.0.10041.0	DirectX Media -- Image DirectX Transforms
dxtrans.dll	11.0.10041.0	DirectX Media -- DirectX Transform Core
dxva2.dll	10.0.10041.0	DirectX Video Acceleration 2.0 DLL
eapp3hst.dll	10.0.10041.0	Microsoft ThirdPartyEapDispatcher
eappcfg.dll	10.0.10041.0	Eap Peer Config
eappgnui.dll	10.0.10041.0	EAP Generic UI
eappprxy.dll	10.0.10041.0	Microsoft EAPHost Peer Client DLL
eapprovp.dll	10.0.10041.0	EAP extension DLL
eapphost.dll	10.0.10041.0	Microsoft EAPHost Peer service
easwrt.dll	10.0.10041.0	Exchange ActiveSync Windows Runtime DLL
edgehtml.dll	11.0.10041.0	Microsoft (R) HTML Viewer
editbuffertesthook.dll
edpauditapi.dll	10.0.10041.0	EDP Audit API
edputil.dll	10.0.10041.0	EDP util
efsadu.dll	10.0.10041.0	File Encryption Utility
efscore.dll	10.0.10041.0	EFS Core Library
efsext.dll
efsutil.dll	10.0.10041.0	EFS Utility Library
efswrt.dll	10.0.10041.0	Storage Protection Windows Runtime DLL
ehstorapi.dll	10.0.10041.0	Windows Enhanced Storage API
ehstorpwdmgr.dll	10.0.10041.0	Microsoft Enhanced Storage Password Manager
els.dll	10.0.10041.0	Event Viewer Snapin
elscore.dll	10.0.10041.0	Els Core Platform DLL
elshyph.dll	10.0.10041.0	ELS Hyphenation Service
elslad.dll	10.0.10041.0	ELS Language Detection
elstrans.dll	10.0.10041.0	ELS Transliteration Service
encapi.dll	10.0.10041.0	Encoder API
encdec.dll	10.0.10041.0	XDSCodec & Encypter/Decrypter Tagger Filters.
eqossnap.dll	10.0.10041.0	EQoS Snapin extension
es.dll	2001.12.10941.0	COM+
esdsip.dll	10.0.10041.0	Crypto SIP provider for signing and verifying .esd Electronic Software Distribution files
esent.dll	10.0.10041.0	Extensible Storage Engine for Microsoft(R) Windows(R)
esentprf.dll	10.0.10041.0	Extensible Storage Engine Performance Monitoring Library for Microsoft(R) Windows(R)
esevss.dll	10.0.10041.0	Microsoft(R) ESENT shadow utilities
etweseproviderresources.dll	10.0.10041.0	Microsoft ESE ETW
eventcls.dll	10.0.10041.0	Microsoft® Volume Shadow Copy Service event class
evr.dll	10.0.10041.0	Enhanced Video Renderer DLL
execmodelclient.dll	10.0.10041.0	ExecModelClient
execmodelproxy.dll	10.0.10041.0	ExecModelProxy
explorerframe.dll	10.0.10041.0	ExplorerFrame
expsrv.dll	6.0.72.9589	Visual Basic for Applications Runtime - Expression Service
f3ahvoas.dll	10.0.10041.0	JP Japanese Keyboard Layout for Fujitsu FMV oyayubi-shift keyboard
familysafetyext.dll	10.0.10041.0	FamilySafety ChildAccount Extensions
faultrep.dll	10.0.10041.0	Windows User Mode Crash Reporting DLL
fdbth.dll	10.0.10041.0	Function Discovery Bluetooth Provider Dll
fdbthproxy.dll	10.0.10041.0	Bluetooth Provider Proxy Dll
fddevquery.dll	10.0.10041.0	Microsoft Windows Device Query Helper
fde.dll	10.0.10041.0	Folder Redirection Snapin Extension
fdeploy.dll	10.0.10041.0	Folder Redirection Group Policy Extension
fdpnp.dll	10.0.10041.0	Pnp Provider Dll
fdprint.dll	10.0.10041.0	Dll Bo? cung ca?p In Kha?m pha? Chu?c nang
fdproxy.dll	10.0.10041.0	Function Discovery Proxy Dll
fdssdp.dll	10.0.10041.0	Function Discovery SSDP Provider Dll
fdwcn.dll	10.0.10041.0	Windows Connect Now - Config Function Discovery Provider DLL
fdwnet.dll	10.0.10041.0	Function Discovery WNet Provider Dll
fdwsd.dll	10.0.10041.0	Function Discovery WS Discovery Provider Dll
feclient.dll	10.0.10041.0	Windows NT File Encryption Client Interfaces
filemgmt.dll	10.0.10041.0	Services and Shared Folders
findnetprinters.dll	10.0.10041.0	Find Network Printers COM Component
firewallapi.dll	10.0.10041.0	Windows Firewall API
firewallcontrolpanel.dll	10.0.10041.0	Windows Firewall Control Panel
fltlib.dll	10.0.10041.0	Filter Library
fmifs.dll	10.0.10041.0	FM IFS Utility DLL
fms.dll	10.0.10041.0	Di?ch vu? Qua?n ly? Phong
fontext.dll	10.0.10041.0	Ca?p Phong cu?a Windows
fontsub.dll	10.0.10041.0	Font Subsetting DLL
fphc.dll	10.0.10041.0	Filtering Platform Helper Class
framedyn.dll	10.0.10041.0	WMI SDK Provider Framework
framedynos.dll	10.0.10041.0	WMI SDK Provider Framework
frprov.dll	10.0.10041.0	Folder Redirection WMI Provider
fsutilext.dll	10.0.10041.0	FS Utility Extension DLL
fundisc.dll	10.0.10041.0	Function Discovery Dll
fwbase.dll	10.0.10041.0	Firewall Base DLL
fwcfg.dll	10.0.10041.0	Windows Firewall Configuration Helper
fwpolicyiomgr.dll	10.0.10041.0	FwPolicyIoMgr DLL
fwpuclnt.dll	10.0.10041.0	FWP/IPsec User-Mode API
fwremotesvr.dll	10.0.10041.0	Windows Firewall Remote APIs Server
fxsapi.dll	10.0.10041.0	Microsoft Fax API Support DLL
fxscom.dll	10.0.10041.0	Microsoft Fax Server COM Client Interface
fxscomex.dll	10.0.10041.0	Microsoft Fax Server Extended COM Client Interface
fxsext32.dll	10.0.10041.0	Microsoft Fax Exchange Command Extension
fxsresm.dll	10.0.10041.0	Microsoft Fax Resource DLL
fxsxp32.dll	10.0.10041.0	Microsoft Fax Transport Provider
gameux.dll	10.0.10041.0	Games Explorer
gameuxlegacygdfs.dll	1.0.0.1	Legacy GDF resource DLL
gcdef.dll	10.0.10041.0	Game Controllers Default Sheets
gdi32.dll	10.0.10041.0	GDI Client DLL
gdiplus.dll	10.0.10041.0	Microsoft GDI+
geocommon.dll	10.0.10041.0	Geocommon
geolocation.dll	10.0.10041.0	Geolocation Runtime DLL
geolocatorhelper.dll	10.0.10041.0	GeoLocatorHelper
getuname.dll	10.0.10041.0	Unicode name Dll for UCE
glmf32.dll	10.0.10041.0	OpenGL Metafiling DLL
globcollationhost.dll	10.0.10041.0	GlobCollationHost
globinputhost.dll	10.0.10041.0	Windows Globalization Extension API for Input
glu32.dll	10.0.10041.0	OpenGL Utility Library DLL
gpapi.dll	10.0.10041.0	Group Policy Client API
gpedit.dll	10.0.10041.0	GPEdit
gpprefcl.dll	10.0.10041.0	Group Policy Preference Client
gpprnext.dll	10.0.10041.0	Group Policy Printer Extension
gpscript.dll	10.0.10041.0	Script Client Side Extension
gptext.dll	10.0.10041.0	GPTExt
hbaapi.dll	10.0.10041.0	HBA API data interface dll for HBA_API_Rev_2-18_2002MAR1.doc
hcproviders.dll	10.0.10041.0	Nha? cung ca?p Ba?o tri? va? Ba?o ma?t
helppaneproxy.dll	10.0.10041.0	Microsoft® Help Proxy
hevcdecoder.dll	10.0.10041.0	Windows H265 Video Decoder
hgcpl.dll	10.0.10041.0	HomeGroup Control Panel
hhsetup.dll	10.0.10041.0	Microsoft® HTML Help
hid.dll	10.0.10041.0	Hid User Library
hidserv.dll	10.0.10041.0	Human Interface Device Service
hlink.dll	10.0.10041.0	Ca?u pha?n cu?a Microsoft Office 2000
hmkd.dll	10.0.10041.0	Windows HMAC Key Derivation API
hnetcfg.dll	10.0.10041.0	Home Networking Configuration Manager
hnetmon.dll	10.0.10041.0	Home Networking Monitor DLL
httpapi.dll	10.0.10041.0	HTTP Protocol Stack API
htui.dll	10.0.10041.0	Common halftone Color Adjustment Dialogs
ias.dll	10.0.10041.0	Network Policy Server
iasacct.dll	10.0.10041.0	NPS Accounting Provider
iasads.dll	10.0.10041.0	NPS Active Directory Data Store
iasdatastore.dll	10.0.10041.0	NPS Datastore server
iashlpr.dll	10.0.10041.0	NPS Surrogate Component
iasmigplugin.dll	10.0.10041.0	NPS Migration DLL
iasnap.dll	10.0.10041.0	NPS NAP Provider
iaspolcy.dll	10.0.10041.0	NPS Pipeline
iasrad.dll	10.0.10041.0	NPS RADIUS Protocol Component
iasrecst.dll	10.0.10041.0	NPS XML Datastore Access
iassam.dll	10.0.10041.0	NPS NT SAM Provider
iassdo.dll	10.0.10041.0	NPS SDO Component
iassvcs.dll	10.0.10041.0	NPS Services Component
iccvid.dll	1.10.0.12	Cinepak® Codec
icm32.dll	10.0.10041.0	Microsoft Color Management Module (CMM)
icmp.dll	10.0.10041.0	ICMP DLL
icmui.dll	10.0.10041.0	Microsoft Color Matching System User Interface DLL
iconcodecservice.dll	10.0.10041.0	Converts a PNG part of the icon to a legacy bmp icon
icsigd.dll	10.0.10041.0	Internet Gateway Device properties
idctrls.dll	10.0.10041.0	Kie?m soa?t nha?n da?ng
idndl.dll	10.0.10041.0	Downlevel DLL
idstore.dll	10.0.10041.0	Identity Store
ieadvpack.dll	11.0.10041.0	ADVPACK
ieapfltr.dll	11.0.10041.0	Microsoft SmartScreen Filter
iedkcs32.dll	18.0.10041.0	IEAK branding
ieetwproxystub.dll	11.0.10041.0	IE ETW Collector Proxy Stub Resources
ieframe.dll	11.0.10041.0	Tri?nh duye?t Internet
iepeers.dll	11.0.10041.0	Cac do?i tuo?ng ngang hang cu?a Internet Explorer
iernonce.dll	11.0.10041.0	Extended RunOnce processing with UI
iertutil.dll	11.0.10041.0	Tie?n i?ch tho?i gian cha?y cho Internet Explorer
iesetup.dll	11.0.10041.0	IOD Version Map
iesysprep.dll	11.0.10041.0	IE Sysprep Provider
ieui.dll	11.0.10041.0	Internet Explorer UI Engine
ifmon.dll	10.0.10041.0	IF Monitor DLL
ifsutil.dll	10.0.10041.0	IFS Utility DLL
ifsutilx.dll	10.0.10041.0	IFS Utility Extension DLL
ig4icd32.dll	9.17.10.3347	OpenGL(R) Driver for Intel(R) Graphics Accelerator
igd10umd32.dll	9.17.10.3347	LDDM User Mode Driver for Intel(R) Graphics Technology
igdde32.dll
igdumd32.dll	9.17.10.3347	LDDM User Mode Driver for Intel(R) Graphics Technology
igfx11cmrt32.dll	2.4.0.1020	CM Runtime Dynamic Link Library (DX11)
igfxcmjit32.dll	2.4.0.1020	CM JIT Dynamic Link Library
igfxcmrt32.dll	2.4.0.1020	CM Runtime Dynamic Link Library
igfxdv32.dll	8.15.10.3347	igfxdev Module
igfxexps32.dll	8.15.10.3347	igfxext Module
iglhcp32.dll	3.0.1.15	iglhcp32 Dynamic Link Library
iglhsip32.dll	3.0.0.12	iglhsip32 Dynamic Link Library
imagehlp.dll	10.0.10041.0	Windows NT Image Helper
imageres.dll	10.0.10041.0	Windows Image Resource
imagesp1.dll	10.0.10041.0	Windows SP1 Image Resource
imapi.dll	10.0.10041.0	Image Mastering API
imapi2.dll	10.0.10041.0	Image Mastering API v2
imapi2fs.dll	10.0.10041.0	Image Mastering File System Imaging API v2
imgutil.dll	11.0.10041.0	IE plugin image decoder support DLL
imm32.dll	10.0.10041.0	Multi-User Windows IMM32 API Client DLL
inetcomm.dll	10.0.10041.0	Microsoft Internet Messaging API Resources
inetmib1.dll	10.0.10041.0	Microsoft MIB-II subagent
inetres.dll	10.0.10041.0	Microsoft Internet Messaging API Resources
inkanalysis.dll	10.0.10041.0	InkAnalysis DLL
inked.dll	10.0.10041.0	Microsoft Tablet PC InkEdit Control
inkobjcore.dll	10.0.10041.0	Microsoft Tablet PC Ink Platform Component
input.dll	10.0.10041.0	InputSetting DLL
inputinjectionbroker.dll	10.0.10041.0	Broker for WinRT input injection.
inputlocalemanager.dll
inputservice.dll
inputswitch.dll	10.0.10041.0	Tri?nh Chuye?n Nha?p Microsoft Windows
inseng.dll	11.0.10041.0	Install engine
iologmsg.dll	10.0.10041.0	IO Logging DLL
iotassignedaccesslockframework.dll	10.0.10041.0	Windows Runtime Assigned Access Management DLL
ipeloggingdictationhelper.dll	1.0.0.1	IPE Logging Library Helper
iprop.dll	10.0.10041.0	OLE PropertySet Implementation
iprtprio.dll	10.0.10041.0	IP Routing Protocol Priority DLL
iprtrmgr.dll	10.0.10041.0	IP Router Manager
ipsecsnp.dll	10.0.10041.0	IP Security Policy Management Snap-in
ipsmsnap.dll	10.0.10041.0	IP Security Monitor Snap-in
iphlpapi.dll	10.0.10041.0	IP Helper API
ir32_32.dll	10.0.10041.0	IR32_32 WRAPPER DLL
ir32_32original.dll	3.24.15.3	Intel Indeo(R) Video R3.2 32-bit Driver
ir41_32original.dll	4.51.16.3	Intel Indeo® Video 4.5
ir41_qc.dll	10.0.10041.0	IR41_QC WRAPPER DLL
ir41_qcoriginal.dll	4.30.62.2	Intel Indeo® Video Interactive Quick Compressor
ir41_qcx.dll	10.0.10041.0	IR41_QCX WRAPPER DLL
ir41_qcxoriginal.dll	4.30.64.1	Intel Indeo® Video Interactive Quick Compressor
ir50_32.dll	10.0.10041.0	IR50_32 WRAPPER DLL
ir50_32original.dll	5.2562.15.55	Intel Indeo® video 5.10
ir50_qc.dll	10.0.10041.0	IR50_QC WRAPPER DLL
ir50_qcoriginal.dll	5.0.63.48	Intel Indeo® video 5.10 Quick Compressor
ir50_qcx.dll	10.0.10041.0	IR50_QCX WRAPPER DLL
ir50_qcxoriginal.dll	5.0.64.48	Intel Indeo® video 5.10 Quick Compressor
irclass.dll	10.0.10041.0	Infrared Class Coinstaller
iscsicpl.dll	5.2.3790.1830	iSCSI Initiator Control Panel Applet
iscsidsc.dll	10.0.10041.0	iSCSI Discovery api
iscsied.dll	10.0.10041.0	iSCSI Extension DLL
iscsium.dll	10.0.10041.0	iSCSI Discovery api
iscsiwmi.dll	10.0.10041.0	MS iSCSI Initiator WMI Provider
iscsiwmiv2.dll	10.0.10041.0	WMI Provider for iSCSI
itircl.dll	10.0.10041.0	Microsoft® InfoTech IR Local DLL
itss.dll	10.0.10041.0	Microsoft® InfoTech Storage System Library
iyuv_32.dll	10.0.10041.0	Intel Indeo(R) Video YUV Codec
javascriptcollectionagent.dll	11.0.10041.0	JavaScript Performance Collection Agent
joinproviderol.dll	10.0.10041.0	Online Join Provider DLL
joinutil.dll	10.0.10041.0	Join Utility DLL
jpmapcontrol.dll	10.0.10041.0	Jupiter Map Control
jscript.dll	5.12.10041.0	Microsoft ® JScript
jscript9.dll	11.0.10041.0	Microsoft ® JScript
jscript9diag.dll	11.0.10041.0	Microsoft ® JScript Diagnostics
jsproxy.dll	11.0.10041.0	JScript Proxy Auto-Configuration
kbd101.dll	10.0.10041.0	JP Japanese Keyboard Layout for 101
kbd101a.dll	10.0.10041.0	KO Hangeul Keyboard Layout for 101 (Type A)
kbd101b.dll	10.0.10041.0	KO Hangeul Keyboard Layout for 101(Type B)
kbd101c.dll	10.0.10041.0	KO Hangeul Keyboard Layout for 101(Type C)
kbd103.dll	10.0.10041.0	KO Hangeul Keyboard Layout for 103
kbd106.dll	10.0.10041.0	JP Japanese Keyboard Layout for 106
kbd106n.dll	10.0.10041.0	JP Japanese Keyboard Layout for 106
kbda1.dll	10.0.10041.0	Arabic_English_101 Keyboard Layout
kbda2.dll	10.0.10041.0	Arabic_2 Keyboard Layout
kbda3.dll	10.0.10041.0	Arabic_French_102 Keyboard Layout
kbdal.dll	10.0.10041.0	Albania Keyboard Layout
kbdarme.dll	10.0.10041.0	Eastern Armenian Keyboard Layout
kbdarmph.dll	10.0.10041.0	Armenian Phonetic Keyboard Layout
kbdarmty.dll	10.0.10041.0	Armenian Typewriter Keyboard Layout
kbdarmw.dll	10.0.10041.0	Western Armenian Keyboard Layout
kbdax2.dll	10.0.10041.0	JP Japanese Keyboard Layout for AX2
kbdaze.dll	10.0.10041.0	Azerbaijan_Cyrillic Keyboard Layout
kbdazel.dll	10.0.10041.0	Azeri-Latin Keyboard Layout
kbdazst.dll	10.0.10041.0	Azerbaijani (Standard) Keyboard Layout
kbdbash.dll	10.0.10041.0	Bashkir Keyboard Layout
kbdbe.dll	10.0.10041.0	Belgian Keyboard Layout
kbdbene.dll	10.0.10041.0	Belgian Dutch Keyboard Layout
kbdbgph.dll	10.0.10041.0	Bulgarian Phonetic Keyboard Layout
kbdbgph1.dll	10.0.10041.0	Bulgarian (Phonetic Traditional) Keyboard Layout
kbdbhc.dll	10.0.10041.0	Bosnian (Cyrillic) Keyboard Layout
kbdblr.dll	10.0.10041.0	Belarusian Keyboard Layout
kbdbr.dll	10.0.10041.0	Brazilian Keyboard Layout
kbdbu.dll	10.0.10041.0	Bulgarian (Typewriter) Keyboard Layout
kbdbug.dll	10.0.10041.0	Buginese Keyboard Layout
kbdbulg.dll	10.0.10041.0	Bulgarian Keyboard Layout
kbdca.dll	10.0.10041.0	Canadian Multilingual Keyboard Layout
kbdcan.dll	10.0.10041.0	Canadian Multilingual Standard Keyboard Layout
kbdcr.dll	10.0.10041.0	Croatian/Slovenian Keyboard Layout
kbdcz.dll	10.0.10041.0	Czech Keyboard Layout
kbdcz1.dll	10.0.10041.0	Czech_101 Keyboard Layout
kbdcz2.dll	10.0.10041.0	Czech_Programmer's Keyboard Layout
kbdcher.dll	10.0.10041.0	Cherokee Nation Keyboard Layout
kbdcherp.dll	10.0.10041.0	Cherokee Phonetic Keyboard Layout
kbdda.dll	10.0.10041.0	Danish Keyboard Layout
kbddiv1.dll	10.0.10041.0	Divehi Phonetic Keyboard Layout
kbddiv2.dll	10.0.10041.0	Divehi Typewriter Keyboard Layout
kbddv.dll	10.0.10041.0	Dvorak US English Keyboard Layout
kbddzo.dll	10.0.10041.0	Dzongkha Keyboard Layout
kbdes.dll	10.0.10041.0	Spanish Alernate Keyboard Layout
kbdest.dll	10.0.10041.0	Estonia Keyboard Layout
kbdfa.dll	10.0.10041.0	Persian Keyboard Layout
kbdfar.dll	10.0.10041.0	Persian Standard Keyboard Layout
kbdfc.dll	10.0.10041.0	Canadian French Keyboard Layout
kbdfi.dll	10.0.10041.0	Finnish Keyboard Layout
kbdfi1.dll	10.0.10041.0	Finnish-Swedish with Sami Keyboard Layout
kbdfo.dll	10.0.10041.0	F?roese Keyboard Layout
kbdfr.dll	10.0.10041.0	French Keyboard Layout
kbdfthrk.dll	10.0.10041.0	Futhark Keyboard Layout
kbdgae.dll	10.0.10041.0	Scottish Gaelic (United Kingdom) Keyboard Layout
kbdgeo.dll	10.0.10041.0	Georgian Keyboard Layout
kbdgeoer.dll	10.0.10041.0	Georgian (Ergonomic) Keyboard Layout
kbdgeome.dll	10.0.10041.0	Georgian (MES) Keyboard Layout
kbdgeooa.dll	10.0.10041.0	Georgian (Old Alphabets) Keyboard Layout
kbdgeoqw.dll	10.0.10041.0	Georgian (QWERTY) Keyboard Layout
kbdgkl.dll	10.0.10041.0	Greek_Latin Keyboard Layout
kbdgn.dll	10.0.10041.0	Guarani Keyboard Layout
kbdgr.dll	10.0.10041.0	German Keyboard Layout
kbdgr1.dll	10.0.10041.0	German_IBM Keyboard Layout
kbdgrlnd.dll	10.0.10041.0	Greenlandic Keyboard Layout
kbdgthc.dll	10.0.10041.0	Gothic Keyboard Layout
kbdhau.dll	10.0.10041.0	Hausa Keyboard Layout
kbdhaw.dll	10.0.10041.0	Hawaiian Keyboard Layout
kbdhe.dll	10.0.10041.0	Greek Keyboard Layout
kbdhe220.dll	10.0.10041.0	Greek IBM 220 Keyboard Layout
kbdhe319.dll	10.0.10041.0	Greek IBM 319 Keyboard Layout
kbdheb.dll	10.0.10041.0	KBDHEB Keyboard Layout
kbdhebl3.dll	10.0.10041.0	Hebrew Standard Keyboard Layout
kbdhela2.dll	10.0.10041.0	Greek IBM 220 Latin Keyboard Layout
kbdhela3.dll	10.0.10041.0	Greek IBM 319 Latin Keyboard Layout
kbdhept.dll	10.0.10041.0	Greek_Polytonic Keyboard Layout
kbdhu.dll	10.0.10041.0	Hungarian Keyboard Layout
kbdhu1.dll	10.0.10041.0	Hungarian 101-key Keyboard Layout
kbdibm02.dll	10.0.10041.0	JP Japanese Keyboard Layout for IBM 5576-002/003
kbdibo.dll	10.0.10041.0	Igbo Keyboard Layout
kbdic.dll	10.0.10041.0	Icelandic Keyboard Layout
kbdinasa.dll	10.0.10041.0	Assamese (Inscript) Keyboard Layout
kbdinbe1.dll	10.0.10041.0	Bengali - Inscript (Legacy) Keyboard Layout
kbdinbe2.dll	10.0.10041.0	Bengali (Inscript) Keyboard Layout
kbdinben.dll	10.0.10041.0	Bengali Keyboard Layout
kbdindev.dll	10.0.10041.0	Devanagari Keyboard Layout
kbdinen.dll	10.0.10041.0	English (India) Keyboard Layout
kbdinkan.dll	10.0.10041.0	Kannada Keyboard Layout
kbdinmal.dll	10.0.10041.0	Malayalam Keyboard Layout Keyboard Layout
kbdinmar.dll	10.0.10041.0	Marathi Keyboard Layout
kbdinori.dll	10.0.10041.0	Odia Keyboard Layout
kbdinpun.dll	10.0.10041.0	Punjabi/Gurmukhi Keyboard Layout
kbdintam.dll	10.0.10041.0	Tamil Keyboard Layout
kbdintel.dll	10.0.10041.0	Telugu Keyboard Layout
kbdinuk2.dll	10.0.10041.0	Inuktitut Naqittaut Keyboard Layout
kbdinguj.dll	10.0.10041.0	Gujarati Keyboard Layout
kbdinhin.dll	10.0.10041.0	Hindi Keyboard Layout
kbdir.dll	10.0.10041.0	Irish Keyboard Layout
kbdit.dll	10.0.10041.0	Italian Keyboard Layout
kbdit142.dll	10.0.10041.0	Italian 142 Keyboard Layout
kbdiulat.dll	10.0.10041.0	Inuktitut Latin Keyboard Layout
kbdjav.dll	10.0.10041.0	Javanese Keyboard Layout
kbdjpn.dll	10.0.10041.0	JP Japanese Keyboard Layout Stub driver
kbdkaz.dll	10.0.10041.0	Kazak_Cyrillic Keyboard Layout
kbdkni.dll	10.0.10041.0	Khmer (NIDA) Keyboard Layout
kbdkor.dll	10.0.10041.0	KO Hangeul Keyboard Layout Stub driver
kbdkurd.dll	10.0.10041.0	Central Kurdish Keyboard Layout
kbdkyr.dll	10.0.10041.0	Kyrgyz Keyboard Layout
kbdkhmr.dll	10.0.10041.0	Cambodian Standard Keyboard Layout
kbdla.dll	10.0.10041.0	Latin-American Spanish Keyboard Layout
kbdlao.dll	10.0.10041.0	Lao Standard Keyboard Layout
kbdlisub.dll	10.0.10041.0	Lisu Basic Keyboard Layout
kbdlisus.dll	10.0.10041.0	Lisu Standard Keyboard Layout
kbdlk41a.dll	10.0.10041.0	DEC LK411-AJ Keyboard Layout
kbdlt.dll	10.0.10041.0	Lithuania Keyboard Layout
kbdlt1.dll	10.0.10041.0	Lithuanian Keyboard Layout
kbdlt2.dll	10.0.10041.0	Lithuanian Standard Keyboard Layout
kbdlv.dll	10.0.10041.0	Latvia Keyboard Layout
kbdlv1.dll	10.0.10041.0	Latvia-QWERTY Keyboard Layout
kbdlvst.dll	10.0.10041.0	Latvian (Standard) Keyboard Layout
kbdmac.dll	10.0.10041.0	Macedonian (FYROM) Keyboard Layout
kbdmacst.dll	10.0.10041.0	Macedonian (FYROM) - Standard Keyboard Layout
kbdmaori.dll	10.0.10041.0	Maori Keyboard Layout
kbdmlt47.dll	10.0.10041.0	Maltese 47-key Keyboard Layout
kbdmlt48.dll	10.0.10041.0	Maltese 48-key Keyboard Layout
kbdmon.dll	10.0.10041.0	Mongolian Keyboard Layout
kbdmonmo.dll	10.0.10041.0	Mongolian (Mongolian Script) Keyboard Layout
kbdmonst.dll	10.0.10041.0	Traditional Mongolian (Standard) Keyboard Layout
kbdmyan.dll	10.0.10041.0	Myanmar Keyboard Layout
kbdne.dll	10.0.10041.0	Dutch Keyboard Layout
kbdnec.dll	10.0.10041.0	JP Japanese Keyboard Layout for (NEC PC-9800)
kbdnec95.dll	10.0.10041.0	JP Japanese Keyboard Layout for (NEC PC-9800 Windows 95)
kbdnecat.dll	10.0.10041.0	JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX)
kbdnecnt.dll	10.0.10041.0	JP Japanese NEC PC-9800 Keyboard Layout
kbdnepr.dll	10.0.10041.0	Nepali Keyboard Layout
kbdnko.dll	10.0.10041.0	N'Ko Keyboard Layout
kbdno.dll	10.0.10041.0	Norwegian Keyboard Layout
kbdno1.dll	10.0.10041.0	Norwegian with Sami Keyboard Layout
kbdnso.dll	10.0.10041.0	Sesotho sa Leboa Keyboard Layout
kbdntl.dll	10.0.10041.0	New Tai Leu Keyboard Layout
kbdogham.dll	10.0.10041.0	Ogham Keyboard Layout
kbdolch.dll	10.0.10041.0	Ol Chiki Keyboard Layout
kbdoldit.dll	10.0.10041.0	Old Italic Keyboard Layout
kbdosm.dll	10.0.10041.0	Osmanya Keyboard Layout
kbdpash.dll	10.0.10041.0	Pashto (Afghanistan) Keyboard Layout
kbdpl.dll	10.0.10041.0	Polish Keyboard Layout
kbdpl1.dll	10.0.10041.0	Polish Programmer's Keyboard Layout
kbdpo.dll	10.0.10041.0	Portuguese Keyboard Layout
kbdphags.dll	10.0.10041.0	Phags-pa Keyboard Layout
kbdro.dll	10.0.10041.0	Romanian (Legacy) Keyboard Layout
kbdropr.dll	10.0.10041.0	Romanian (Programmers) Keyboard Layout
kbdrost.dll	10.0.10041.0	Romanian (Standard) Keyboard Layout
kbdru.dll	10.0.10041.0	Russian Keyboard Layout
kbdru1.dll	10.0.10041.0	Russia(Typewriter) Keyboard Layout
kbdrum.dll	10.0.10041.0	Russian - Mnemonic Keyboard Layout
kbdsf.dll	10.0.10041.0	Swiss French Keyboard Layout
kbdsg.dll	10.0.10041.0	Swiss German Keyboard Layout
kbdsl.dll	10.0.10041.0	Slovak Keyboard Layout
kbdsl1.dll	10.0.10041.0	Slovak(QWERTY) Keyboard Layout
kbdsmsfi.dll	10.0.10041.0	Sami Extended Finland-Sweden Keyboard Layout
kbdsmsno.dll	10.0.10041.0	Sami Extended Norway Keyboard Layout
kbdsn1.dll	10.0.10041.0	Sinhala Keyboard Layout
kbdsora.dll	10.0.10041.0	Sora Keyboard Layout
kbdsorex.dll	10.0.10041.0	Sorbian Extended Keyboard Layout
kbdsors1.dll	10.0.10041.0	Sorbian Standard Keyboard Layout
kbdsorst.dll	10.0.10041.0	Sorbian Standard (Legacy) Keyboard Layout
kbdsp.dll	10.0.10041.0	Spanish Keyboard Layout
kbdsw.dll	10.0.10041.0	Swedish Keyboard Layout
kbdsw09.dll	10.0.10041.0	Sinhala - Wij 9 Keyboard Layout
kbdsyr1.dll	10.0.10041.0	Syriac Standard Keyboard Layout
kbdsyr2.dll	10.0.10041.0	Syriac Phoenetic Keyboard Layout
kbdtaile.dll	10.0.10041.0	Tai Le Keyboard Layout
kbdtajik.dll	10.0.10041.0	Tajik Keyboard Layout
kbdtat.dll	10.0.10041.0	Tatar (Legacy) Keyboard Layout
kbdtifi.dll	10.0.10041.0	Tifinagh (Basic) Keyboard Layout
kbdtifi2.dll	10.0.10041.0	Tifinagh (Extended) Keyboard Layout
kbdtiprc.dll	10.0.10041.0	Tibetan (PRC) Keyboard Layout
kbdtiprd.dll	10.0.10041.0	Tibetan (PRC) - Updated Keyboard Layout
kbdtt102.dll	10.0.10041.0	Tatar Keyboard Layout
kbdtuf.dll	10.0.10041.0	Turkish F Keyboard Layout
kbdtuq.dll	10.0.10041.0	Turkish Q Keyboard Layout
kbdturme.dll	10.0.10041.0	Turkmen Keyboard Layout
kbdtzm.dll	10.0.10041.0	Central Atlas Tamazight Keyboard Layout
kbdth0.dll	10.0.10041.0	Thai Kedmanee Keyboard Layout
kbdth1.dll	10.0.10041.0	Thai Pattachote Keyboard Layout
kbdth2.dll	10.0.10041.0	Thai Kedmanee (non-ShiftLock) Keyboard Layout
kbdth3.dll	10.0.10041.0	Thai Pattachote (non-ShiftLock) Keyboard Layout
kbdughr.dll	10.0.10041.0	Uyghur (Legacy) Keyboard Layout
kbdughr1.dll	10.0.10041.0	Uyghur Keyboard Layout
kbduk.dll	10.0.10041.0	United Kingdom Keyboard Layout
kbdukx.dll	10.0.10041.0	United Kingdom Extended Keyboard Layout
kbdur.dll	10.0.10041.0	Ukrainian Keyboard Layout
kbdur1.dll	10.0.10041.0	Ukrainian (Enhanced) Keyboard Layout
kbdurdu.dll	10.0.10041.0	Urdu Keyboard Layout
kbdus.dll	10.0.10041.0	United States Keyboard Layout
kbdusa.dll	10.0.10041.0	US IBM Arabic 238_L Keyboard Layout
kbdusl.dll	10.0.10041.0	Dvorak Left-Hand US English Keyboard Layout
kbdusr.dll	10.0.10041.0	Dvorak Right-Hand US English Keyboard Layout
kbdusx.dll	10.0.10041.0	US Multinational Keyboard Layout
kbduzb.dll	10.0.10041.0	Uzbek_Cyrillic Keyboard Layout
kbdvntc.dll	10.0.10041.0	Vietnamese Keyboard Layout
kbdwol.dll	10.0.10041.0	Wolof Keyboard Layout
kbdyak.dll	10.0.10041.0	Sakha - Russia Keyboard Layout
kbdyba.dll	10.0.10041.0	Yoruba Keyboard Layout
kbdycc.dll	10.0.10041.0	Serbian (Cyrillic) Keyboard Layout
kbdycl.dll	10.0.10041.0	Serbian (Latin) Keyboard Layout
kerbclientshared.dll	10.0.10041.0	Kerberos Client Shared Functionality
kerberos.dll	10.0.10041.0	Kerberos Security Package
kernel.appcore.dll	10.0.10041.0	AppModel API Host
kernel32.dll	10.0.10041.0	Windows NT BASE API Client DLL
kernelbase.dll	10.0.10041.0	Windows NT BASE API Client DLL
keyboardfiltercore.dll	10.0.10041.0	Keyboard Filter Hooks
keyiso.dll	10.0.10041.0	CNG Key Isolation Service
keymgr.dll	10.0.10041.0	Stored User Names and Passwords
ksuser.dll	10.0.10041.0	User CSA Library
ktmw32.dll	10.0.10041.0	Windows KTM Win32 Client DLL
l2gpstore.dll	10.0.10041.0	Policy Storage dll
l2nacp.dll	10.0.10041.0	Windows Onex Credential Provider
l2sechc.dll	10.0.10041.0	Layer 2 Security Diagnostics Helper Classes
laprxy.dll	12.0.10041.0	Windows Media Logagent Proxy
lfsvc.dll	10.0.10041.0	Geolocation Service
licmgr10.dll	11.0.10041.0	Microsoft® License Manager DLL
linkinfo.dll	10.0.10041.0	Windows Volume Tracking
loadperf.dll	10.0.10041.0	Load & Unload Performance Counters
localsec.dll	10.0.10041.0	Local Users and Groups MMC Snapin
locationapi.dll	10.0.10041.0	Microsoft Windows Location API
locationframework.dll	10.0.10041.0	Windows Geolocation Framework
locationframeworkinternalps.dll	10.0.10041.0	Windows Geolocation Framework Internal PS
locationframeworkps.dll	10.0.10041.0	Windows Geolocation Framework PS
lockappbroker.dll	10.0.10041.0	DLL Trinh cung c?p ?ng d?ng Khoa Windows
loghours.dll	10.0.10041.0	Schedule Dialog
logoncli.dll	10.0.10041.0	Net Logon Client DLL
logoncontroller.dll	10.0.10041.0	B? di?u khi?n UX Dang nh?p
lpk.dll	10.0.10041.0	Language Pack
lsmproxy.dll	10.0.10041.0	LSM interfaces proxy Dll
luainstall.dll	10.0.10041.0	Lua manifest install
lz32.dll	10.0.10041.0	LZ Expand/Compress API DLL
magnification.dll	10.0.10041.0	Microsoft Magnification API
mapconfiguration.dll	10.0.10041.0	ConfigCommon
mapcontrolcore.dll	10.0.10041.0	Map Control Core
mapcontrolstringsres.dll	10.0.10041.0	Chu?i tai nguyen di?u khi?n b?n d?
mapi32.dll	1.0.2536.0	Extended MAPI 1.0 for Windows NT
mapistub.dll	1.0.2536.0	Extended MAPI 1.0 for Windows NT
mapsbtsvc.dll	10.0.10041.0	Maps Background Transfer Service
mbaeapi.dll	10.0.10041.0	API Tra?i nghie?m Ta?i khoa?n Bang ro?ng Di do?ng
mbaeapipublic.dll	10.0.10041.0	Mobile Broadband Account API
mbsmsapi.dll	10.0.10041.0	Microsoft Windows Mobile Broadband SMS API
mbussdapi.dll	10.0.10041.0	Microsoft Windows Mobile Broadband USSD API
mcewmdrmndbootstrap.dll	1.3.2310.10	Windows® Media Center WMDRM-ND Receiver Bridge Bootstrap DLL
mciavi32.dll	10.0.10041.0	Video For Windows MCI driver
mcicda.dll	10.0.10041.0	MCI driver for cdaudio devices
mciqtz32.dll	10.0.10041.0	DirectShow MCI Driver
mciseq.dll	10.0.10041.0	MCI driver for MIDI sequencer
mciwave.dll	10.0.10041.0	MCI driver for waveform audio
mcrecvsrc.dll	12.0.10041.0	Miracast Media Foundation Source DLL
mdminst.dll	10.0.10041.0	Modem Class Installer
mdmregistration.dll	10.0.10041.0	MDM Registration DLL
mf.dll	12.0.10041.0	Media Foundation DLL
mf3216.dll	10.0.10041.0	32-bit to 16-bit Metafile Conversion DLL
mfaacenc.dll	10.0.10041.0	Media Foundation AAC Encoder
mfasfsrcsnk.dll	12.0.10041.0	Media Foundation ASF Source and Sink DLL
mfc100.dll	10.0.40219.325	MFCDLL Shared Library - Retail Version
mfc100chs.dll	10.0.40219.325	MFC Language Specific Resources
mfc100cht.dll	10.0.40219.325	MFC Language Specific Resources
mfc100deu.dll	10.0.40219.325	MFC Language Specific Resources
mfc100enu.dll	10.0.40219.325	MFC Language Specific Resources
mfc100esn.dll	10.0.40219.325	MFC Language Specific Resources
mfc100fra.dll	10.0.40219.325	MFC Language Specific Resources
mfc100ita.dll	10.0.40219.325	MFC Language Specific Resources
mfc100jpn.dll	10.0.40219.325	MFC Language Specific Resources
mfc100kor.dll	10.0.40219.325	MFC Language Specific Resources
mfc100rus.dll	10.0.40219.325	MFC Language Specific Resources
mfc100u.dll	10.0.40219.325	MFCDLL Shared Library - Retail Version
mfc40.dll	4.1.0.6140	MFCDLL Shared Library - Retail Version
mfc40u.dll	4.1.0.6140	MFCDLL Shared Library - Retail Version
mfc42.dll	6.6.8063.0	Thu vie?n Chia se? MFCDLL - Phien ba?n Ba?n le?
mfc42u.dll	6.6.8063.0	Thu vie?n Chia se? MFCDLL - Phien ba?n Ba?n le?
mfcaptureengine.dll	12.0.10041.0	Media Foundation CaptureEngine DLL
mfcm100.dll	10.0.40219.325	MFC Managed Library - Retail Version
mfcm100u.dll	10.0.40219.325	MFC Managed Library - Retail Version
mfcore.dll	12.0.10041.0	Media Foundation Core DLL
mfcsubs.dll	2001.12.10941.0	COM+
mfds.dll	12.0.10041.0	Media Foundation Direct Show wrapper DLL
mfdvdec.dll	10.0.10041.0	Media Foundation DV Decoder
mferror.dll	12.0.10041.0	Media Foundation Error DLL
mfh263enc.dll	10.0.10041.0	Media Foundation h263 Encoder
mfh264enc.dll	10.0.10041.0	Media Foundation H264 Encoder
mfh265enc.dll	10.0.10041.0	Media Foundation H265 Encoder
mfmediaengine.dll	10.0.10041.0	Media Foundation Media Engine DLL
mfmjpegdec.dll	10.0.10041.0	Media Foundation MJPEG Decoder
mfmkvsrcsnk.dll	10.0.10041.0	Media Foundation MKV Media Source and Sink DLL
mfmp4srcsnk.dll	12.0.10041.0	Media Foundation MPEG4 Source and Sink DLL
mfmpeg2srcsnk.dll	12.0.10041.0	Media Foundation MPEG2 Source and Sink DLL
mfnetcore.dll	12.0.10041.0	Media Foundation Net Core DLL
mfnetsrc.dll	12.0.10041.0	Media Foundation Net Source DLL
mfperfhelper.dll	12.0.10041.0	MFPerf DLL
mfplat.dll	12.0.10041.0	Media Foundation Platform DLL
mfplay.dll	12.0.10041.0	Media Foundation Playback API DLL
mfps.dll	12.0.10041.0	Media Foundation Proxy DLL
mfreadwrite.dll	12.0.10041.0	Media Foundation ReadWrite DLL
mfsrcsnk.dll	12.0.10041.0	Media Foundation Source and Sink DLL
mfsvr.dll	10.0.10041.0	Media Foundation Simple Video Renderer DLL
mftranscode.dll	12.0.10041.0	Media Foundation Transcode DLL
mfvdsp.dll	10.0.10041.0	Windows Media Foundation Video DSP Components
mfwmaaec.dll	10.0.10041.0	Windows Media Audio AEC for Media Foundation
mgmtapi.dll	10.0.10041.0	Microsoft SNMP Manager API (uses WinSNMP)
mi.dll	10.0.10041.0	Management Infrastructure
mibincodec.dll	10.0.10041.0	Management Infrastructure binary codec component
microsoft.management.infrastructure.native.unmanaged.dll	10.0.10041.0	Microsoft.Management.Infrastructure.Native.Unmanaged.dll
microsoftaccountextension.dll	10.0.10041.0	Microsoft Account Extension DLL
microsoftaccounttokenprovider.dll	10.0.10041.0	Microsoft® Account Token Provider
microsoft-windows-mapcontrols.dll	10.0.10041.0	Map Event Resources
microsoft-windows-moshost.dll	10.0.10041.0	MosHost Event Resources
microsoft-windows-mostrace.dll	10.0.10041.0	MOS Event Resources
midimap.dll	10.0.10041.0	Microsoft MIDI Mapper
miguiresource.dll	10.0.10041.0	MIG wini32 resources
migisol.dll	10.0.10041.0	Migration System Isolation Layer
mimefilt.dll	2008.0.10041.0	MIME Filter
mimofcodec.dll	10.0.10041.0	Management Infrastructure mof codec component
minstoreevents.dll	10.0.10041.0	Minstore Event Resource
miracastreceiver.dll	12.0.10041.0	Miracast Receiver API
mirrordrvcompat.dll	10.0.10041.0	Mirror Driver Compatibility Helper
mispace.dll	10.0.10041.0	Storage Management Provider for Spaces
miutils.dll	10.0.10041.0	Management Infrastructure
mlang.dll	10.0.10041.0	DLL Ho? tro? Da Ngu?
mls3.dll	10.0.10036.0	Microsoft Neutral Natural Language Server Data and Code
mmcbase.dll	10.0.10041.0	MMC Base DLL
mmci.dll	10.0.10041.0	Media class installer
mmcico.dll	10.0.10041.0	Media class co-installer
mmcndmgr.dll	10.0.10041.0	MMC Node Manager DLL
mmcshext.dll	10.0.10041.0	MMC Shell Extension DLL
mmdevapi.dll	10.0.10041.0	MMDevice API
mmres.dll	10.0.10041.0	General Audio Resources
modemui.dll	10.0.10041.0	Windows Modem Properties
moricons.dll	10.0.10041.0	Windows NT Setup Icon Resources Library
mos.dll	10.0.10041.0	mos
moshostclient.dll	10.0.10041.0	MosHostClient
mp3dmod.dll	10.0.10041.0	Microsoft MP3 Decoder DMO
mp43decd.dll	10.0.10041.0	Windows Media MPEG-4 Video Decoder
mp4sdecd.dll	10.0.10041.0	Windows Media MPEG-4 S Video Decoder
mpg4decd.dll	10.0.10041.0	Windows Media MPEG-4 Video Decoder
mpr.dll	10.0.10041.0	Multiple Provider Router DLL
mprapi.dll	10.0.10041.0	Windows NT MP Router Administration DLL
mprddm.dll	10.0.10041.0	Demand Dial Manager Supervisor
mprdim.dll	10.0.10041.0	Dynamic Interface Manager
mprext.dll	10.0.10041.0	Multiple Provider Router Extension DLL
mprmsg.dll	10.0.10041.0	Multi-Protocol Router Service Messages DLL
mrmcorer.dll	10.0.10041.0	Microsoft Windows MRM
mrmindexer.dll	10.0.10041.0	Microsoft Windows MRM
ms3dthumbnailprovider.dll	10.0.10041.0	3MF Metadata Handler
msaatext.dll	2.0.10413.0	Active Accessibility text support
msac3enc.dll	10.0.10041.0	Microsoft AC-3 Encoder
msacm32.dll	10.0.10041.0	Microsoft ACM Audio Filter
msadce.dll	10.0.10041.0	OLE DB Cursor Engine
msadcer.dll	10.0.10041.0	OLE DB Cursor Engine Resources
msadco.dll	10.0.10041.0	Remote Data Services Data Control
msadcor.dll	10.0.10041.0	Remote Data Services Data Control Resources
msadds.dll	10.0.10041.0	OLE DB Data Shape Provider
msaddsr.dll	10.0.10041.0	OLE DB Data Shape Provider Resources
msader15.dll	10.0.10041.0	ActiveX Data Objects Resources
msado15.dll	10.0.10041.0	ActiveX Data Objects
msadomd.dll	10.0.10041.0	ActiveX Data Objects (Multi-Dimensional)
msador15.dll	10.0.10041.0	Microsoft ActiveX Data Objects Recordset
msadox.dll	10.0.10041.0	ActiveX Data Objects Extensions
msadrh15.dll	10.0.10041.0	ActiveX Data Objects Rowset Helper
msafd.dll	10.0.10041.0	Microsoft Windows Sockets 2.0 Service Provider
msajapi.dll	10.0.10041.0	AllJoyn API Library
msalacdecoder.dll	10.0.10041.0	Media Foundation ALAC Decoder
msalacencoder.dll	10.0.10041.0	Media Foundation ALAC Encoder
msamrnbdecoder.dll	10.0.10041.0	AMR Narrowband Decoder DLL
msamrnbencoder.dll	10.0.10041.0	AMR Narrowband Encoder DLL
msamrnbsink.dll	10.0.10041.0	AMR Narrowband Sink DLL
msamrnbsource.dll	10.0.10041.0	AMR Narrowband Source DLL
msasn1.dll	10.0.10041.0	ASN.1 Runtime APIs
msauddecmft.dll	10.0.10041.0	Media Foundation Audio Decoders
msaudite.dll	10.0.10041.0	Security Audit Events DLL
msauserext.dll	10.0.10041.0	MSA USER Extension DLL
mscandui.dll	10.0.10041.0	MSCANDUI Server DLL
mscat32.dll	10.0.10041.0	MSCAT32 Forwarder DLL
msclmd.dll	10.0.10041.0	Microsoft Class Mini-driver
mscms.dll	10.0.10041.0	Microsoft Color Matching System DLL
mscoree.dll	10.0.10041.0	Microsoft .NET Runtime Execution Engine
mscorier.dll	10.0.10041.0	Microsoft .NET Runtime IE resources
mscories.dll	2.0.50727.8651	Microsoft .NET IE SECURITY REGISTRATION
mscpx32r.dll	10.0.10041.0	ODBC Code Page Translator Resources
mscpxl32.dll	10.0.10041.0	ODBC Code Page Translator
msctf.dll	10.0.10041.0	MSCTF Server DLL
msctfmonitor.dll	10.0.10041.0	MsCtfMonitor DLL
msctfp.dll	10.0.10041.0	MSCTFP Server DLL
msctfui.dll	10.0.10041.0	MSCTFUI Server DLL
msctfuimanager.dll	10.0.10041.0	Microsoft UIManager DLL
msdadc.dll	10.0.10041.0	OLE DB Data Conversion Stub
msdadiag.dll	10.0.10041.0	Built-In Diagnostics
msdaenum.dll	10.0.10041.0	OLE DB Root Enumerator Stub
msdaer.dll	10.0.10041.0	OLE DB Error Collection Stub
msdaora.dll	10.0.10041.0	OLE DB Provider for Oracle
msdaorar.dll	10.0.10041.0	OLE DB Provider for Oracle Resources
msdaosp.dll	10.0.10041.0	OLE DB Simple Provider
msdaprsr.dll	10.0.10041.0	OLE DB Persistence Services Resources
msdaprst.dll	10.0.10041.0	OLE DB Persistence Services
msdaps.dll	10.0.10041.0	OLE DB Interface Proxies/Stubs
msdarem.dll	10.0.10041.0	OLE DB Remote Provider
msdaremr.dll	10.0.10041.0	OLE DB Remote Provider Resources
msdart.dll	10.0.10041.0	OLE DB Runtime Routines
msdasc.dll	10.0.10041.0	OLE DB Service Components Stub
msdasql.dll	10.0.10041.0	OLE DB Provider for ODBC Drivers
msdasqlr.dll	10.0.10041.0	OLE DB Provider for ODBC Drivers Resources
msdatl3.dll	10.0.10041.0	OLE DB Implementation Support Routines
msdatt.dll	10.0.10041.0	OLE DB Temporary Table Services
msdaurl.dll	10.0.10041.0	OLE DB RootBinder Stub
msdelta.dll	10.0.10041.0	Microsoft Patch Engine
msdfmap.dll	10.0.10041.0	Data Factory Handler
msdmo.dll	10.0.10041.0	DMO Runtime
msdrm.dll	10.0.10041.0	Windows Rights Management client
msdtcprx.dll	2001.12.10941.0	Microsoft Distributed Transaction Coordinator OLE Transactions Interface Proxy DLL
msdtcuiu.dll	2001.12.10941.0	Microsoft Distributed Transaction Coordinator Administrative DLL
msdtcvsp1res.dll	2001.12.10941.0	Microsoft Distributed Transaction Coordinator Resources for Vista SP1
msexcl40.dll	4.0.9756.0	Microsoft Jet Excel Isam
msexch40.dll	4.0.9756.0	Microsoft Jet Exchange Isam
msfeeds.dll	11.0.10041.0	Microsoft Feeds Manager
msfeedsbs.dll	11.0.10041.0	Microsoft Feeds Background Sync
msflacdecoder.dll	10.0.10041.0	Media Foundation FLAC Decoder
msflacencoder.dll	10.0.10041.0	Media Foundation FLAC Encoder
msftedit.dll	10.0.10041.0	Rich Text Edit Control, v7.5
mshtml.dll	11.0.10041.0	Tri?nh xem HTML cu?a Microsoft (R)
mshtmldac.dll	11.0.10041.0	DAC for Trident DOM
mshtmled.dll	11.0.10041.0	Microsoft® HTML Editing Component
mshtmler.dll	11.0.10041.0	DLL Tai nguyen cu?a ca?u pha?n soa?n tha?o HTML cu?a Microsoft®
msi.dll	5.0.10041.0	Windows Installer
msidcrl40.dll	10.0.10041.0	Microsoft® Account Dynamic Link Library
msident.dll	10.0.10041.0	Microsoft Identity Manager
msidle.dll	10.0.10041.0	User Idle Monitor
msidntld.dll	10.0.10041.0	Microsoft Identity Manager
msieftp.dll	10.0.10041.0	Microsoft Internet Explorer FTP Folder Shell Extension
msihnd.dll	5.0.10041.0	Windows® installer
msiltcfg.dll	5.0.10041.0	Windows Installer Configuration API Stub
msimg32.dll	10.0.10041.0	GDIEXT Client DLL
msimsg.dll	5.0.10041.0	Windows® Installer International Messages
msimtf.dll	10.0.10041.0	Active IMM Server DLL
msisip.dll	5.0.10041.0	MSI Signature SIP Provider
msiwer.dll	5.0.10041.0	MSI Windows Error Reporting
msjet40.dll	4.0.9765.0	Microsoft Jet Engine Library
msjetoledb40.dll	4.0.9756.0
msjint40.dll	4.0.9765.0	Microsoft Jet Database Engine International DLL
msjro.dll	10.0.10041.0	Jet and Replication Objects
msjter40.dll	4.0.9756.0	Microsoft Jet Database Engine Error DLL
msjtes40.dll	4.0.9756.0	Microsoft Jet Expression Service
mskeyprotcli.dll	10.0.10041.0	Windows Client Key Protection Provider
mskeyprotect.dll	10.0.10041.0	Microsoft Key Protection Provider
msls31.dll	3.10.349.0	Microsoft Line Services library file
msltus40.dll	4.0.9756.0	Microsoft Jet Lotus 1-2-3 Isam
msmpeg2adec.dll	12.0.10031.0	Microsoft DTV-DVD Audio Decoder
msmpeg2enc.dll	12.0.10041.0	Microsoft MPEG-2 Encoder
msmpeg2vdec.dll	12.0.10031.0	Microsoft DTV-DVD Video Decoder
msnetobj.dll	11.0.10041.0	DRM ActiveX Network Object
msobjs.dll	10.0.10041.0	System object audit names
msoeacct.dll	10.0.10041.0	Microsoft Internet Account Manager
msoert2.dll	10.0.10041.0	Microsoft Windows Mail RT Lib
msorc32r.dll	10.0.10041.0	ODBC Driver for Oracle Resources
msorcl32.dll	10.0.10041.0	ODBC Driver for Oracle
mspatcha.dll	10.0.10041.0	Microsoft File Patch Application API
mspatchc.dll	10.0.10041.0	Microsoft Patch Creation Engine
mspbde40.dll	4.0.9756.0	Microsoft Jet Paradox Isam
msports.dll	10.0.10041.0	Ports Class Installer
msphotography.dll	10.0.10041.0	MS Photography DLL
msrating.dll	11.0.10041.0	DLL Qua?n ly? nguo?i dung cu?c bo? va xe?p ha?ng Internet
msrd2x40.dll	4.0.9756.0	Microsoft (R) Red ISAM
msrd3x40.dll	4.0.9756.0	Microsoft (R) Red ISAM
msrdc.dll	10.0.10041.0	Remote Differential Compression COM server
msrdpwebaccess.dll	10.0.10041.0	Microsoft Remote Desktop Services Web Access Control
msrepl40.dll	4.0.9756.0	Microsoft Replication Library
msrle32.dll	10.0.10041.0	Microsoft RLE Compressor
msscntrs.dll	7.0.10041.0	PKM Perfmon Counter DLL
msscp.dll	11.0.10041.0	Windows Media Secure Content Provider
msshooks.dll	7.0.10041.0	Microsoft Search Hooks
mssign32.dll	10.0.10041.0	Microsoft Trust Signing APIs
mssip32.dll	10.0.10041.0	MSSIP32 Forwarder DLL
mssitlb.dll	7.0.10041.0	mssitlb
msspellcheckingfacility.dll	10.0.10041.0	Microsoft Spell Checking Facility
mssprxy.dll	7.0.10041.0	Microsoft Search Proxy
mssph.dll	7.0.10041.0	Microsoft Search Protocol Handler
mssphtb.dll	7.0.10041.0	Outlook MSSearch Connector
mssrch.dll	7.0.10041.0	Microsoft Embedded Search
mssvp.dll	7.0.10041.0	MSSearch Vista Platform
mstask.dll	10.0.10041.0	Task Scheduler interface DLL
mstext40.dll	4.0.9756.0	Microsoft Jet Text Isam
mstscax.dll	10.0.10041.0	Remote Desktop Services ActiveX Client
msutb.dll	10.0.10041.0	DLL He? phu?c vu? MSUTB
msv1_0.dll	10.0.10041.0	Microsoft Authentication Package v1.0
msvbvm60.dll	6.0.98.15	Visual Basic Virtual Machine
msvcirt.dll	7.0.10041.0	Windows NT IOStreams DLL
msvcp_win.dll	10.0.10041.0	Microsoft® C Runtime Library
msvcp100.dll	10.0.40219.325	Microsoft® C Runtime Library
msvcp120_clr0400.dll	12.0.52504.0	Microsoft® C Runtime Library
msvcp60.dll	7.0.10041.0	Windows NT C++ Runtime Library DLL
msvcr100.dll	10.0.40219.325	Microsoft® C Runtime Library
msvcr100_clr0400.dll	14.0.42.0	Microsoft® .NET Framework
msvcr120_clr0400.dll	12.0.52504.0	Microsoft® C Runtime Library
msvcrt.dll	7.0.10041.0	Windows NT CRT DLL
msvcrt20.dll	2.12.0.0	Microsoft® C Runtime Library
msvcrt40.dll	10.0.10041.0	VC 4.x CRT DLL (Forwarded to msvcrt.dll)
msvfw32.dll	10.0.10041.0	Microsoft Video for Windows DLL
msvidc32.dll	10.0.10041.0	Microsoft Video 1 Compressor
msvidctl.dll	6.5.10041.0	ActiveX control for streaming video
msvideodsp.dll	10.0.10041.0	Video Stabilization MFT
msvproc.dll	12.0.10041.0	Media Foundation Video Processor
mswb7.dll	10.0.10041.0	MSWB7 DLL
mswdat10.dll	4.0.9756.0	Microsoft Jet Sort Tables
mswmdm.dll	12.0.10041.0	Windows Media Device Manager Core
mswsock.dll	10.0.10041.0	Microsoft Windows Sockets 2.0 Service Provider
mswstr10.dll	4.0.9765.0	Microsoft Jet Sort Library
msxactps.dll	10.0.10041.0	OLE DB Transaction Proxies/Stubs
msxbde40.dll	4.0.9756.0	Microsoft Jet xBASE Isam
msxml3.dll	8.110.10041.0	MSXML 3.0
msxml3r.dll	8.110.10041.0	XML Resources
msxml6.dll	6.30.10041.0	MSXML 6.0
msxml6r.dll	6.30.10041.0	XML Resources
msyuv.dll	10.0.10041.0	Microsoft UYVY Video Decompressor
mtf.dll
mtxclu.dll	2001.12.10941.0	Microsoft Distributed Transaction Coordinator Failover Clustering Support DLL
mtxdm.dll	2001.12.10941.0	COM+
mtxex.dll	2001.12.10941.0	COM+
mtxlegih.dll	2001.12.10941.0	COM+
mtxoci.dll	2001.12.10941.0	Microsoft Distributed Transaction Coordinator Database Support DLL for Oracle
muifontsetup.dll	10.0.10041.0	MUI Callback for font registry settings
mycomput.dll	10.0.10041.0	Computer Management
mydocs.dll	10.0.10041.0	UI Ca?p Tai lie?u cu?a Toi
napcrypt.dll	10.0.10041.0	NAP Cryptographic API helper
napinsp.dll	10.0.10041.0	E-mail Naming Shim Provider
naturallanguage6.dll	10.0.10041.0	Natural Language Development Platform 6
ncaapi.dll	10.0.10041.0	Microsoft Network Connectivity Assistant API
ncdprop.dll	10.0.10041.0	Advanced network device properties
nci.dll	10.0.10041.0	CoInstaller: NET
ncobjapi.dll	10.0.10041.0	Microsoft® Windows® Operating System
ncrypt.dll	10.0.10041.0	Windows NCrypt Router
ncryptprov.dll	10.0.10041.0	Microsoft KSP
ncryptsslp.dll	10.0.10041.0	Microsoft SChannel Provider
nddeapi.dll	10.0.10041.0	Network DDE Share Management APIs
ndfapi.dll	10.0.10041.0	Network Diagnostic Framework Client API
ndfetw.dll	10.0.10041.0	Network Diagnostic Engine Event Interface
ndfhcdiscovery.dll	10.0.10041.0	Network Diagnostic Framework HC Discovery API
ndiscapcfg.dll	10.0.10041.0	NdisCap Notify Object
ndishc.dll	10.0.10041.0	NDIS Helper Classes
ndproxystub.dll	10.0.10041.0	Network Diagnostic Engine Proxy/Stub
negoexts.dll	10.0.10041.0	NegoExtender Security Package
netapi32.dll	10.0.10041.0	Net Win32 API DLL
netbios.dll	10.0.10041.0	NetBIOS Interface Library
netcenter.dll	10.0.10041.0	Network Center control panel
netcfgx.dll	10.0.10041.0	Do?i tuo?ng Ca?u hi?nh Ma?ng
netcorehc.dll	10.0.10041.0	Networking Core Diagnostics Helper Classes
netdiagfx.dll	10.0.10041.0	Network Diagnostic Framework
netevent.dll	10.0.10041.0	Net Event Handler
netfxperf.dll	10.0.10041.0	Extensible Performance Counter Shim
netid.dll	10.0.10041.0	System Control Panel Applet; Network ID Page
netiohlp.dll	10.0.10041.0	Netio Helper DLL
netjoin.dll	10.0.10041.0	Domain Join DLL
netlogon.dll	10.0.10041.0	Net Logon Services DLL
netmsg.dll	10.0.10041.0	Net Messages DLL
netplwiz.dll	10.0.10041.0	Map Network Drives/Network Places Wizard
netprofm.dll	10.0.10041.0	Network List Manager
netprovfw.dll	10.0.10041.0	Provisioning Service Framework DLL
netprovisionsp.dll	10.0.10041.0	Provisioning Service Provider DLL
netsetupapi.dll	10.0.10041.0	Network Configuration API
netsetupshim.dll	10.0.10041.0	Network Configuration API
netshell.dll	10.0.10041.0	Network Connections Shell
netutils.dll	10.0.10041.0	Net Win32 API Helpers DLL
networkexplorer.dll	10.0.10041.0	Tham hie?m Ma?ng
networkitemfactory.dll	10.0.10041.0	NetworkItem Factory
neth.dll	10.0.10041.0	Net Help Messages DLL
newdev.dll	6.0.5054.0	Add Hardware Device Library
ninput.dll	10.0.10041.0	Microsoft Pen and Touch Input Component
nlaapi.dll	10.0.10041.0	Network Location Awareness 2
nlhtml.dll	2008.0.10041.0	HTML filter
nlmgp.dll	10.0.10041.0	Network List Manager Snapin
nlmproxy.dll	10.0.10041.0	Network List Manager Public Proxy
nlmsprep.dll	10.0.10041.0	Network List Manager Sysprep Module
nlsbres.dll	10.0.10041.0	NLSBuild resource DLL
nlsdata0000.dll	10.0.10041.0	Microsoft Neutral Natural Language Server Data and Code
nlsdata002a.dll	10.0.10036.0	Microsoft Neutral Natural Language Server Data and Code
nlsdl.dll	10.0.10041.0	Nls Downlevel DLL
nlslexicons002a.dll	10.0.10036.0	Microsoft Neutral Natural Language Server Data and Code
nmaa.dll	10.0.10041.0	NMAA
nmadirect.dll	8.1.0.65535	master branch
normaliz.dll	10.0.10041.0	Unicode Normalization DLL
notificationobjfactory.dll	10.0.10041.0	Notifications Object Factory
npmproxy.dll	10.0.10041.0	Network List Manager Proxy
nshhttp.dll	10.0.10041.0	HTTP netsh DLL
nshipsec.dll	10.0.10041.0	Net Shell IP Security helper DLL
nshwfp.dll	10.0.10041.0	Windows Filtering Platform Netsh Helper
nsi.dll	10.0.10041.0	NSI User-mode interface DLL
ntasn1.dll	10.0.10041.0	Microsoft ASN.1 API
ntdll.dll	10.0.10041.0	NT Layer DLL
ntdsapi.dll	10.0.10041.0	Active Directory Domain Services API
ntlanman.dll	10.0.10041.0	Microsoft® Lan Manager
ntlanui2.dll	10.0.10041.0	Network object shell UI
ntlmshared.dll	10.0.10041.0	NTLM Shared Functionality
ntmarta.dll	10.0.10041.0	Windows NT MARTA provider
ntprint.dll	10.0.10041.0	Spooler Setup DLL
ntshrui.dll	10.0.10041.0	Pha?n mo? ro?ng vo? de? chia se?
ntvdm64.dll	10.0.10041.0	16-bit Emulation on NT64
ngcksp.dll	10.0.10041.0	Next Generation Credentials Key Storage Provider
objsel.dll	10.0.10041.0	Object Picker Dialog
occache.dll	11.0.10041.0	Tri?nh xem die?u khie?n do?i tuo?ng
ocsetapi.dll	10.0.10041.0	Windows Optional Component Setup API
odbc32.dll	10.0.10041.0	ODBC Driver Manager
odbcbcp.dll	10.0.10041.0	BCP for ODBC
odbcconf.dll	10.0.10041.0	ODBC Driver Configuration Program
odbccp32.dll	10.0.10041.0	ODBC Installer
odbccr32.dll	10.0.10041.0	ODBC Cursor Library
odbccu32.dll	10.0.10041.0	ODBC Cursor Library
odbcint.dll	10.0.10041.0	ODBC Resources
odbcji32.dll	10.0.10041.0	Microsoft ODBC Desktop Driver Pack 3.5
odbcjt32.dll	10.0.10041.0	Microsoft ODBC Desktop Driver Pack 3.5
odbctrac.dll	10.0.10041.0	ODBC Driver Manager Trace
oddbse32.dll	10.0.10041.0	ODBC (3.0) driver for DBase
odexl32.dll	10.0.10041.0	ODBC (3.0) driver for Excel
odfox32.dll	10.0.10041.0	ODBC (3.0) driver for FoxPro
odpdx32.dll	10.0.10041.0	ODBC (3.0) driver for Paradox
odtext32.dll	10.0.10041.0	ODBC (3.0) driver for text files
oemlicense.dll
offfilt.dll	2008.0.10041.0	OFFICE Filter
offlinelsa.dll	10.0.10041.0	Windows
offlinesam.dll	10.0.10041.0	Windows
offreg.dll	10.0.10041.0	Offline registry DLL
ogldrv.dll	10.0.10041.0	MSOGL
ole2.dll	3.10.0.103	Windows Win16 Application Launcher
ole2disp.dll	3.10.0.103	Windows Win16 Application Launcher
ole2nls.dll	3.10.0.103	Windows Win16 Application Launcher
ole32.dll	10.0.10041.0	Microsoft OLE for Windows
oleacc.dll	7.2.10041.0	Active Accessibility Core Component
oleaccrc.dll	7.2.10041.0	Active Accessibility Resource DLL
oleacchooks.dll	7.2.10041.0	Active Accessibility Event Hooks Library
oleaut32.dll	10.0.10041.0
olecli32.dll	10.0.10041.0	Object Linking and Embedding Client Library
oledb32.dll	10.0.10041.0	OLE DB Core Services
oledb32r.dll	10.0.10041.0	OLE DB Core Services Resources
oledlg.dll	10.0.10041.0	OLE User Interface Support
oleprn.dll	10.0.10041.0	Oleprn DLL
olepro32.dll	10.0.10041.0
olesvr32.dll	10.0.10041.0	Object Linking and Embedding Server Library
olethk32.dll	10.0.10041.0	Microsoft OLE for Windows
ondemandbrokerclient.dll	10.0.10041.0	OnDemandBrokerClient
ondemandconnroutehelper.dll	10.0.10041.0	On Demand Connctiond Route Helper
onedrivesettingsyncprovider.dll	10.0.10041.0	OneDrive Setting Sync
onex.dll	10.0.10041.0	IEEE 802.1X supplicant library
onexui.dll	10.0.10041.0	IEEE 802.1X supplicant UI library
oobefldr.dll	10.0.10041.0	Getting Started
opcservices.dll	10.0.10041.0	Native Code OPC Services Library
opengl32.dll	10.0.10041.0	OpenGL Client DLL
osbaseln.dll	10.0.10041.0	Service Reporting API
osksupport.dll	10.0.10041.0	Microsoft On-Screen Keyboard Support Utilities
osuninst.dll	10.0.10041.0	Uninstall Interface
p2p.dll	10.0.10041.0	Peer-to-Peer Grouping
p2pgraph.dll	10.0.10041.0	Peer-to-Peer Graphing
p2pnetsh.dll	10.0.10041.0	Peer-to-Peer NetSh Helper
packager.dll	10.0.10041.0	Object Packager2
packagestateroaming.dll	10.0.10041.0	Package State Roaming
panmap.dll	10.0.10041.0	PANOSE(tm) Font Mapper
pautoenr.dll	10.0.10041.0	Auto Enrollment DLL
pcacli.dll	10.0.10041.0	Program Compatibility Assistant Client Module
pcaui.dll	10.0.10041.0	Program Compatibility Assistant User Interface Module
pcpksp.dll	10.0.10041.0	Microsoft Platform Key Storage Provider for Platform Crypto Provider
pcptpm12.dll	10.0.10041.0	Microsoft Platform Crypto Provider for Trusted Platform Module 1.2
pcwum.dll	10.0.10041.0	Performance Counters for Windows Native DLL
pdh.dll	10.0.10041.0	Windows Performance Data Helper DLL
pdhui.dll	10.0.10041.0	PDH UI
peerdist.dll	10.0.10041.0	BranchCache Client Library
peerdistsh.dll	10.0.10041.0	BranchCache Netshell Helper
perfctrs.dll	10.0.10041.0	Performance Counters
perfdisk.dll	10.0.10041.0	Windows Disk Performance Objects DLL
perfnet.dll	10.0.10041.0	Windows Network Service Performance Objects DLL
perfos.dll	10.0.10041.0	Windows System Performance Objects DLL
perfproc.dll	10.0.10041.0	Windows System Process Performance Objects DLL
perfts.dll	10.0.10041.0	Windows Remote Desktop Services Performance Objects
pid.dll	10.0.10041.0	Microsoft PID
pidgenx.dll	10.0.10041.0	Pid Generation
pifmgr.dll	10.0.10041.0	Windows NT PIF Manager Icon Resources Library
pku2u.dll	10.0.10041.0	Pku2u Security Package
pla.dll	10.0.10041.0	Performance Logs & Alerts
playlistfolder.dll	10.0.10041.0	Playlist Folder
playsndsrv.dll	10.0.10041.0	PlaySound Service
playtodevice.dll	12.0.10041.0	PLAYTODEVICE DLL
playtomanager.dll	10.0.10041.0	Microsoft Windows PlayTo Manager
playtomenu.dll	12.0.10041.0	PlayTo Menu DLL
playtoreceiver.dll	12.0.10041.0	DLNA DMR DLL
playtostatusprovider.dll	10.0.10041.0	Pha?t de?n Nha? cung ca?p Tra?ng tha?i Dll
pnrpnsp.dll	10.0.10041.0	PNRP Name Space Provider
pngfilt.dll	11.0.10041.0	IE PNG plugin image decoder
policymanager.dll	10.0.10041.0	Policy Manager DLL
polstore.dll	10.0.10041.0	Policy Storage dll
portabledeviceapi.dll	10.0.10041.0	Windows Portable Device API Components
portabledeviceclassextension.dll	10.0.10041.0	Windows Portable Device Class Extension Component
portabledeviceconnectapi.dll	10.0.10041.0	Portable Device Connection API Components
portabledevicestatus.dll	10.0.10041.0	Microsoft Windows Portable Device Status Provider
portabledevicesyncprovider.dll	10.0.10041.0	Microsoft Windows Portable Device Provider.
portabledevicetypes.dll	10.0.10041.0	Windows Portable Device (Parameter) Types Component
portabledevicewiacompat.dll	10.0.10041.0	PortableDevice WIA Compatibility Driver
portabledevicewmdrm.dll	10.0.10041.0	Windows Portable Device WMDRM Component
pots.dll	10.0.10041.0	Power Troubleshooter
powercpl.dll	10.0.10041.0	Pa-nen Die?u khie?n Tuy cho?n Nguo?n die?n
powrprof.dll	10.0.10041.0	DLL Bo? Tro? giup Ho? so Nguo?n die?n
presentationhostproxy.dll	10.0.10041.0	Windows Presentation Foundation Host Proxy
prflbmsg.dll	10.0.10041.0	Perflib Event Messages
printconfig.dll	0.3.10041.0	PrintConfig User Interface
printdialogs.dll	10.0.10041.0	Microsoft® Windows® Operating System
printplatformconfig.dll	10.0.10041.0	Legacy Print Platform Adapter
printui.dll	10.0.10041.0	Giao die?n Nguo?i dung Thie?t da?t May in
prncache.dll	10.0.10041.0	Print UI Cache
prnfldr.dll	10.0.10041.0	prnfldr dll
prnntfy.dll	10.0.10041.0	prnntfy DLL
prntvpt.dll	10.0.10041.0	Print Ticket Services Module
profapi.dll	10.0.10041.0	User Profile Basic API
profext.dll	10.0.10041.0	profext
propsys.dll	7.0.10041.0	He? tho?ng So? hu?u cu?a Microsoft
provcore.dll	10.0.10041.0	Microsoft Wireless Provisioning Core
provsvc.dll	10.0.10041.0	Windows HomeGroup
provthrd.dll	10.0.10041.0	WMI Provider Thread & Log Library
proximitycommon.dll	10.0.10041.0	Proximity Common Implementation
proximitycommonpal.dll	10.0.10041.0	Proximity Common PAL
proximityrtapipal.dll	10.0.10041.0	Proximity WinRT API PAL
prvdmofcomp.dll	10.0.10041.0	WMI
psapi.dll	10.0.10041.0	Process Status Helper
pshed.dll	10.0.10041.0	Platform Specific Hardware Error Driver
psisdecd.dll	10.0.10041.0	Microsoft SI/PSI parser for MPEG2 based networks.
psmodulediscoveryprovider.dll	10.0.10041.0	WMI
pstorec.dll	10.0.10041.0	Deprecated Protected Storage COM interfaces
puiapi.dll	10.0.10041.0	puiapi DLL
puiobj.dll	10.0.10041.0	PrintUI Objects DLL
pwrshplugin.dll	10.0.10041.0	pwrshplugin.dll
photometadatahandler.dll	10.0.10041.0	Photo Metadata Handler
photowiz.dll	10.0.10041.0	Thua?t si? In A?nh
qasf.dll	12.0.10041.0	DirectShow ASF Support
qcap.dll	10.0.10041.0	DirectShow Runtime.
qdv.dll	10.0.10041.0	DirectShow Runtime.
qdvd.dll	10.0.10041.0	DirectShow DVD PlayBack Runtime.
qedit.dll	10.0.10041.0	DirectShow Editing.
qedwipes.dll	10.0.10041.0	DirectShow Editing SMPTE Wipes
qwave.dll	10.0.10041.0	Windows NT
quartz.dll	10.0.10041.0	DirectShow Runtime.
query.dll	10.0.10041.0	Content Index Utility DLL
racpldlg.dll	10.0.10041.0	Danh sa?ch Lien he? Tro? giu?p Tu? xa
radardt.dll	10.0.10041.0	Microsoft Windows Resource Exhaustion Detector
radarrs.dll	10.0.10041.0	Microsoft Windows Resource Exhaustion Resolver
radcui.dll	10.0.10041.0	Tha?nh pha?n UI Ke?t no?i Ba?n la?m vie?c va? RemoteApp
rasadhlp.dll	10.0.10041.0	Remote Access AutoDial Helper
rasapi32.dll	10.0.10041.0	Remote Access API
rascfg.dll	10.0.10041.0	RAS Configuration Objects
rasctrs.dll	10.0.10041.0	Windows NT Remote Access Perfmon Counter dll
raschap.dll	10.0.10041.0	Remote Access PPP CHAP
raschapext.dll	10.0.10041.0	Windows Extension library for raschap
rasdiag.dll	10.0.10041.0	RAS Diagnostics Helper Classes
rasdlg.dll	10.0.10041.0	Remote Access Common Dialog API
rasgcw.dll	10.0.10041.0	RAS Wizard Pages
rasman.dll	10.0.10041.0	Remote Access Connection Manager
rasmontr.dll	10.0.10041.0	RAS Monitor DLL
rasmxs.dll	10.0.10041.0	Remote Access Device DLL for modems, PADs and switches
rasplap.dll	10.0.10041.0	RAS PLAP Credential Provider
rasppp.dll	10.0.10041.0	Remote Access PPP
rasser.dll	10.0.10041.0	Remote Access Media DLL for COM ports
rastapi.dll	10.0.10041.0	Remote Access TAPI Compliance Layer
rastls.dll	10.0.10041.0	Remote Access PPP EAP-TLS
rastlsext.dll	10.0.10041.0	Windows Extension library for rastls
rdpcore.dll	10.0.10041.0	RDP Core DLL
rdpencom.dll	10.0.10041.0	RDPSRAPI COM Objects
rdpendp.dll	10.0.10041.0	RDP Audio Endpoint
rdpsaps.dll	10.0.10041.0	RDP Session Agent Proxy Stub
rdvidcrl.dll	10.0.10041.0	Remote Desktop Services Client for Microsoft Online Services
rdvvmtransport.dll	10.0.10041.0	RdvVmTransport EndPoints
reagent.dll	10.0.10041.0	Microsoft Windows Recovery Agent DLL
regapi.dll	10.0.10041.0	Registry Configuration APIs
regctrl.dll	10.0.10041.0	RegCtrl
reinfo.dll	10.0.10041.0	Microsoft Windows Recovery Info DLL
remoteaudioendpoint.dll	10.0.10041.0	Remote Audio Endpoint
remotenaturallanguage.dll	1.0.0.1	Speech Client Communication To Backend Speech Services Library.
remotepg.dll	10.0.10041.0	Remote Sessions CPL Extension
removedevicecontexthandler.dll	10.0.10041.0	Bo? xu? ly? Menu Ngu? ca?nh Thie?t bi? Loa?i bo? Ma?y in & Thie?t bi?
removedeviceelevated.dll	10.0.10041.0	RemoveDeviceElevated Proxy Dll
resampledmo.dll	10.0.10041.0	Windows Media Resampler
resutils.dll	10.0.10041.0	Microsoft Cluster Resource Utility DLL
rfxvmt.dll	10.0.10041.0	Microsoft RemoteFX VM Transport
rgb9rast.dll	10.0.10041.0	Microsoft® Windows® Operating System
riched20.dll	5.31.23.1231	Rich Text Edit Control, v3.1
riched32.dll	10.0.10041.0	Wrapper Dll for Richedit 1.0
rltkapo.dll	11.0.6000.414	Realtek(r) LFX/GFX DSP component
rmclient.dll	10.0.10041.0	Resource Manager Client
rnr20.dll	10.0.10041.0	Windows Socket2 NameSpace DLL
rometadata.dll	4.6.42.0	Microsoft MetaData Library
rpcns4.dll	10.0.10041.0	Remote Procedure Call Name Service Client
rpcnsh.dll	10.0.10041.0	RPC Netshell Helper
rpcrt4.dll	10.0.10041.0	Remote Procedure Call Runtime
rpcrtremote.dll	10.0.10041.0	Remote RPC Extension
rpchttp.dll	10.0.10041.0	RPC HTTP DLL
rsaenh.dll	10.0.10041.0	Microsoft Enhanced Cryptographic Provider
rshx32.dll	10.0.10041.0	Security Shell Extension
rstrtmgr.dll	10.0.10041.0	Restart Manager
rtffilt.dll	2008.0.10041.0	RTF Filter
rtm.dll	10.0.10041.0	Routing Table Manager
rtmediaframe.dll	10.0.10041.0	Windows Runtime MediaFrame DLL
rtsbastoricon.dll	1.0.8.0	Realtek Card Reader Icon Dll
rtutils.dll	10.0.10041.0	Routing Utilities
rtworkq.dll	12.0.10041.0	Realtime WorkQueue DLL
samcli.dll	10.0.10041.0	Security Accounts Manager Client DLL
samlib.dll	10.0.10041.0	SAM Library DLL
sas.dll	10.0.10041.0	WinLogon Software SAS Library
sbe.dll	10.0.10041.0	DirectShow Stream Buffer Filter.
sbeio.dll	12.0.10041.0	Stream Buffer IO DLL
sberes.dll	10.0.10041.0	DirectShow Stream Buffer Filter Resouces.
scansetting.dll	10.0.10041.0	Microsoft® Windows(TM) ScanSettings Profile and Scanning implementation
scarddlg.dll	10.0.10041.0	SCardDlg - Smart Card Common Dialog
scecli.dll	10.0.10041.0	Windows Security Configuration Editor Client Engine
scesrv.dll	10.0.10041.0	Windows Security Configuration Editor Engine
scksp.dll	10.0.10041.0	Microsoft Smart Card Key Storage Provider
scripto.dll	6.6.10041.0	Microsoft ScriptO
scrobj.dll	5.12.10041.0	Windows ® Script Component Runtime
scrptadm.dll	10.0.10041.0	Script Adm Extension
scrrun.dll	5.12.10041.0	Microsoft ® Script Runtime
schannel.dll	10.0.10041.2	TLS / SSL Security Provider
schedcli.dll	10.0.10041.0	Scheduler Service Client DLL
sdiageng.dll	10.0.10041.0	Scripted Diagnostics Execution Engine
sdiagprv.dll	10.0.10041.0	Windows Scripted Diagnostic Provider API
sdohlp.dll	10.0.10041.0	NPS SDO Helper Component
search.protocolhandler.mapi2.dll	7.0.10041.0	Microsoft Search Protocol Handler for MAPI2
searchfolder.dll	10.0.10041.0	SearchFolder
secomn32.dll	2.0.3.7	SECOMN.DLL
secproc.dll	10.0.10041.0	Windows Rights Management Desktop Security Processor
secproc_isv.dll	10.0.10041.0	Windows Rights Management Desktop Security Processor
secproc_ssp.dll	10.0.10041.0	Windows Rights Management Services Server Security Processor
secproc_ssp_isv.dll	10.0.10041.0	Windows Rights Management Services Server Security Processor (Pre-production)
secur32.dll	10.0.10041.0	Security Support Provider Interface
security.dll	10.0.10041.0	Security Support Provider Interface
sechost.dll	10.0.10041.0	Host for SCM/SDDL/LSA Lookup APIs
sendmail.dll	10.0.10041.0	Gu?i Thu
sensapi.dll	10.0.10041.0	SENS Connectivity API DLL
sensorsapi.dll	10.0.10041.0	Sensor API
sensorscpl.dll	10.0.10041.0	Mo? Bo? ca?m u?ng Di?nh vi? va? Kha?c
sensorsnativeapi.dll	10.0.10041.0	Sensors Native API
sensorsnativeapi.v2.dll	10.0.10041.0	Sensors Native API (V2 stack)
sensorsutilsv2.dll	10.0.10041.0	Sensors v2 Utilities DLL
serialui.dll	10.0.10041.0	Serial Port Property Pages
serwvdrv.dll	10.0.10041.0	Unimodem Serial Wave driver
sessenv.dll	10.0.10041.0	Remote Desktop Configuration service
settingmonitor.dll	10.0.10041.0	Setting Synchronization Change Monitor
settingsync.dll	10.0.10041.0	Setting Synchronization
settingsynccore.dll	10.0.10041.0	Setting Synchronization Core
settingsyncpolicy.dll	10.0.10041.0	SettingSync Policy
setupapi.dll	10.0.10041.0	Windows Setup API
setupcln.dll	10.0.10041.0	Setup Files Cleanup
sfc.dll	10.0.10041.0	Windows File Protection
sfc_os.dll	10.0.10041.0	Windows File Protection
sfcom.dll	3.0.0.11	SFCOM.DLL
shacct.dll	10.0.10041.0	Shell Accounts Classes
sharehost.dll	10.0.10041.0	ShareHost
shcore.dll	10.0.10041.0	SHCORE
shdocvw.dll	10.0.10041.0	Thu vie?n die?u khie?n va Do?i tuo?ng Shell Doc
shell32.dll	10.0.10041.0	Dll Chung Vo? cha?n cu?a Windows
shellstyle.dll	10.0.10041.0	Windows Shell Style Resource Dll
shfolder.dll	10.0.10041.0	Shell Folder Service
shgina.dll	10.0.10041.0	Windows Shell User Logon
shimeng.dll	10.0.10041.0	Shim Engine DLL
shimgvw.dll	10.0.10041.0	Photo Gallery Viewer
shlwapi.dll	10.0.10041.0	Thu vie?n Tie?n ich Nhe? cu?a Vo? cha?n
shpafact.dll	10.0.10041.0	Windows Shell LUA/PA Elevation Factory Dll
shsetup.dll	10.0.10041.0	Shell setup helper
shsvcs.dll	10.0.10041.0	Windows Shell Services Dll
shunimpl.dll	10.0.10041.0	Windows Shell Obsolete APIs
shwebsvc.dll	10.0.10041.0	Windows Shell Web Services
signdrv.dll	10.0.10041.0	WMI provider for Signed Drivers
simauth.dll	10.0.10041.0	EAP SIM run-time dll
simcfg.dll	10.0.10041.0	EAP SIM config dll
sisbkup.dll	10.0.10041.0	Single-Instance Store Backup Support Functions
slc.dll	10.0.10041.0	Software Licensing Client Dll
slcext.dll	10.0.10041.0	Software Licensing Client Extension Dll
slpts.dll	10.0.10041.0	Sleep Study Troubleshooter
slwga.dll	10.0.10041.0	Software Licensing WGA API
smartcardcredentialprovider.dll	10.0.10041.0	Windows Smartcard Credential Provider
smbhelperclass.dll	1.0.0.1	SMB (File Sharing) Helper Class for Network Diagnostic Framework
smphost.dll	10.0.10041.0	Storage Management Provider (SMP) host service
sndvolsso.dll	10.0.10041.0	Am luo?ng SCA
snmpapi.dll	10.0.10041.0	SNMP Utility Library
softkbd.dll	10.0.10041.0	Soft Keyboard Server and Tip
softpub.dll	10.0.10041.0	Softpub Forwarder DLL
sortserver2003compat.dll	10.0.10041.0	Sort Version Server 2003
sortwindows61.dll	10.0.10041.0	SortWindows61 Dll
sortwindows6compat.dll	10.0.10041.0	Sort Version Windows 6.0
spbcd.dll	10.0.10041.0	BCD Sysprep Plugin
spfileq.dll	10.0.10041.0	Windows SPFILEQ
spinf.dll	10.0.10041.0	Windows SPINF
spnet.dll	10.0.10041.0	Net Sysprep Plugin
spopk.dll	10.0.10041.0	OPK Sysprep Plugin
spp.dll	10.0.10041.0	Microsoft® Windows Shared Protection Point Library
sppc.dll	10.0.10041.0	Software Licensing Client Dll
sppcext.dll	10.0.10041.0	Software Protection Platform Client Extension Dll
sppinst.dll	10.0.10041.0	SPP CMI Installer Plug-in DLL
sppwmi.dll	10.0.10041.0	Software Protection Platform WMI provider
spwinsat.dll	10.0.10041.0	WinSAT Sysprep Plugin
spwizeng.dll	10.0.10041.0	Setup Wizard Framework
spwizimg.dll	10.0.10041.0	Setup Wizard Framework Resources
spwizres.dll	10.0.10041.0	Setup Wizard Framework Resources
spwmp.dll	10.0.10041.0	Windows Media Player System Preparation DLL
sqlcecompact40.dll	4.0.8275.1	Database Repair Tool (32-bit)
sqlceoledb40.dll	4.0.10041.1	OLEDB Provider (32-bit)
sqlceqp40.dll	4.0.10041.1	Query Processor (32-bit)
sqlcese40.dll	4.0.10041.1	Storage Engine (32-bit)
sqloledb.dll	10.0.10041.0	OLE DB Provider for SQL Server
sqlsrv32.dll	10.0.10041.0	SQL Server ODBC Driver
sqlunirl.dll	2000.80.2039.0	String Function .DLL for SQL Enterprise Components
sqlwid.dll	2000.80.2039.0	Unicode Function .DLL for SQL Enterprise Components
sqlwoa.dll	2000.80.2040.0	Unicode/ANSI Function .DLL for SQL Enterprise Components
sqlxmlx.dll	10.0.10041.0	XML extensions for SQL Server
sqmapi.dll	10.0.10041.0	SQM Client
srclient.dll	10.0.10041.0	Microsoft® Windows System Restore Client Library
srcom.dll	4.0.0.59	SRCOM.DLL
srchadmin.dll	7.0.10041.0	Indexing Options
srh.dll	10.0.10041.0	Screen Reader Helper DLL
srhinproc.dll	10.0.10041.0	Screen Reader Helper DLL
srm.dll	10.0.10041.0	Microsoft® File Server Resource Manager Common Library
srm_ps.dll	10.0.10041.0	Microsoft® FSRM internal proxy/stub
srmclient.dll	10.0.10041.0	Microsoft® File Server Resource Management Client Extensions
srmlib.dll	10.0.10041.0	Microsoft (R) File Server Resource Management Interop Assembly
srmscan.dll	10.0.10041.0	Microsoft® File Server Storage Reports Scan Engine
srmshell.dll	10.0.10041.0	Microsoft® File Server Resource Management Shell Extension
srmstormod.dll	10.0.10041.0	Microsoft® File Server Resource Management Office Parser
srmtrace.dll	10.0.10041.0	Microsoft® File Server Resource Management Tracing Library
srpapi.dll	10.0.10041.0	SRP APIs Dll
srpuxnativesnapin.dll	10.0.10041.0	Application Control Policies Group Policy Editor Extension
srumapi.dll	10.0.10041.0	System Resource Usage Monitor API
srumsvc.dll	10.0.10041.0	System Resource Usage Monitor Service
srvcli.dll	10.0.10041.0	Server Service Client DLL
sscore.dll	10.0.10041.0	Server Service Core DLL
ssdpapi.dll	10.0.10041.0	SSDP Client API DLL
sspicli.dll	10.0.10041.0	Security Support Provider Interface
ssshim.dll	10.0.10041.0	Windows Componentization Platform Servicing API
startupscan.dll	10.0.10041.0	Startup scan task DLL
staterepository.core.dll	10.0.10041.0	StateRepository Core
stclient.dll	2001.12.10941.0	COM+ Configuration Catalog Client
sti.dll	10.0.10041.0	Still Image Devices client DLL
stobject.dll	10.0.10041.0	Do?i tuo?ng di?ch vu? loi Systray
storage.dll	3.10.0.103	Windows Win16 Application Launcher
storagecontexthandler.dll	10.0.10041.0	Bo? qua?n ly? Menu Ngu? ca?nh Vu?ng luu tru? Trung tam Thie?t bi?
storagewmi.dll	10.0.10041.0	WMI Provider for Storage Management
storagewmi_passthru.dll	10.0.10041.0	WMI PassThru Provider for Storage Management
storprop.dll	10.0.10041.0	Property Pages for Storage Devices
structuredquery.dll	7.0.10041.0	Structured Query
sud.dll	10.0.10041.0	Pa-nen Die?u khie?n SUD
suplcsps.dll	10.0.10041.0	Windows Supl CSP implementation
sxproxy.dll	10.0.10041.0	Microsoft® Windows System Protection Proxy Library
sxs.dll	10.0.10041.0	Fusion 2.5
sxshared.dll	10.0.10041.0	Microsoft® Windows SX Shared Library
sxsstore.dll	10.0.10041.0	Sxs Store DLL
synccenter.dll	10.0.10041.0	Microsoft Sync Center
synceng.dll	10.0.10041.0	Windows Briefcase Engine
syncinfrastructure.dll	10.0.10041.0	Microsoft Windows Sync Infrastructure.
syncinfrastructureps.dll	10.0.10041.0	Microsoft Windows sync infrastructure proxy stub.
syncreg.dll	2007.94.10041.0	Microsoft Synchronization Framework Registration
syncsettings.dll	10.0.10041.0	Do?ng bo? Thi?t da?t
syncui.dll	10.0.10041.0	Windows Briefcase
synchostps.dll	10.0.10041.0	Proxystub for sync host
syssetup.dll	10.0.10041.0	Windows NT System Setup
systemcpl.dll	10.0.10041.0	CPL He? tho?ng cu?a Toi
systemeventsbrokerclient.dll	10.0.10041.0	system Events Broker Client Library
t2embed.dll	10.0.10041.0	Microsoft T2Embed Font Embedding
tapi3.dll	10.0.10041.0	Microsoft TAPI3
tapi32.dll	10.0.10041.0	Microsoft® Windows(TM) Telephony API Client DLL
tapimigplugin.dll	10.0.10041.0	Microsoft® Windows(TM) TAPI Migration Plugin Dll
tapiperf.dll	10.0.10041.0	Microsoft® Windows(TM) Telephony Performance Monitor
tapisrv.dll	10.0.10041.0	Microsoft® Windows(TM) Telephony Server
tapisysprep.dll	10.0.10041.0	Microsoft® Windows(TM) Telephony Sysprep Work
tapiui.dll	10.0.10041.0	Microsoft® Windows(TM) Telephony API UI DLL
taskcomp.dll	10.0.10041.0	Task Scheduler Backward Compatibility Plug-in
taskschd.dll	10.0.10041.0	Task Scheduler COM API
taskschdps.dll	10.0.10041.0	Task Scheduler Interfaces Proxy
tbauth.dll	10.0.10041.0	TBAuth protocol handler
tbs.dll	10.0.10041.0	TBS
tcpipcfg.dll	10.0.10041.0	Network Configuration Objects
tcpipsetup.dll	10.0.10041.0	TCPIP Network Setup Plugin
tcpmib.dll	10.0.10041.0	Standard TCP/IP Port Monitor Helper DLL
tcpmonui.dll	10.0.10041.0	Standard TCP/IP Port Monitor UI DLL
tdh.dll	10.0.10041.0	Event Trace Helper Library
termmgr.dll	10.0.10041.0	Microsoft TAPI3 Terminal Manager
tetheringclient.dll	10.0.10041.0	Tethering Client
textinputframework.dll
timebrokerclient.dll	10.0.10041.0	Time Broker Client Library
timedatemuicallback.dll	10.0.10041.0	Time Date Control UI Language Change plugin
tlscsp.dll	10.0.10041.0	Microsoft® Remote Desktop Services Cryptographic Utility
tokenbinding.dll	10.0.10041.0	Token Binding Protocol
tokenbroker.dll	10.0.10041.0	Token Broker
tokenbrokerui.dll	10.0.10041.0	Token Broker UI
tpmcertresources.dll	10.0.10041.0	TpmCertResources
tpmcompc.dll	10.0.10041.0	Computer Chooser Dialog
tpmcoreprovisioning.dll	10.0.10041.0	TPM Core Provisioning Library
tquery.dll	7.0.10041.0	Microsoft Tripoli Query
tsbyuv.dll	10.0.10041.0	Toshiba Video Codec
tschannel.dll	10.0.10041.0	Task Scheduler Proxy
tsgqec.dll	10.0.10041.0	RD Gateway QEC
tsmf.dll	10.0.10041.0	RDP MF Plugin
tspkg.dll	10.0.10041.0	Web Service Security Package
tsworkspace.dll	10.0.10041.0	RemoteApp and Desktop Connection Component
ttlsauth.dll	10.0.10041.0	EAP TTLS run-time dll
ttlscfg.dll	10.0.10041.0	EAP TTLS configuration dll
ttlsext.dll	10.0.10041.0	Windows Extension library for EAP TTLS
tvratings.dll	10.0.10041.0	Module for managing TV ratings
twext.dll	10.0.10041.0	Previous Versions property page
twinapi.appcore.dll	10.0.10041.0	twinapi.appcore
twinapi.dll	10.0.10041.0	twinapi
twinui.appcore.dll	10.0.10041.0	TWINUI.APPCORE
twinui.dll	10.0.10041.0	TWINUI
txflog.dll	2001.12.10941.0	COM+
txfw32.dll	10.0.10041.0	TxF Win32 DLL
typelib.dll	3.10.0.103	Windows Win16 Application Launcher
tzres.dll	10.0.10041.0	Time Zones resource DLL
themecpl.dll	10.0.10041.0	CPL Ca nhan hoa
themeui.dll	10.0.10041.0	API Chu? de? cu?a Windows
threadpoolwinrt.dll	10.0.10041.0	Windows WinRT Threadpool
thumbcache.dll	10.0.10041.0	Microsoft Thumbnail Cache
traffic.dll	10.0.10041.0	Microsoft Traffic Control 1.0 DLL
ucmhc.dll	10.0.10041.0	UCM Helper Class
ucrtbase.dll	10.0.10041.0	Microsoft® C Runtime Library
udhisapi.dll	10.0.10041.0	UPnP Device Host ISAPI Extension
uexfat.dll	10.0.10041.0	eXfat Utility DLL
ufat.dll	10.0.10041.0	FAT Utility DLL
uianimation.dll	10.0.10041.0	Windows Animation Manager
uiautomationcore.dll	7.2.10041.0	Microsoft UI Automation Core
uiautomationcoreres.dll	7.2.10041.0	Microsoft UI Automation Core Resource
uicom.dll	10.0.10041.0	Add/Remove Modems
uireng.dll	10.0.10041.0	UI Recording Engine Library
uiribbon.dll	10.0.10041.0	Khung la?m vie?c Ruy bang Windows
uiribbonres.dll	10.0.10041.0	Windows Ribbon Framework Resources
ulib.dll	10.0.10041.0	File Utilities Support DLL
umdmxfrm.dll	10.0.10041.0	Unimodem Tranform Module
unimdmat.dll	10.0.10041.0	Unimodem Service Provider AT Mini Driver
uniplat.dll	10.0.10041.0	Unimodem AT Mini Driver Platform Driver for Windows NT
untfs.dll	10.0.10041.0	NTFS Utility DLL
upnp.dll	10.0.10041.0	UPnP Control Point API
upnphost.dll	10.0.10041.0	UPnP Device Host
urefs.dll	10.0.10041.0	NTFS Utility DLL
urefsv1.dll	10.0.10041.0	NTFS Utility DLL
ureg.dll	10.0.10041.0	Registry Utility DLL
url.dll	11.0.10041.0	Internet Shortcut Shell Extension DLL
urlmon.dll	11.0.10041.0	Pha?n mo? ro?ng OLE32 cho Win32
usbceip.dll	10.0.10041.0	USBCEIP Task
usbperf.dll	10.0.10041.0	USB Performance Objects DLL
usbui.dll	10.0.10041.0	USB UI Dll
user32.dll	10.0.10041.0	DLL May su? du?ng API NGUO?I DUNG CU?A Windows Da Nguo?i dung
useraccountcontrolsettings.dll	10.0.10041.0	UserAccountControlSettings
usercpl.dll	10.0.10041.0	Pa-nen die?u khie?n nguo?i dung
userenv.dll	10.0.10041.0	Userenv
userinitext.dll	10.0.10041.0	UserInit Utility Extension DLL
userlanguageprofilecallback.dll	10.0.10041.0	MUI Callback for User Language profile changed
userlanguagescpl.dll	10.0.10041.0	Pa-nen Die?u khie?n Ca?u hi?nh Ngon ngu? cu?a Toi
usermgrcli.dll	10.0.10041.0	UserMgr API DLL
usermgrproxy.dll	10.0.10041.0	UserMgrProxy
usp10.dll	10.0.10041.0	Uniscribe Unicode script processor
ustprov.dll	10.0.10041.0	User State WMI Provider
utildll.dll	10.0.10041.0	WinStation utility support DLL
uudf.dll	10.0.10041.0	UDF Utility DLL
uxinit.dll	10.0.10041.0	Windows User Experience Session Initialization Dll
uxlib.dll	10.0.10041.0	Setup Wizard Framework
uxlibres.dll	10.0.10041.0	UXLib Resources
uxtheme.dll	10.0.10041.0	Microsoft UxTheme Library
van.dll	10.0.10041.0	Xem Ma?ng Sa?n dung
vault.dll	10.0.10041.0	Windows vault Control Panel
vaultcli.dll	10.0.10041.0	Credential Vault Client Library
vbajet32.dll	6.0.1.9431	Visual Basic for Applications Development Environment - Expression Service Loader
vbscript.dll	5.12.10041.0	Microsoft ® VBScript
vcomp100.dll	10.0.40219.325	Microsoft® C/C++ OpenMP Runtime
vdmdbg.dll	10.0.10041.0	VDMDBG.DLL
vds_ps.dll	10.0.10041.0	Microsoft® Virtual Disk Service proxy/stub
veeventdispatcher.dll	10.0.10041.0	Visual Element Event dispatcher
verifier.dll	10.0.10041.0	Standard application verifier provider dll
version.dll	10.0.10041.0	Version Checking and File Installation Libraries
vfwwdm32.dll	10.0.10041.0	VfW MM Driver for WDM Video Capture Devices
vidreszr.dll	10.0.10041.0	Windows Media Resizer
virtdisk.dll	10.0.10041.0	Virtual Disk API DLL
voiceactivationmanager.dll	10.0.10041.0	Windows Voice Activation Manager
vpnikeapi.dll	10.0.10041.0	VPN IKE API's
vscmgrps.dll	10.0.10041.0	Microsoft Virtual Smart Card Manager Proxy/Stub
vss_ps.dll	10.0.10041.0	Microsoft® Volume Shadow Copy Service proxy/stub
vssapi.dll	10.0.10041.0	Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL
vsstrace.dll	10.0.10041.0	Microsoft® Volume Shadow Copy Service Tracing Library
w32topl.dll	10.0.10041.0	Windows NT Topology Maintenance Tool
wab32.dll	10.0.10041.0	Microsoft (R) Contacts DLL
wab32res.dll	10.0.10041.0	Microsoft (R) Contacts DLL
wabsyncprovider.dll	10.0.10041.0	Microsoft Windows Contacts Sync Provider
wavemsp.dll	10.0.10041.0	Microsoft Wave MSP
wbemcomn.dll	10.0.10041.0	WMI
wcmapi.dll	10.0.10041.0	Windows Connection Manager Client API
wcnapi.dll	10.0.10041.0	Windows Connect Now - API Helper DLL
wcnwiz.dll	10.0.10041.0	Thua?t si? Ke?t no?i Ngay cu?a Windows
wcspluginservice.dll	10.0.10041.0	WcsPlugInService DLL
wdc.dll	10.0.10041.0	Performance Monitor
wdi.dll	10.0.10041.0	Windows Diagnostic Infrastructure
wdigest.dll	10.0.10041.0	Microsoft Digest Access
wdscore.dll	10.0.10041.0	Panther Engine Module
webcamui.dll	10.0.10041.0	Microsoft® Windows® Operating System
webclnt.dll	10.0.10041.0	Web DAV Service DLL
webcheck.dll	11.0.10041.0	Gia?m sat trang web
webio.dll	10.0.10041.0	Web Transfer Protocols API
webservices.dll	10.0.10041.0	Windows Web Services Runtime
websocket.dll	10.0.10041.0	Web Socket API
wecapi.dll	10.0.10041.0	Event Collector Configuration API
wer.dll	10.0.10041.0	Windows Error Reporting DLL
werdiagcontroller.dll	10.0.10041.0	WER Diagnostic Controller
werui.dll	10.0.10041.0	Windows Error Reporting UI DLL
wevtapi.dll	10.0.10041.0	Eventing Consumption and Configuration API
wevtfwd.dll	10.0.10041.0	WS-Management Event Forwarding Plug-in
wfapigp.dll	10.0.10041.0	Windows Firewall GPO Helper dll
wfdprov.dll	10.0.10041.0	Private WPS provisioning API DLL for Wi-Fi Direct
wfhc.dll	10.0.10041.0	Windows Firewall Helper Class
whhelper.dll	10.0.10041.0	Net shell helper DLL for winHttp
wiaaut.dll	10.0.10041.0	WIA Automation Layer
wiadefui.dll	10.0.10041.0	WIA Scanner Default UI
wiadss.dll	10.0.10041.0	WIA TWAIN compatibility layer
wiascanprofiles.dll	10.0.10041.0	Microsoft Windows ScanProfiles
wiashext.dll	10.0.10041.0	Imaging Devices Shell Folder UI
wiatrace.dll	10.0.10041.0	WIA Tracing
wimgapi.dll	10.0.10041.0	Windows Imaging Library
winbio.dll	10.0.10041.0	Windows Biometrics Client API
winbioext.dll	10.0.10041.0	Windows Biometrics Client Extension API
winbrand.dll	10.0.10041.0	Windows Branding Resources
wincorlib.dll	10.0.10041.0	Microsoft Windows ® WinRT core library
wincredprovider.dll	10.0.10041.0	wincredprovider DLL
windows.accountscontrol.dll	10.0.10041.0	Windows Accounts Control
windows.applicationmodel.background.systemeventsbroker.dll	10.0.10041.0	Windows Background System Events Broker API Server
windows.applicationmodel.background.timebroker.dll	10.0.10041.0	Windows Background Time Broker API Server
windows.applicationmodel.core.dll	10.0.10041.0	Windows Application Model Core API
windows.applicationmodel.dll	10.0.10041.0	Windows ApplicationModel API Server
windows.applicationmodel.lockscreen.dll	10.0.10041.0	Windows Lock Application Framework DLL
windows.applicationmodel.store.dll	10.0.10041.0	Windows Store Runtime DLL
windows.applicationmodel.store.testingframework.dll	10.0.10041.0	Windows Store Testing Framework Runtime DLL
windows.data.pdf.dll	10.0.10041.0	PDF WinRT APIs
windows.devices.alljoyn.dll	10.0.10041.0	Windows.Devices.AllJoyn DLL
windows.devices.background.dll	10.0.10041.0	Windows.Devices.Background
windows.devices.background.ps.dll	10.0.10041.0	Windows.Devices.Background Interface Proxy
windows.devices.bluetooth.dll	10.0.10041.0	Windows.Devices.Bluetooth DLL
windows.devices.custom.dll	10.0.10041.0	Windows.Devices.Custom
windows.devices.custom.ps.dll	10.0.10041.0	Windows.Devices.Custom Interface Proxy
windows.devices.enumeration.dll	10.0.10041.0	Windows.Devices.Enumeration
windows.devices.humaninterfacedevice.dll	10.0.10041.0	Windows.Devices.HumanInterfaceDevice DLL
windows.devices.lights.dll	10.0.10041.0	Windows Runtime Lights DLL
windows.devices.midi.dll	10.0.10041.0	Windows Runtime MIDI Device server DLL
windows.devices.picker.dll	10.0.10041.0	Bo? cho?n Thie?t bi?
windows.devices.pointofservice.dll	10.0.10041.0	Windows Runtime PointOfService DLL
windows.devices.portable.dll	10.0.10041.0	Windows Runtime Portable Devices DLL
windows.devices.printers.extensions.dll	10.0.10041.0	Windows.Devices.Printers.Extensions
windows.devices.radios.dll	10.0.10041.0	Windows.Devices.Radios DLL
windows.devices.scanners.dll	10.0.10041.0	Windows Runtime Devices Scanners DLL
windows.devices.sensors.dll	10.0.10041.0	Windows Runtime Sensors DLL
windows.devices.serialcommunication.dll	10.0.10041.0	Windows.Devices.SerialCommunication DLL
windows.devices.smartcards.dll	10.0.10041.0	The? Thong minh Windows Runtime API DLL
windows.devices.usb.dll	10.0.10041.0	Windows Runtime Usb DLL
windows.devices.wifi.dll	10.0.10041.0	Windows.Devices.WiFi DLL
windows.devices.wifidirect.dll	10.0.10041.0	Windows.Devices.WiFiDirect DLL
windows.energy.dll	10.0.10041.0	Windows Energy Runtime DLL
windows.globalization.dll	10.0.10041.0	Windows Globalization
windows.globalization.fontgroups.dll	10.0.10041.0	Fonts Mapping API
windows.graphics.dll	10.0.10041.0	WinRT Windows Graphics DLL
windows.graphics.printing.dll	10.0.10041.0	Microsoft Windows Printing Support
windows.internal.bluetooth.dll	10.0.10041.0	Windows.Internal.Bluetooth DLL
windows.management.orchestration.core.dll	10.0.10041.0	Windows Runtime Windows Management Orchestration Core DLL
windows.management.workplace.workplacesettings.dll	10.0.10041.0	Windows Runtime WorkplaceSettings DLL
windows.media.audio.dll	10.0.10041.0	Windows Runtime Window Media Audio server DLL
windows.media.backgroundmediaplayback.dll	10.0.10041.0	Windows Media BackgroundMediaPlayback DLL
windows.media.devices.dll	10.0.10041.0	Windows Runtime media device server DLL
windows.media.dll	10.0.10041.0	Windows Media Runtime DLL
windows.media.editing.dll	10.0.10041.0	Windows Media Editing DLL
windows.media.faceanalysis.dll	10.0.10041.0	Microsoft (R) Face Detection DLL
windows.media.mediacontrol.dll	10.0.10041.0	Windows Runtime MediaControl server DLL
windows.media.ocr.dll	10.0.10041.0	Windows OCR Runtime DLL
windows.media.playback.backgroundmediaplayer.dll	10.0.10041.0	Windows Media Playback BackgroundMediaPlayer DLL
windows.media.playback.mediaplayer.dll	10.0.10041.0	Windows Media Playback MediaPlayer DLL
windows.media.playback.proxystub.dll	10.0.10041.0	BackgroundMediaPlayer Proxy Stub DLL
windows.media.protection.playready.dll	3.0.2514.0	Microsoft PlayReady Client Framework Dll
windows.media.photo.import.dll	10.0.10041.0	Windows Photo Import API (WinRT/COM)
windows.media.speech.dll	10.0.10041.0	Windows Speech Runtime DLL
windows.media.streaming.dll	12.0.10041.0	DLNA DLL
windows.media.streaming.ps.dll	12.0.10041.0	DLNA Proxy-Stub DLL
windows.networking.backgroundtransfer.backgroundmanagerpolicy.dll	10.0.10041.0	Background Transfer Background Manager Policy DLL
windows.networking.backgroundtransfer.dll	10.0.10041.0	Windows.Networking.BackgroundTransfer DLL
windows.networking.connectivity.dll	10.0.10041.0	Windows Networking Connectivity Runtime DLL
windows.networking.dll	10.0.10041.0	Windows.Networking DLL
windows.networking.hostname.dll	10.0.10041.0	Windows.Networking.HostName DLL
windows.networking.networkoperators.hotspotauthentication.dll	10.0.10041.0	Microsoft Windows Hotspot Authentication API
windows.networking.proximity.dll	10.0.10041.0	Windows Runtime Proximity API DLL
windows.networking.sockets.pushenabledapplication.dll	10.0.10041.0	Windows.Networking.Sockets.PushEnabledApplication DLL
windows.security.authentication.onlineid.dll	10.0.10041.0	Windows Runtime OnlineId Authentication DLL
windows.security.authentication.web.core.dll	10.0.10041.0	Token Broker WinRT API
windows.security.credentials.ui.credentialpicker.dll	10.0.10041.0	WinRT Credential Picker Server
windows.security.credentials.ui.userconsentverifier.dll	10.0.10041.0	API cu?a bo? kie?m chu?ng su? do?ng y? cu?a nguo?i du?ng Windows
windows.shell.search.urihandler.dll	10.0.10041.0	Windows Search URI Handler
windows.shell.servicehostbuilder.dll	10.0.10041.0	Windows.Shell.ServiceHostBuilder
windows.staterepository.dll	10.0.10041.0	Windows StateRepository API Server
windows.storage.applicationdata.dll	10.0.10041.0	Windows Application Data API Server
windows.storage.compression.dll	10.0.10041.0	WinRT Compression
windows.storage.dll	10.0.10041.0	API Luu tr? WinRT c?a Microsoft
windows.storage.search.dll	10.0.10041.0	Windows.Storage.Search
windows.system.diagnostics.dll	10.0.10041.0	Windows System Diagnostics DLL
windows.system.profile.hardwareid.dll	10.0.10041.0	Windows System Profile HardwareId DLL
windows.system.profile.retailinfo.dll	10.0.10041.0	Windows.System.Profile.RetailInfo Runtime DLL
windows.system.profile.systemmanufacturers.dll	10.0.10041.0	Windows.System.Profile.SystemManufacturers
windows.system.remotedesktop.dll	10.0.10041.0	Windows System RemoteDesktop Runtime DLL
windows.ui.biofeedback.dll	10.0.10041.0	Bio Feedback User Experience
windows.ui.blockedshutdown.dll	10.0.10041.0	Blocked Shutdown User Experience
windows.ui.core.textinput.dll	10.0.10041.0	Windows.UI.Core.TextInput dll
windows.ui.cred.dll	10.0.10041.0	Credential Prompt User Experience
windows.ui.dll	10.0.10041.0	Windows Runtime UI Foundation DLL
windows.ui.immersive.dll	10.0.10041.0	WINDOWS.UI.IMMERSIVE
windows.ui.input.inking.dll	10.0.10041.0	WinRT Windows Inking DLL
windows.ui.logon.dll	10.0.10041.0	Logon User Experience
windows.ui.search.dll	10.0.10041.0	Windows.UI.Search
windows.ui.xaml.dll	10.0.10041.0	Windows.UI.Xaml dll
windows.ui.xaml.maps.dll	10.0.10041.0	Windows UI XAML Maps API
windows.ui.xaml.phone.dll	10.0.10041.0	Windows UI XAML Phone API
windows.ui.xaml.resources.dll	10.0.10041.0	Windows.UI.Xaml.Resources dll
windows.web.diagnostics.dll	10.0.10041.0	Windows.Web.Diagnostics
windows.web.dll	10.0.10041.0	Web Client DLL
windows.web.http.dll	10.0.10041.0	Windows.Web.Http DLL
windows.world.sensors.dll
windowscodecs.dll	10.0.10041.0	Microsoft Windows Codecs Library
windowscodecsext.dll	10.0.10041.0	Microsoft Windows Codecs Extended Library
windowscodecsraw.dll	10.0.10041.0	Microsoft Camera Codec Pack
windowslivelogin.dll	10.0.10041.0	Microsoft® Account Login Helper
winfax.dll	10.0.10041.0	Microsoft Fax API Support DLL
wininet.dll	11.0.10041.0	Pha?n mo? ro?ng Internet cho Win32
wininitext.dll	10.0.10041.0	WinInit Utility Extension DLL
winipcfile.dll	10.0.10041.0	Microsoft Active Directory Rights Management Services File API
winipcsecproc.dll	10.0.10041.0	Microsoft Active Directory Rights Management Services Desktop Security Processor
winipcsecproc_ssp.dll	10.0.10041.0	Microsoft Active Directory Rights Management Services Server Security Processor
winipsec.dll	10.0.10041.0	Windows IPsec SPD Client DLL
winlangdb.dll	10.0.10041.0	Co so? du? lie?u Ngon ngu? Windows Bcp47
winmde.dll	12.0.10041.0	WinMDE DLL
winmm.dll	10.0.10041.0	MCI API DLL
winmmbase.dll	10.0.10041.0	Base Multimedia Extension API DLL
winmsipc.dll	10.0.10041.0	Microsoft Active Directory Rights Management Services Client
winmsoirmprotector.dll	10.0.10041.0	Windows Office file format IRM Protector
winnlsres.dll	10.0.10041.0	DLL ta?i nguyen NLSBuild
winnsi.dll	10.0.10041.0	Network Store Information RPC interface
winopcirmprotector.dll	10.0.10041.0	Windows Office file format IRM Protector
winrnr.dll	10.0.10041.0	LDAP RnR Provider DLL
winrscmd.dll	10.0.10041.0	remtsvc
winrsmgr.dll	10.0.10041.0	WSMan Shell API
winrssrv.dll	10.0.10041.0	winrssrv
winrttracing.dll	10.0.10041.0	Windows Diagnostics Tracing
winsatapi.dll	10.0.10041.0	Windows System Assessment Tool API
winscard.dll	10.0.10041.0	Microsoft Smart Card API
winshfhc.dll	10.0.10041.0	File Risk Estimation
winsku.dll	10.0.10041.0	Windows SKU Library
winsockhc.dll	10.0.10041.0	Winsock Network Diagnostic Helper Class
winsrpc.dll	10.0.10041.0	WINS RPC LIBRARY
winsta.dll	10.0.10041.0	Winstation Library
winsync.dll	2007.94.10041.0	Synchronization Framework
winsyncmetastore.dll	2007.94.10041.0	Windows Synchronization Metadata Store
winsyncproviders.dll	2007.94.10041.0	Windows Synchronization Provider Framework
wintypes.dll	10.0.10041.0	Windows Base Types DLL
wintrust.dll	10.0.10041.0	Microsoft Trust Verification APIs
winusb.dll	10.0.10041.0	Windows USB Driver User Library
winhttp.dll	10.0.10041.0	Windows HTTP Services
wisp.dll	10.0.10041.0	Microsoft Pen and Touch Input Component
wkscli.dll	10.0.10041.0	Workstation Service Client DLL
wkspbrokerax.dll	10.0.10041.0	Microsoft Workspace Broker ActiveX Control
wksprtps.dll	10.0.10041.0	WorkspaceRuntime ProxyStub DLL
wlanapi.dll	10.0.10041.0	Windows WLAN AutoConfig Client Side API DLL
wlancfg.dll	10.0.10041.0	Wlan Netsh Helper DLL
wlanconn.dll	10.0.10041.0	Luo?ng No?i ke?t Dot11
wlandlg.dll	10.0.10041.0	Thua?t si? Ho?p thoa?i Ma?ng LAN Khong day
wlaninst.dll	10.0.10041.0	Windows NET Device Class Co-Installer for Wireless LAN
wlanmm.dll	10.0.10041.0	Tri?nh qua?n ly? Phi The? thu?c va Phuong tie?n Dot11
wlanmsm.dll	10.0.10041.0	Windows Wireless LAN 802.11 MSM DLL
wlanpref.dll	10.0.10041.0	Wireless Preferred Networks
wlansec.dll	10.0.10041.0	Windows Wireless LAN 802.11 MSM Security Module DLL
wlanui.dll	10.0.10041.0	Wireless Profile UI
wlanutil.dll	10.0.10041.0	Windows Wireless LAN 802.11 Utility DLL
wlangpui.dll	10.0.10041.0	Wireless Network Policy Management Snap-in
wlanhlp.dll	10.0.10041.0	Windows Wireless LAN 802.11 Client Side Helper API
wldap32.dll	10.0.10041.0	Win32 LDAP API DLL
wlgpclnt.dll	10.0.10041.0	802.11 Group Policy Client
wlidcli.dll	10.0.10041.0	Microsoft® Account Dynamic Link Library
wlidcredprov.dll	10.0.10041.0	Microsoft® Account Credential Provider
wlidfdp.dll	10.0.10041.0	Microsoft® Account Function Discovery Provider
wlidnsp.dll	10.0.10041.0	Microsoft® Account Namespace Provider
wlidprov.dll	10.0.10041.0	Microsoft® Account Provider
wlidres.dll	10.0.10041.0	Ta?i nguyen Microsoft® Windows Live ID
wls0wndh.dll	10.0.10041.0	Session0 Viewer Window Hook DLL
wmadmod.dll	10.0.10041.0	Windows Media Audio Decoder
wmadmoe.dll	10.0.10041.0	Windows Media Audio 10 Encoder/Transcoder
wmasf.dll	12.0.10041.0	Windows Media ASF DLL
wmcodecdspps.dll	10.0.10041.0	Windows Media CodecDSP Proxy Stub Dll
wmdmlog.dll	12.0.10041.0	Windows Media Device Manager Logger
wmdmps.dll	12.0.10041.0	Windows Media Device Manager Proxy Stub
wmdrmdev.dll	12.0.10041.0	Windows Media DRM for Network Devices Registration DLL
wmdrmnet.dll	12.0.10041.0	Windows Media DRM for Network Devices DLL
wmdrmsdk.dll	11.0.10041.0	Windows Media DRM SDK DLL
wmerror.dll	12.0.10041.0	Windows Media Error Definitions (English)
wmi.dll	10.0.10041.0	WMI DC and DP functionality
wmiclnt.dll	10.0.10041.0	WMI Client API
wmidcom.dll	10.0.10041.0	WMI
wmidx.dll	12.0.10041.0	Windows Media Indexer DLL
wmiprop.dll	10.0.10041.0	WDM Provider Dynamic Property Page CoInstaller
wmitomi.dll	10.0.10041.0	CIM Provider Adapter
wmnetmgr.dll	12.0.10041.0	Windows Media Network Plugin Manager DLL
wmp.dll	12.0.10041.0	Windows Media Player
wmpdui.dll	12.0.10041.0	Windows Media Player UI Engine
wmpdxm.dll	12.0.10041.0	Windows Media Player Extension
wmpeffects.dll	12.0.10041.0	Windows Media Player Effects
wmploc.dll	12.0.10041.0	Windows Media Player Resources
wmpps.dll	12.0.10041.0	Windows Media Player Proxy Stub Dll
wmpshell.dll	12.0.10041.0	Tri?nh kho?i cha?y cu?a Windows Media Player
wmphoto.dll	10.0.10041.0	Windows Media Photo Codec
wmsgapi.dll	10.0.10041.0	WinLogon IPC Client
wmspdmod.dll	10.0.10041.0	Windows Media Audio Voice Decoder
wmspdmoe.dll	10.0.10041.0	Windows Media Audio Voice Encoder
wmvcore.dll	12.0.10041.0	Windows Media Playback/Authoring DLL
wmvdecod.dll	10.0.10041.0	Windows Media Video Decoder
wmvdspa.dll	10.0.10041.0	Windows Media Video DSP Components - Advanced
wmvencod.dll	10.0.10041.0	Windows Media Video 9 Encoder
wmvsdecd.dll	10.0.10041.0	Windows Media Screen Decoder
wmvsencd.dll	10.0.10041.0	Windows Media Screen Encoder
wmvxencd.dll	10.0.10041.0	Windows Media Video Encoder
wofutil.dll	10.0.10041.0	Windows Overlay File System Filter user mode API
wordbreakers.dll
workfoldersres.dll	6.2.9200.16384	Work Folders Resources
wow32.dll	10.0.10041.0	Wow32
wpc.dll	10.0.10041.0	Thu vie?n Thie?t da?t WPC
wpdshext.dll	10.0.10041.0	Pha?n mo? ro?ng Vo? cu?a Thie?t bi? Di do?ng
wpdshserviceobj.dll	10.0.10041.0	Windows Portable Device Shell Service Object
wpdsp.dll	10.0.10041.0	WMDM Service Provider for Windows Portable Devices
wpkbdlayout.dll
wpnapps.dll	10.0.10041.0	Windows Push Notification Apps
wpportinglibrary.dll	10.0.10041.0	<d> DLL
ws2_32.dll	10.0.10041.0	Windows Socket 2.0 32-Bit DLL
ws2help.dll	10.0.10041.0	Windows Socket 2.0 Helper for Windows NT
wscapi.dll	10.0.10041.0	Windows Security Center API
wscinterop.dll	10.0.10041.0	Windows Health Center WSC Interop
wscisvif.dll	10.0.10041.0	Windows Security Center ISV API
wsclient.dll	10.0.10041.0	Windows Store Licensing Client
wscproxystub.dll	10.0.10041.0	Windows Security Center ISV Proxy Stub
wsdapi.dll	10.0.10041.0	Web Services for Devices API DLL
wsdchngr.dll	10.0.10041.0	WSD Challenge Component
wsecedit.dll	10.0.10041.0	Security Configuration UI Module
wshbth.dll	10.0.10041.0	Windows Sockets Helper DLL
wshcon.dll	5.12.10041.0	Microsoft ® Windows Script Controller
wshelper.dll	10.0.10041.0	Winsock Net shell helper DLL for winsock
wshext.dll	5.12.10041.0	Microsoft ® Shell Extension for Windows Script Host
wship6.dll	10.0.10041.0	Winsock2 Helper DLL (TL/IPv6)
wshirda.dll	10.0.10041.0	Windows Sockets Helper DLL
wshqos.dll	10.0.10041.0	QoS Winsock2 Helper DLL
wshrm.dll	10.0.10041.0	Windows Sockets Helper DLL for PGM
wshtcpip.dll	10.0.10041.0	Winsock2 Helper DLL (TL/IPv4)
wsmagent.dll	10.0.10041.0	WinRM Agent
wsmanmigrationplugin.dll	10.0.10041.0	WinRM Migration Plugin
wsmauto.dll	10.0.10041.0	WSMAN Automation
wsmplpxy.dll	10.0.10041.0	wsmplpxy
wsmres.dll	10.0.10041.0	WSMan Resource DLL
wsmsvc.dll	10.0.10041.0	WSMan Service
wsmwmipl.dll	10.0.10041.0	WSMAN WMI Provider
wsnmp32.dll	10.0.10041.0	Microsoft WinSNMP v2.0 Manager API
wsock32.dll	10.0.10041.0	Windows Socket 32-Bit DLL
wsp_fs.dll	10.0.10041.0	Windows Storage Provider for FileShare management
wsp_health.dll	10.0.10041.0	Windows Storage Provider for Health Agent API
wsshared.dll	10.0.10041.0	WSShared DLL
wssync.dll	10.0.10041.0	Windows Store Licensing Sync Client
wtsapi32.dll	10.0.10041.0	Windows Remote Desktop Session Host Server SDK APIs
wuapi.dll	10.0.10041.0	API May su? du?ng cu?a Windows Update
wudriver.dll	10.0.10041.0	Windows Update WUDriver Stub
wups.dll	10.0.10041.0	Windows Update client proxy stub
wuwebv.dll	10.0.10041.0	Windows Update Vista Web Control
wvc.dll	10.0.10041.0	Windows Visual Components
wwaapi.dll	10.0.10041.0	Microsoft Web Application Host API library
wwaext.dll	10.0.10041.0	Microsoft Web Application Host Extension library
wwanapi.dll	10.0.10041.0	Mbnapi
wwapi.dll	8.1.10041.0	WWAN API
xamldiagnostics.dll	10.0.10041.0	Xaml Diagnostics
xaudio2_8.dll	10.0.10041.0	XAudio2 Game Audio API
xinput1_4.dll	10.0.10041.0	Microsoft Common Controller API
xinput9_1_0.dll	10.0.10041.0	XNA Common Controller
xmlfilter.dll	2008.0.10041.0	XML Filter
xmllite.dll	10.0.10041.0	Microsoft XmlLite Library
xmlprovi.dll	10.0.10041.0	Network Provisioning Service Client API
xmlrw.dll	2011.110.2809.27	Microsoft XML Slim Library
xmlrwbin.dll	2011.110.2809.27	Microsoft XML Slim Library
xolehlp.dll	2001.12.10941.0	Microsoft Distributed Transaction Coordinator Helper APIs DLL
xpsdocumenttargetprint.dll	10.0.10041.0	XPS DocumentTargetPrint DLL
xpsfilt.dll	10.0.10041.0	XML Paper Specification Document IFilter
xpsgdiconverter.dll	10.0.10041.0	XPS to GDI Converter
xpsprint.dll	10.0.10041.0	XPS Printing DLL
xpsrasterservice.dll	10.0.10041.0	XPS Rasterization Service Component
xpsservices.dll	10.0.10041.0	Xps Object Model in memory creation and deserialization
xpsshhdr.dll	10.0.10041.0	OPC Shell Metadata Handler
xwizards.dll	10.0.10041.0	Extensible Wizards Manager Module
xwreg.dll	10.0.10041.0	Extensible Wizard Registration Manager Module
xwtpdui.dll	10.0.10041.0	Bo? tro? Loa?i Thua?t si?Mo? ro?ng duo?c cho DUI
xwtpw32.dll	10.0.10041.0	Extensible Wizard Type Plugin for Win32
zipfldr.dll	10.0.10041.0	Ca?p Nen (zipped)
ztrace_ca.dll	10.0.10041.0	Ztrace_ca DLL
ztrace_maps.dll	10.0.10041.0	ZTrace Event Resources

Certificates


[ Certificate Authorities / AlphaSSL CA - SHA256 - G2 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	31 36 F0 4E 44 01 00 00 00 00 04
		Validity	20/02/2014 - 20/02/2024

	Issuer Properties:
		Common Name	GlobalSign Root CA
		Organization	GlobalSign nv-sa
		Organizational Unit	Root CA
		Country	Belgium

	Subject Properties:
		Common Name	AlphaSSL CA - SHA256 - G2
		Organization	GlobalSign nv-sa
		Country	Belgium

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / COMODO RSA Domain Validation Secure Server CA ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA384 RSA (1.2.840.113549.1.1.12)
		Serial Number	07 8C 7C A3 DB 6E 8A 14 6C 36 75 D9 EA 6E 2E 2B
		Validity	12/02/2014 - 12/02/2029

	Issuer Properties:
		Common Name	COMODO RSA Certification Authority
		Organization	COMODO CA Limited
		Country	United Kingdom
		Locality Name	Salford
		State/Province	Greater Manchester

	Subject Properties:
		Common Name	COMODO RSA Domain Validation Secure Server CA
		Organization	COMODO CA Limited
		Country	United Kingdom
		Locality Name	Salford
		State/Province	Greater Manchester

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / Microsoft IT SSL SHA1 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	AA 9A 27 07
		Validity	20/12/2013 - 20/12/2017

	Issuer Properties:
		Common Name	Baltimore CyberTrust Root
		Organization	Baltimore
		Organizational Unit	CyberTrust
		Country	Ireland

	Subject Properties:
		Common Name	Microsoft IT SSL SHA1
		Organization	Microsoft Corporation
		Organizational Unit	Microsoft IT
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / Microsoft Secure Server CA 2011 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	04 00 00 00 00 00 18 B7 3F 61
		Validity	19/10/2011 - 19/10/2026

	Issuer Properties:
		Common Name	Microsoft Root Certificate Authority 2011
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Subject Properties:
		Common Name	Microsoft Secure Server CA 2011
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / Microsoft Windows Hardware Compatibility ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	A0 69 FE 8F 9A 3F D1 11 8B 19
		Validity	01/10/1997 - 31/12/2002

	Issuer Properties:
		Common Name	Microsoft Root Authority
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Corporation

	Subject Properties:
		Common Name	Microsoft Windows Hardware Compatibility
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Windows Hardware Compatibility Intermediate CA
		Organizational Unit	Microsoft Corporation

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / PositiveSSL CA 2 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	1B 00 0E C4 97 D6 48 D5 28 9C 45 81 46 12 6F 07
		Validity	16/02/2012 - 30/05/2020

	Issuer Properties:
		Common Name	AddTrust External CA Root
		Organization	AddTrust AB
		Organizational Unit	AddTrust External TTP Network
		Country	Sweden

	Subject Properties:
		Common Name	PositiveSSL CA 2
		Organization	COMODO CA Limited
		Country	United Kingdom
		Locality Name	Salford
		State/Province	Greater Manchester

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / Root Agency ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	F4 35 5C AA D4 B8 CF 11 8A 64 00 AA 00 6C 37 06
		Validity	29/05/1996 - 01/01/2040

	Issuer Properties:
		Common Name	Root Agency

	Subject Properties:
		Common Name	Root Agency

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	8F 07 93 3F 23 98 60 92 0F 2F D0 B4 BA EB FC 46
		Validity	17/04/1997 - 25/10/2016

	Issuer Properties:
		Organization	VeriSign, Inc.
		Organizational Unit	Class 3 Public Primary Certification Authority
		Country	United States

	Subject Properties:
		Organization	VeriSign Trust Network
		Organizational Unit	VeriSign, Inc.
		Organizational Unit	VeriSign International Server CA - Class 3

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Baltimore CyberTrust Root ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	B9 00 00 02
		Validity	13/05/2000 - 13/05/2025

	Issuer Properties:
		Common Name	Baltimore CyberTrust Root
		Organization	Baltimore
		Organizational Unit	CyberTrust
		Country	Ireland

	Subject Properties:
		Common Name	Baltimore CyberTrust Root
		Organization	Baltimore
		Organizational Unit	CyberTrust
		Country	Ireland

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / CertPlus Class 2 Primary CA ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	23 44 A5 C3 5F D7 94 F6 69 E3 DA D8 F3 4B BD 85 00
		Validity	08/07/1999 - 07/07/2019

	Issuer Properties:
		Common Name	Class 2 Primary CA
		Organization	Certplus
		Country	France

	Subject Properties:
		Common Name	Class 2 Primary CA
		Organization	Certplus
		Country	France

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / COMODO ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA384 RSA (1.2.840.113549.1.1.12)
		Serial Number	9D 86 03 5B D8 4E F7 1F E0 6F 63 DB CA F9 AA 4C
		Validity	19/01/2010 - 19/01/2038

	Issuer Properties:
		Common Name	COMODO RSA Certification Authority
		Organization	COMODO CA Limited
		Country	United Kingdom
		Locality Name	Salford
		State/Province	Greater Manchester

	Subject Properties:
		Common Name	COMODO RSA Certification Authority
		Organization	COMODO CA Limited
		Country	United Kingdom
		Locality Name	Salford
		State/Province	Greater Manchester

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DigiCert ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	39 30 F0 1B FC 60 E5 8F FE 46 D8 17 E5 E0 E7 0C
		Validity	10/11/2006 - 10/11/2031

	Issuer Properties:
		Common Name	DigiCert Assured ID Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Subject Properties:
		Common Name	DigiCert Assured ID Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DigiCert ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	4A C7 91 59 C9 6A 75 A1 B1 46 42 90 56 E0 3B 08
		Validity	10/11/2006 - 10/11/2031

	Issuer Properties:
		Common Name	DigiCert Global Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Subject Properties:
		Common Name	DigiCert Global Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DigiCert ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	77 25 46 AE F2 79 0B 8F 9B 40 0B 6A 26 5C AC 02
		Validity	10/11/2006 - 10/11/2031

	Issuer Properties:
		Common Name	DigiCert High Assurance EV Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Subject Properties:
		Common Name	DigiCert High Assurance EV Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Entrust (2048) ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	F8 DE 63 38
		Validity	25/12/1999 - 24/07/2029

	Issuer Properties:
		Common Name	Entrust.net Certification Authority (2048)
		Organization	Entrust.net
		Organizational Unit	www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)
		Organizational Unit	(c) 1999 Entrust.net Limited

	Subject Properties:
		Common Name	Entrust.net Certification Authority (2048)
		Organization	Entrust.net
		Organizational Unit	www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)
		Organizational Unit	(c) 1999 Entrust.net Limited

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Entrust ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	54 50 6B 45
		Validity	28/11/2006 - 28/11/2026

	Issuer Properties:
		Common Name	Entrust Root Certification Authority
		Organization	Entrust, Inc.
		Organizational Unit	www.entrust.net/CPS is incorporated by reference
		Organizational Unit	(c) 2006 Entrust, Inc.
		Country	United States

	Subject Properties:
		Common Name	Entrust Root Certification Authority
		Organization	Entrust, Inc.
		Organizational Unit	www.entrust.net/CPS is incorporated by reference
		Organizational Unit	(c) 2006 Entrust, Inc.
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GeoTrust Global CA ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	56 34 02
		Validity	21/05/2002 - 21/05/2022

	Issuer Properties:
		Common Name	GeoTrust Global CA
		Organization	GeoTrust Inc.
		Country	United States

	Subject Properties:
		Common Name	GeoTrust Global CA
		Organization	GeoTrust Inc.
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GeoTrust ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	CF F4 DE 35
		Validity	22/08/1998 - 22/08/2018

	Issuer Properties:
		Organization	Equifax
		Organizational Unit	Equifax Secure Certificate Authority
		Country	United States

	Subject Properties:
		Organization	Equifax
		Organizational Unit	Equifax Secure Certificate Authority
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GlobalSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	94 C3 5A 4B 15 01 00 00 00 00 04
		Validity	01/09/1998 - 28/01/2028

	Issuer Properties:
		Common Name	GlobalSign Root CA
		Organization	GlobalSign nv-sa
		Organizational Unit	Root CA
		Country	Belgium

	Subject Properties:
		Common Name	GlobalSign Root CA
		Organization	GlobalSign nv-sa
		Organizational Unit	Root CA
		Country	Belgium

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GlobalSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	A2 08 53 58 21 01 00 00 00 00 04
		Validity	18/03/2009 - 18/03/2029

	Issuer Properties:
		Common Name	GlobalSign
		Organization	GlobalSign
		Organizational Unit	GlobalSign Root CA - R3

	Subject Properties:
		Common Name	GlobalSign
		Organization	GlobalSign
		Organizational Unit	GlobalSign Root CA - R3

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Go Daddy Class 2 Certification Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	00
		Validity	30/06/2004 - 30/06/2034

	Issuer Properties:
		Organization	The Go Daddy Group, Inc.
		Organizational Unit	Go Daddy Class 2 Certification Authority
		Country	United States

	Subject Properties:
		Organization	The Go Daddy Group, Inc.
		Organizational Unit	Go Daddy Class 2 Certification Authority
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Go Daddy Root Certificate Authority – G2 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	00
		Validity	01/09/2009 - 01/01/2038

	Issuer Properties:
		Common Name	Go Daddy Root Certificate Authority - G2
		Organization	GoDaddy.com, Inc.
		Country	United States
		Locality Name	Scottsdale
		State/Province	Arizona

	Subject Properties:
		Common Name	Go Daddy Root Certificate Authority - G2
		Organization	GoDaddy.com, Inc.
		Country	United States
		Locality Name	Scottsdale
		State/Province	Arizona

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GTE CyberTrust Global Root ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	A5 01
		Validity	13/08/1998 - 14/08/2018

	Issuer Properties:
		Common Name	GTE CyberTrust Global Root
		Organization	GTE Corporation
		Organizational Unit	GTE CyberTrust Solutions, Inc.
		Country	United States

	Subject Properties:
		Common Name	GTE CyberTrust Global Root
		Organization	GTE Corporation
		Organizational Unit	GTE CyberTrust Solutions, Inc.
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Authenticode(tm) Root ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	01
		Validity	01/01/1995 - 01/01/2000

	Issuer Properties:
		Common Name	Microsoft Authenticode(tm) Root Authority
		Organization	MSFT
		Country	United States

	Subject Properties:
		Common Name	Microsoft Authenticode(tm) Root Authority
		Organization	MSFT
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Flighting Root 2014 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	5A 23 F0 1B EC 4F 4E 43 9E 11 DF 03 9D 0A 8F 07
		Validity	28/05/2014 - 28/05/2039

	Issuer Properties:
		Common Name	Microsoft Development Root Certificate Authority 2014
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Subject Properties:
		Common Name	Microsoft Development Root Certificate Authority 2014
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	40 DF EC 63 F6 3E D1 11 88 3C 3C 8B 00 C1 00
		Validity	10/01/1997 - 31/12/2020

	Issuer Properties:
		Common Name	Microsoft Root Authority
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Corporation

	Subject Properties:
		Common Name	Microsoft Root Authority
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Corporation

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Certificate Authority 2010 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	AA 39 43 6B 58 9B 9A 44 AC 44 BA BF 25 3A CC 28
		Validity	24/06/2010 - 24/06/2035

	Issuer Properties:
		Common Name	Microsoft Root Certificate Authority 2010
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Subject Properties:
		Common Name	Microsoft Root Certificate Authority 2010
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Certificate Authority 2011 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	44 E1 42 6C D6 69 B5 43 96 B2 9F FC B5 C8 8B 3F
		Validity	23/03/2011 - 23/03/2036

	Issuer Properties:
		Common Name	Microsoft Root Certificate Authority 2011
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Subject Properties:
		Common Name	Microsoft Root Certificate Authority 2011
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Certificate Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	65 2E 13 07 F4 58 73 4C AD A5 A0 4A A1 16 AD 79
		Validity	10/05/2001 - 10/05/2021

	Issuer Properties:
		Common Name	Microsoft Root Certificate Authority

	Subject Properties:
		Common Name	Microsoft Root Certificate Authority

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Timestamp Root ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	01
		Validity	13/05/1997 - 31/12/1999

	Issuer Properties:
		Organization	Microsoft Trust Network
		Organizational Unit	Microsoft Corporation
		Organizational Unit	Microsoft Time Stamping Service Root

	Subject Properties:
		Organization	Microsoft Trust Network
		Organizational Unit	Microsoft Corporation
		Organizational Unit	Microsoft Time Stamping Service Root

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Starfield Class 2 Certification Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	00
		Validity	30/06/2004 - 30/06/2034

	Issuer Properties:
		Organization	Starfield Technologies, Inc.
		Organizational Unit	Starfield Class 2 Certification Authority
		Country	United States

	Subject Properties:
		Organization	Starfield Technologies, Inc.
		Organizational Unit	Starfield Class 2 Certification Authority
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Starfield Root Certificate Authority – G2 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	00
		Validity	01/09/2009 - 01/01/2038

	Issuer Properties:
		Common Name	Starfield Root Certificate Authority - G2
		Organization	Starfield Technologies, Inc.
		Country	United States
		Locality Name	Scottsdale
		State/Province	Arizona

	Subject Properties:
		Common Name	Starfield Root Certificate Authority - G2
		Organization	Starfield Technologies, Inc.
		Country	United States
		Locality Name	Scottsdale
		State/Province	Arizona

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Thawte Timestamping CA ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	00
		Validity	01/01/1997 - 01/01/2021

	Issuer Properties:
		Common Name	Thawte Timestamping CA
		Organization	Thawte
		Organizational Unit	Thawte Certification
		Country	South Africa
		Locality Name	Durbanville
		State/Province	Western Cape

	Subject Properties:
		Common Name	Thawte Timestamping CA
		Organization	Thawte
		Organizational Unit	Thawte Certification
		Country	South Africa
		Locality Name	Durbanville
		State/Province	Western Cape

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / thawte ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	01
		Validity	01/08/1996 - 01/01/2021

	Issuer Properties:
		Common Name	Thawte Premium Server CA
		Organization	Thawte Consulting cc
		Organizational Unit	Certification Services Division
		Country	South Africa
		Locality Name	Cape Town
		State/Province	Western Cape
		E-mail Address	premium-server@thawte.com

	Subject Properties:
		Common Name	Thawte Premium Server CA
		Organization	Thawte Consulting cc
		Organizational Unit	Certification Services Division
		Country	South Africa
		Locality Name	Cape Town
		State/Province	Western Cape
		E-mail Address	premium-server@thawte.com

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / thawte ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	6D 2B DB 37 CE 2F F4 49 EC ED D5 20 57 D5 4E 34
		Validity	17/11/2006 - 17/07/2036

	Issuer Properties:
		Common Name	thawte Primary Root CA
		Organization	thawte, Inc.
		Organizational Unit	Certification Services Division
		Organizational Unit	(c) 2006 thawte, Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	thawte Primary Root CA
		Organization	thawte, Inc.
		Organizational Unit	Certification Services Division
		Organizational Unit	(c) 2006 thawte, Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Trustwave ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	D0 59 18 27 EB F0 7F 42 AD A5 16 08 5C 8E F0 0C
		Validity	08/11/2006 - 01/01/2030

	Issuer Properties:
		Common Name	SecureTrust CA
		Organization	SecureTrust Corporation
		Country	United States

	Subject Properties:
		Common Name	SecureTrust CA
		Organization	SecureTrust Corporation
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / USERTrust ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	69 AD A9 06 68 2A D3 11 B4 21 00 50 8B 0C BE 44
		Validity	25/06/1999 - 25/06/2019

	Issuer Properties:
		Common Name	UTN - DATACorp SGC
		Organization	The USERTRUST Network
		Organizational Unit	http://www.usertrust.com
		Country	United States
		Locality Name	Salt Lake City
		State/Province	UT

	Subject Properties:
		Common Name	UTN - DATACorp SGC
		Organization	The USERTRUST Network
		Organizational Unit	http://www.usertrust.com
		Country	United States
		Locality Name	Salt Lake City
		State/Province	UT

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / USERTrust ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	1B 5F B3 E0 2D 36 D3 11 B4 24 00 50 8B 0C BE 44
		Validity	10/07/1999 - 10/07/2019

	Issuer Properties:
		Common Name	UTN-USERFirst-Object
		Organization	The USERTRUST Network
		Organizational Unit	http://www.usertrust.com
		Country	United States
		Locality Name	Salt Lake City
		State/Province	UT

	Subject Properties:
		Common Name	UTN-USERFirst-Object
		Organization	The USERTRUST Network
		Organizational Unit	http://www.usertrust.com
		Country	United States
		Locality Name	Salt Lake City
		State/Province	UT

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / USERTrust ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	FD 0A 65 FE 2A 36 D3 11 B4 24 00 50 8B 0C BE 44
		Validity	10/07/1999 - 10/07/2019

	Issuer Properties:
		Common Name	UTN-USERFirst-Hardware
		Organization	The USERTRUST Network
		Organizational Unit	http://www.usertrust.com
		Country	United States
		Locality Name	Salt Lake City
		State/Province	UT

	Subject Properties:
		Common Name	UTN-USERFirst-Hardware
		Organization	The USERTRUST Network
		Organizational Unit	http://www.usertrust.com
		Country	United States
		Locality Name	Salt Lake City
		State/Province	UT

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / USERTrust ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	01
		Validity	30/05/2000 - 30/05/2020

	Issuer Properties:
		Common Name	AddTrust External CA Root
		Organization	AddTrust AB
		Organizational Unit	AddTrust External TTP Network
		Country	Sweden

	Subject Properties:
		Common Name	AddTrust External CA Root
		Organization	AddTrust AB
		Organizational Unit	AddTrust External TTP Network
		Country	Sweden

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign Class 3 Public Primary CA ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD2 RSA (1.2.840.113549.1.1.2)
		Serial Number	BF BA CC 03 7B CA 38 B6 34 29 D9 10 1D E4 BA 70
		Validity	29/01/1996 - 02/08/2028

	Issuer Properties:
		Organization	VeriSign, Inc.
		Organizational Unit	Class 3 Public Primary Certification Authority
		Country	United States

	Subject Properties:
		Organization	VeriSign, Inc.
		Organizational Unit	Class 3 Public Primary Certification Authority
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign Class 3 Public Primary Certification Authority - G4 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	1.2.840.10045.4.3.3
		Serial Number	B3 AC 87 91 28 12 67 48 0F 22 0E 8C 23 FE 80 2F
		Validity	05/11/2007 - 19/01/2038

	Issuer Properties:
		Common Name	VeriSign Class 3 Public Primary Certification Authority - G4
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 2007 VeriSign, Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	VeriSign Class 3 Public Primary Certification Authority - G4
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 2007 VeriSign, Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	1.2.840.10045.2.1

[ Root Certificates / VeriSign Time Stamping CA ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	A3 DC 5D 15 5F 73 5D A5 1C 59 82 8C 38 D2 19 4A
		Validity	12/05/1997 - 08/01/2004

	Issuer Properties:
		Organization	VeriSign Trust Network
		Organizational Unit	VeriSign, Inc.
		Organizational Unit	VeriSign Time Stamping Service Root
		Organizational Unit	NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.

	Subject Properties:
		Organization	VeriSign Trust Network
		Organizational Unit	VeriSign, Inc.
		Organizational Unit	VeriSign Time Stamping Service Root
		Organizational Unit	NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	4A 3B 6B CC CD 58 21 4A BB E8 7D 26 9E D1 DA 18
		Validity	08/11/2006 - 17/07/2036

	Issuer Properties:
		Common Name	VeriSign Class 3 Public Primary Certification Authority - G5
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 2006 VeriSign, Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	VeriSign Class 3 Public Primary Certification Authority - G5
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 2006 VeriSign, Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

UpTime


Current Session:
	Last Shutdown Time	05/04/2015 5:55:03 SA
	Last Boot Time	05/04/2015 5:55:26 SA
	Current Time	09/04/2015 6:41:06 SA
	UpTime	348355 sec (4 days, 0 hours, 45 min, 55 sec)

UpTime Statistics:
	First Boot Time	31/03/2015 8:44:00 CH
	First Shutdown Time	31/03/2015 8:42:55 CH
	Total UpTime	639845 sec (7 days, 9 hours, 44 min, 5 sec)
	Total DownTime	87253 sec (1 days, 0 hours, 14 min, 13 sec)
	Longest UpTime	348355 sec (4 days, 0 hours, 45 min, 55 sec)
	Longest DownTime	45807 sec (0 days, 12 hours, 43 min, 27 sec)
	Total Reboots	5
	System Availability	88.00%

Bluescreen Statistics:
	Total Bluescreens	0

Information:
	Information	The above statistics are based on System Event Log entries


Share Name	Type	Remark	Local Path
ADMIN$	Folder	Remote Admin	C:\Windows
C$	Folder	Default share	C:\
E$	Folder	Default share	E:\
IPC$	IPC	Remote IPC

Account Security


Account Security Properties:
	Computer Role	Primary
	Domain Name	WIN-8FFL85VFQP9
	Primary Domain Controller	Not Specified
	Forced Logoff Time	Disabled
	Min / Max Password Age	0 / 42 days
	Minimum Password Length	0 chars
	Password History Length	Disabled
	Lockout Threshold	Disabled
	Lockout Duration	30 min
	Lockout Observation Window	30 min

Logon


User	Full Name	Logon Server	Logon Domain
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount
quanravita@outlook.com.vn			MicrosoftAccount

Users


[ Administrator ]

	User Properties:
		User Name	Administrator
		Full Name	Administrator
		Comment	Built-in account for administering the computer/domain
		Member Of Groups	Administrators
		Logon Count	1
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	Yes
		Locked Out User	No
		Home Folder Required	No
		Password Required	Yes
		Read-Only Password	No
		Password Never Expires	Yes

[ DefaultAccount ]

	User Properties:
		User Name	DefaultAccount
		Full Name	DefaultAccount
		Comment	A user account managed by the system.
		Member Of Groups	System Managed Accounts Group
		Logon Count	0
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	Yes
		Locked Out User	No
		Home Folder Required	No
		Password Required	No
		Read-Only Password	No
		Password Never Expires	Yes

[ Guest ]

	User Properties:
		User Name	Guest
		Full Name	Guest
		Comment	Built-in account for guest access to the computer/domain
		Member Of Groups	Guests
		Logon Count	0
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	Yes
		Locked Out User	No
		Home Folder Required	No
		Password Required	No
		Read-Only Password	Yes
		Password Never Expires	Yes

[ Quanravita ]

	User Properties:
		User Name	Quanravita
		Full Name	Nguy?n Quang Anh Quân
		Member Of Groups	Administrators
		Logon Count	4
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	No
		Locked Out User	No
		Home Folder Required	No
		Password Required	No
		Read-Only Password	No
		Password Never Expires	Yes

Local Groups


[ Access Control Assistance Operators ]

	Local Group Properties:
		Comment	Members of this group can remotely query authorization attributes and permissions for resources on this computer.

[ Administrators ]

	Local Group Properties:
		Comment	Administrators have complete and unrestricted access to the computer/domain

	Group Members:
		Administrator
		Quanravita	Nguy?n Quang Anh Quân

[ Backup Operators ]

	Local Group Properties:
		Comment	Backup Operators can override security restrictions for the sole purpose of backing up or restoring files

[ Cryptographic Operators ]

	Local Group Properties:
		Comment	Members are authorized to perform cryptographic operations.

[ Distributed COM Users ]

	Local Group Properties:
		Comment	Members are allowed to launch, activate and use Distributed COM objects on this machine.

[ Event Log Readers ]

	Local Group Properties:
		Comment	Members of this group can read event logs from local machine

[ Guests ]

	Local Group Properties:
		Comment	Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted

	Group Members:
		Guest

[ Hyper-V Administrators ]

	Local Group Properties:
		Comment	Members of this group have complete and unrestricted access to all features of Hyper-V.

[ IIS_IUSRS ]

	Local Group Properties:
		Comment	Built-in group used by Internet Information Services.

	Group Members:
		IUSR

[ Network Configuration Operators ]

	Local Group Properties:
		Comment	Members in this group can have some administrative privileges to manage configuration of networking features

[ Performance Log Users ]

	Local Group Properties:
		Comment	Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer

[ Performance Monitor Users ]

	Local Group Properties:
		Comment	Members of this group can access performance counter data locally and remotely

[ Power Users ]

	Local Group Properties:
		Comment	Power Users are included for backwards compatibility and possess limited administrative powers

[ Remote Desktop Users ]

	Local Group Properties:
		Comment	Members in this group are granted the right to logon remotely

[ Remote Management Users ]

	Local Group Properties:
		Comment	Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.

[ Replicator ]

	Local Group Properties:
		Comment	Supports file replication in a domain

[ System Managed Accounts Group ]

	Local Group Properties:
		Comment	Members of this group are managed by the system.

	Group Members:
		DefaultAccount

[ Users ]

	Local Group Properties:
		Comment	Users are prevented from making accidental or intentional system-wide changes and can run most applications

	Group Members:
		Authenticated Users
		INTERACTIVE

Global Groups


[ None ]

	Global Group Properties:
		Comment	Ordinary users

	Group Members:
		Administrator
		DefaultAccount
		Guest
		Quanravita	Nguy?n Quang Anh Quân

Windows Video


[ Intel(R) HD Graphics 3000 ]

	Video Adapter Properties:
		Device Description	Intel(R) HD Graphics 3000
		Adapter String	Intel(R) HD Graphics 3000
		BIOS String	Intel Video BIOS
		Chip Type	Intel(R) HD Graphics Family
		DAC Type	Internal
		Driver Date	29/01/2014
		Driver Version	9.17.10.3347
		Driver Provider	Intel Corporation
		Memory Size	2556 MB

	Installed Drivers:
		igdumd64	9.17.10.3347
		igd10umd64	9.17.10.3347
		igd10umd64	9.17.10.3347
		igdumd32	9.17.10.3347
		igd10umd32	9.17.10.3347
		igd10umd32	9.17.10.3347

	Video Adapter Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

[ Intel(R) HD Graphics 3000 ]

	Video Adapter Properties:
		Device Description	Intel(R) HD Graphics 3000
		Adapter String	Intel(R) HD Graphics 3000
		BIOS String	Intel Video BIOS
		Chip Type	Intel(R) HD Graphics Family
		DAC Type	Internal
		Driver Date	29/01/2014
		Driver Version	9.17.10.3347
		Driver Provider	Intel Corporation
		Memory Size	2556 MB

	Installed Drivers:
		igdumd64	9.17.10.3347
		igd10umd64	9.17.10.3347
		igd10umd64	9.17.10.3347
		igdumd32	9.17.10.3347
		igd10umd32	9.17.10.3347
		igd10umd32	9.17.10.3347

	Video Adapter Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

PCI / AGP Video


		Device Description	Device Type
		Intel HD Graphics 3000	Video Adapter
		Intel HD Graphics 3000	3D Accelerator

GPU


[ Integrated: Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2) ]

	Graphics Processor Properties:
		Video Adapter	Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2)
		BIOS Version	Build Number: 2137 ASID:2137.I13X450.005 $PC 14.34 03/14/2012 20:10:50
		BIOS Date	14/03/2012
		GPU Code Name	Sandy Bridge-MB GT2
		PCI Device	8086-0116 / 1043-1567 (Rev 09)
		Process Technology	32 nm
		Bus Type	Integrated
		GPU Clock	649 MHz (original: 649 MHz)
		GPU Clock (Turbo)	649 - 1148 MHz
		RAMDAC Clock	350 MHz
		Pixel Pipelines	4
		TMU Per Pipeline	1
		Unified Shaders	48 (v4.1)
		DirectX Hardware Support	DirectX v10.1
		WDDM Version	WDDM 1.2

	Architecture:
		Architecture	Intel Gen6
		Execution Units (EU)	12
		L1 Instruction Cache	4 KB
		L1 Texture Cache	4 KB
		L2 Instruction Cache	24 KB
		L2 Texture Cache	16 KB
		Unified Return Buffer	64 KB

	Theoretical Peak Performance:
		Pixel Fillrate	2596 MPixel/s @ 649 MHz
		Texel Fillrate	2596 MTexel/s @ 649 MHz

	Utilization:
		Dedicated Memory	14 MB
		Dynamic Memory	102 MB

	Graphics Processor Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

Monitor


[ CMN N140BGE-L22 ]

	Monitor Properties:
		Monitor Name	CMN N140BGE-L22
		Monitor ID	CMN1470
		Manufacturer	N140BGE-L22
		Model	CMN
		Monitor Type	14" LCD (WXGA)
		Manufacture Date	Week 40 / 2011
		Serial Number	None
		Max. Visible Display Size	309 mm x 174 mm (14.0")
		Picture Aspect Ratio	16:9
		Maximum Resolution	1366 x 768
		Gamma	2.20
		DPMS Mode Support	None

	Supported Video Modes:
		1366 x 768	Pixel Clock: 69.30 MHz

Desktop


Desktop Properties:
	Device Technology	Raster Display
	Resolution	1366 x 768
	Color Depth	32-bit
	Color Planes	1
	Font Resolution	96 dpi
	Pixel Width / Height	36 / 36
	Pixel Diagonal	51
	Vertical Refresh Rate	60 Hz
	Desktop Wallpaper	C:\Users\Quanravita\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg

Desktop Effects:
	Combo-Box Animation	Enabled
	Drop Shadow Effect	Enabled
	Flat Menu Effect	Enabled
	Font Smoothing	Enabled
	ClearType	Enabled
	Full Window Dragging	Enabled
	Gradient Window Title Bars	Enabled
	Hide Menu Access Keys	Enabled
	Hot Tracking Effect	Enabled
	Icon Title Wrapping	Enabled
	List-Box Smooth Scrolling	Enabled
	Menu Animation	Enabled
	Menu Fade Effect	Enabled
	Minimize/Restore Animation	Enabled
	Mouse Cursor Shadow	Disabled
	Selection Fade Effect	Enabled
	ShowSounds Accessibility Feature	Disabled
	ToolTip Animation	Enabled
	ToolTip Fade Effect	Enabled
	Windows Aero	Enabled
	Windows Plus! Extension	Disabled

Multi-Monitor


Device ID	Primary	Upper Left Corner	Bottom Right Corner
\\.\DISPLAY1	Yes	(0,0)	(1366,768)

Video Modes


Resolution	Color Depth	Refresh Rate
320 x 200	32-bit	60 Hz
320 x 200	32-bit	60 Hz
320 x 200	32-bit	60 Hz
320 x 240	32-bit	60 Hz
320 x 240	32-bit	60 Hz
320 x 240	32-bit	60 Hz
400 x 300	32-bit	60 Hz
400 x 300	32-bit	60 Hz
400 x 300	32-bit	60 Hz
512 x 384	32-bit	60 Hz
512 x 384	32-bit	60 Hz
512 x 384	32-bit	60 Hz
640 x 400	32-bit	60 Hz
640 x 400	32-bit	60 Hz
640 x 400	32-bit	60 Hz
640 x 480	32-bit	60 Hz
640 x 480	32-bit	60 Hz
640 x 480	32-bit	60 Hz
800 x 600	32-bit	60 Hz
800 x 600	32-bit	60 Hz
800 x 600	32-bit	60 Hz
1024 x 768	32-bit	60 Hz
1024 x 768	32-bit	60 Hz
1024 x 768	32-bit	60 Hz
1280 x 600	32-bit	60 Hz
1280 x 600	32-bit	60 Hz
1280 x 600	32-bit	60 Hz
1280 x 720	32-bit	60 Hz
1280 x 720	32-bit	60 Hz
1280 x 720	32-bit	60 Hz
1280 x 768	32-bit	60 Hz
1280 x 768	32-bit	60 Hz
1280 x 768	32-bit	60 Hz
1360 x 768	32-bit	60 Hz
1360 x 768	32-bit	60 Hz
1360 x 768	32-bit	60 Hz
1366 x 768	32-bit	60 Hz

OpenGL


OpenGL Properties:
	Vendor	Intel
	Renderer	Intel(R) HD Graphics 3000
	Version	3.1.0 - Build 9.17.10.3347
	Shading Language Version	1.40 - Intel Build 9.17.10.3347
	OpenGL DLL	10.0.10041.0(fbl_impressive.150313-1821)
	Multitexture Texture Units	8
	Occlusion Query Counter Bits	64
	Sub-Pixel Precision	4-bit
	Max Viewport Size	8192 x 8192
	Max Cube Map Texture Size	8192 x 8192
	Max Rectangle Texture Size	8192 x 8192
	Max 3D Texture Size	2048 x 2048 x 2048
	Max Anisotropy	16
	Max Clipping Planes	6
	Max Display-List Nesting Level	64
	Max Draw Buffers	8
	Max Evaluator Order	32
	Max Light Sources	8
	Max Pixel Map Table Size	65536
	Max Texture Array Layers	256
	Max Texture LOD Bias	15

OpenGL Compliancy:
	OpenGL 1.1	Yes (100%)
	OpenGL 1.2	Yes (100%)
	OpenGL 1.3	Yes (100%)
	OpenGL 1.4	Yes (100%)
	OpenGL 1.5	Yes (100%)
	OpenGL 2.0	Yes (100%)
	OpenGL 2.1	Yes (100%)
	OpenGL 3.0	Yes (100%)
	OpenGL 3.1	Yes (100%)
	OpenGL 3.2	No (70%)
	OpenGL 3.3	No (70%)
	OpenGL 4.0	No (15%)
	OpenGL 4.1	No (0%)
	OpenGL 4.2	No (0%)
	OpenGL 4.3	No (0%)
	OpenGL 4.4	No (0%)
	OpenGL 4.5	No (0%)

Max Stack Depth:
	Attribute Stack	16
	Client Attribute Stack	16
	Modelview Matrix Stack	32
	Name Stack	128
	Projection Matrix Stack	4
	Texture Matrix Stack	10

Draw Range Elements:
	Max Index Count	1200
	Max Vertex Count	1200

Transform Feedback:
	Max Interleaved Components	64
	Max Separate Attributes	4
	Max Separate Components	4

Framebuffer Object:
	Max Color Attachments	8
	Max Render Buffer Size	4096 x 4096

Vertex Shader:
	Max Uniform Vertex Components	512
	Max Varying Floats	41
	Max Vertex Texture Image Units	16
	Max Combined Texture Image Units	16

Fragment Shader:
	Max Uniform Fragment Components	1024

Vertex Program:
	Max Local Parameters	256
	Max Environment Parameters	300
	Max Program Matrices	8
	Max Program Matrix Stack Depth	2
	Max Vertex Attributes	16
	Max Instructions	1024
	Max Native Instructions	1024
	Max Temporaries	31
	Max Native Temporaries	31
	Max Parameters	512
	Max Native Parameters	400
	Max Attributes	16
	Max Native Attributes	16
	Max Address Registers	1
	Max Native Address Registers	1

Fragment Program:
	Max Local Parameters	256
	Max Environment Parameters	256
	Max Texture Coordinates	8
	Max Texture Image Units	16
	Max Instructions	1447
	Max Native Instructions	1447
	Max Temporaries	256
	Max Native Temporaries	256
	Max Parameters	512
	Max Native Parameters	32
	Max Attributes	13
	Max Native Attributes	13
	Max Address Registers	0
	Max Native Address Registers	0
	Max ALU Instructions	1447
	Max Native ALU Instructions	1447
	Max Texture Instructions	1447
	Max Native Texture Instructions	1447
	Max Texture Indirections	128
	Max Native Texture Indirections	128

OpenGL Extensions:
	Total / Supported Extensions	1007 / 129
	GL_3DFX_multisample	Not Supported
	GL_3DFX_tbuffer	Not Supported
	GL_3DFX_texture_compression_FXT1	Supported
	GL_3DL_direct_texture_access2	Not Supported
	GL_3Dlabs_multisample_transparency_id	Not Supported
	GL_3Dlabs_multisample_transparency_range	Not Supported
	GL_AMD_blend_minmax_factor	Not Supported
	GL_AMD_compressed_3DC_texture	Not Supported
	GL_AMD_compressed_ATC_texture	Not Supported
	GL_AMD_conservative_depth	Not Supported
	GL_AMD_debug_output	Not Supported
	GL_AMD_depth_clamp_separate	Not Supported
	GL_AMD_draw_buffers_blend	Not Supported
	GL_AMD_framebuffer_sample_positions	Not Supported
	GL_AMD_gcn_shader	Not Supported
	GL_AMD_gpu_shader_half_float	Not Supported
	GL_AMD_gpu_shader_half_float2	Not Supported
	GL_AMD_gpu_shader_int64	Not Supported
	GL_AMD_interleaved_elements	Not Supported
	GL_AMD_multi_draw_indirect	Not Supported
	GL_AMD_name_gen_delete	Not Supported
	GL_AMD_occlusion_query_event	Not Supported
	GL_AMD_performance_monitor	Not Supported
	GL_AMD_pinned_memory	Not Supported
	GL_AMD_program_binary_Z400	Not Supported
	GL_AMD_query_buffer_object	Not Supported
	GL_AMD_sample_positions	Not Supported
	GL_AMD_seamless_cubemap_per_texture	Not Supported
	GL_AMD_shader_atomic_counter_ops	Not Supported
	GL_AMD_shader_stencil_export	Not Supported
	GL_AMD_shader_stencil_value_export	Not Supported
	GL_AMD_shader_trace	Not Supported
	GL_AMD_shader_trinary_minmax	Not Supported
	GL_AMD_sparse_texture	Not Supported
	GL_AMD_sparse_texture_pool	Not Supported
	GL_AMD_stencil_operation_extended	Not Supported
	GL_AMD_texture_compression_dxt6	Not Supported
	GL_AMD_texture_compression_dxt7	Not Supported
	GL_AMD_texture_cube_map_array	Not Supported
	GL_AMD_texture_texture4	Not Supported
	GL_AMD_texture_tile_pool	Not Supported
	GL_AMD_transform_feedback3_lines_triangles	Not Supported
	GL_AMD_transform_feedback4	Not Supported
	GL_AMD_vertex_shader_layer	Not Supported
	GL_AMD_vertex_shader_tessellator	Not Supported
	GL_AMD_vertex_shader_viewport_index	Not Supported
	GL_AMDX_debug_output	Not Supported
	GL_AMDX_name_gen_delete	Not Supported
	GL_AMDX_random_access_target	Not Supported
	GL_AMDX_vertex_shader_tessellator	Not Supported
	GL_ANDROID_extension_pack_es31a	Not Supported
	GL_ANGLE_depth_texture	Not Supported
	GL_ANGLE_framebuffer_blit	Not Supported
	GL_ANGLE_framebuffer_multisample	Not Supported
	GL_ANGLE_instanced_arrays	Not Supported
	GL_ANGLE_pack_reverse_row_order	Not Supported
	GL_ANGLE_program_binary	Not Supported
	GL_ANGLE_texture_compression_dxt1	Not Supported
	GL_ANGLE_texture_compression_dxt3	Not Supported
	GL_ANGLE_texture_compression_dxt5	Not Supported
	GL_ANGLE_texture_usage	Not Supported
	GL_ANGLE_translated_shader_source	Not Supported
	GL_APPLE_aux_depth_stencil	Not Supported
	GL_APPLE_client_storage	Not Supported
	GL_APPLE_copy_texture_levels	Not Supported
	GL_APPLE_element_array	Not Supported
	GL_APPLE_fence	Not Supported
	GL_APPLE_float_pixels	Not Supported
	GL_APPLE_flush_buffer_range	Not Supported
	GL_APPLE_flush_render	Not Supported
	GL_APPLE_framebuffer_multisample	Not Supported
	GL_APPLE_object_purgeable	Not Supported
	GL_APPLE_packed_pixel	Not Supported
	GL_APPLE_packed_pixels	Not Supported
	GL_APPLE_pixel_buffer	Not Supported
	GL_APPLE_rgb_422	Not Supported
	GL_APPLE_row_bytes	Not Supported
	GL_APPLE_specular_vector	Not Supported
	GL_APPLE_sync	Not Supported
	GL_APPLE_texture_2D_limited_npot	Not Supported
	GL_APPLE_texture_format_BGRA8888	Not Supported
	GL_APPLE_texture_max_level	Not Supported
	GL_APPLE_texture_range	Not Supported
	GL_APPLE_transform_hint	Not Supported
	GL_APPLE_vertex_array_object	Not Supported
	GL_APPLE_vertex_array_range	Not Supported
	GL_APPLE_vertex_point_size	Not Supported
	GL_APPLE_vertex_program_evaluators	Not Supported
	GL_APPLE_ycbcr_422	Not Supported
	GL_ARB_arrays_of_arrays	Not Supported
	GL_ARB_base_instance	Not Supported
	GL_ARB_bindless_texture	Not Supported
	GL_ARB_blend_func_extended	Not Supported
	GL_ARB_buffer_storage	Not Supported
	GL_ARB_cl_event	Not Supported
	GL_ARB_clear_buffer_object	Not Supported
	GL_ARB_clear_texture	Not Supported
	GL_ARB_clip_control	Not Supported
	GL_ARB_color_buffer_float	Supported
	GL_ARB_compatibility	Supported
	GL_ARB_compressed_texture_pixel_storage	Not Supported
	GL_ARB_compute_shader	Not Supported
	GL_ARB_compute_variable_group_size	Not Supported
	GL_ARB_conditional_render_inverted	Not Supported
	GL_ARB_conservative_depth	Not Supported
	GL_ARB_context_flush_control	Not Supported
	GL_ARB_copy_buffer	Supported
	GL_ARB_copy_image	Not Supported
	GL_ARB_cull_distance	Not Supported
	GL_ARB_debug_group	Not Supported
	GL_ARB_debug_label	Not Supported
	GL_ARB_debug_output	Not Supported
	GL_ARB_debug_output2	Not Supported
	GL_ARB_depth_buffer_float	Supported
	GL_ARB_depth_clamp	Supported
	GL_ARB_depth_texture	Supported
	GL_ARB_derivative_control	Not Supported
	GL_ARB_direct_state_access	Not Supported
	GL_ARB_draw_buffers	Supported
	GL_ARB_draw_buffers_blend	Supported
	GL_ARB_draw_elements_base_vertex	Supported
	GL_ARB_draw_indirect	Not Supported
	GL_ARB_draw_instanced	Supported
	GL_ARB_enhanced_layouts	Not Supported
	GL_ARB_ES2_compatibility	Not Supported
	GL_ARB_ES3_1_compatibility	Not Supported
	GL_ARB_ES3_compatibility	Not Supported
	GL_ARB_explicit_attrib_location	Supported
	GL_ARB_explicit_uniform_location	Not Supported
	GL_ARB_fragment_coord_conventions	Supported
	GL_ARB_fragment_layer_viewport	Not Supported
	GL_ARB_fragment_program	Supported
	GL_ARB_fragment_program_shadow	Supported
	GL_ARB_fragment_shader	Supported
	GL_ARB_framebuffer_no_attachments	Not Supported
	GL_ARB_framebuffer_object	Supported
	GL_ARB_framebuffer_sRGB	Supported
	GL_ARB_geometry_shader4	Not Supported
	GL_ARB_get_program_binary	Not Supported
	GL_ARB_get_texture_sub_image	Not Supported
	GL_ARB_gpu_shader_fp64	Not Supported
	GL_ARB_gpu_shader5	Not Supported
	GL_ARB_half_float_pixel	Supported
	GL_ARB_half_float_vertex	Supported
	GL_ARB_imaging	Not Supported
	GL_ARB_indirect_parameters	Not Supported
	GL_ARB_instanced_arrays	Supported
	GL_ARB_internalformat_query	Not Supported
	GL_ARB_internalformat_query2	Not Supported
	GL_ARB_invalidate_subdata	Not Supported
	GL_ARB_make_current_read	Not Supported
	GL_ARB_map_buffer_alignment	Not Supported
	GL_ARB_map_buffer_range	Supported
	GL_ARB_matrix_palette	Not Supported
	GL_ARB_multi_bind	Not Supported
	GL_ARB_multi_draw_indirect	Not Supported
	GL_ARB_multisample	Supported
	GL_ARB_multitexture	Supported
	GL_ARB_occlusion_query	Supported
	GL_ARB_occlusion_query2	Supported
	GL_ARB_pipeline_statistics_query	Not Supported
	GL_ARB_pixel_buffer_object	Supported
	GL_ARB_point_parameters	Supported
	GL_ARB_point_sprite	Supported
	GL_ARB_program_interface_query	Not Supported
	GL_ARB_provoking_vertex	Supported
	GL_ARB_query_buffer_object	Not Supported
	GL_ARB_robust_buffer_access_behavior	Not Supported
	GL_ARB_robustness	Not Supported
	GL_ARB_robustness_isolation	Not Supported
	GL_ARB_sample_shading	Not Supported
	GL_ARB_sampler_objects	Supported
	GL_ARB_seamless_cube_map	Supported
	GL_ARB_seamless_cubemap_per_texture	Not Supported
	GL_ARB_separate_shader_objects	Not Supported
	GL_ARB_shader_atomic_counters	Not Supported
	GL_ARB_shader_bit_encoding	Supported
	GL_ARB_shader_draw_parameters	Not Supported
	GL_ARB_shader_group_vote	Not Supported
	GL_ARB_shader_image_load_store	Not Supported
	GL_ARB_shader_image_size	Not Supported
	GL_ARB_shader_objects	Supported
	GL_ARB_shader_precision	Not Supported
	GL_ARB_shader_stencil_export	Not Supported
	GL_ARB_shader_storage_buffer_object	Not Supported
	GL_ARB_shader_subroutine	Not Supported
	GL_ARB_shader_texture_image_samples	Not Supported
	GL_ARB_shader_texture_lod	Not Supported
	GL_ARB_shading_language_100	Supported
	GL_ARB_shading_language_120	Not Supported
	GL_ARB_shading_language_420pack	Not Supported
	GL_ARB_shading_language_include	Not Supported
	GL_ARB_shading_language_packing	Not Supported
	GL_ARB_shadow	Supported
	GL_ARB_shadow_ambient	Not Supported
	GL_ARB_sparse_buffer	Not Supported
	GL_ARB_sparse_texture	Not Supported
	GL_ARB_stencil_texturing	Not Supported
	GL_ARB_swap_buffers	Not Supported
	GL_ARB_sync	Supported
	GL_ARB_tessellation_shader	Not Supported
	GL_ARB_texture_barrier	Not Supported
	GL_ARB_texture_border_clamp	Supported
	GL_ARB_texture_buffer_object	Not Supported
	GL_ARB_texture_buffer_object_rgb32	Supported
	GL_ARB_texture_buffer_range	Not Supported
	GL_ARB_texture_compression	Supported
	GL_ARB_texture_compression_bptc	Not Supported
	GL_ARB_texture_compression_rgtc	Supported
	GL_ARB_texture_compression_rtgc	Not Supported
	GL_ARB_texture_cube_map	Supported
	GL_ARB_texture_cube_map_array	Not Supported
	GL_ARB_texture_env_add	Supported
	GL_ARB_texture_env_combine	Supported
	GL_ARB_texture_env_crossbar	Supported
	GL_ARB_texture_env_dot3	Supported
	GL_ARB_texture_float	Supported
	GL_ARB_texture_gather	Not Supported
	GL_ARB_texture_mirror_clamp_to_edge	Not Supported
	GL_ARB_texture_mirrored_repeat	Not Supported
	GL_ARB_texture_multisample	Not Supported
	GL_ARB_texture_non_power_of_two	Supported
	GL_ARB_texture_query_levels	Not Supported
	GL_ARB_texture_query_lod	Supported
	GL_ARB_texture_rectangle	Supported
	GL_ARB_texture_rg	Supported
	GL_ARB_texture_rgb10_a2ui	Supported
	GL_ARB_texture_snorm	Not Supported
	GL_ARB_texture_stencil8	Not Supported
	GL_ARB_texture_storage	Not Supported
	GL_ARB_texture_storage_multisample	Not Supported
	GL_ARB_texture_swizzle	Not Supported
	GL_ARB_texture_view	Not Supported
	GL_ARB_timer_query	Supported
	GL_ARB_transform_feedback_instanced	Not Supported
	GL_ARB_transform_feedback_overflow_query	Not Supported
	GL_ARB_transform_feedback2	Not Supported
	GL_ARB_transform_feedback3	Not Supported
	GL_ARB_transpose_matrix	Supported
	GL_ARB_uber_buffers	Not Supported
	GL_ARB_uber_mem_image	Not Supported
	GL_ARB_uber_vertex_array	Not Supported
	GL_ARB_uniform_buffer_object	Supported
	GL_ARB_vertex_array_bgra	Supported
	GL_ARB_vertex_array_object	Supported
	GL_ARB_vertex_attrib_64bit	Not Supported
	GL_ARB_vertex_attrib_binding	Not Supported
	GL_ARB_vertex_blend	Not Supported
	GL_ARB_vertex_buffer_object	Supported
	GL_ARB_vertex_program	Supported
	GL_ARB_vertex_shader	Supported
	GL_ARB_vertex_type_10f_11f_11f_rev	Not Supported
	GL_ARB_vertex_type_2_10_10_10_rev	Supported
	GL_ARB_viewport_array	Not Supported
	GL_ARB_window_pos	Supported
	GL_ARM_mali_program_binary	Not Supported
	GL_ARM_mali_shader_binary	Not Supported
	GL_ARM_rgba8	Not Supported
	GL_ARM_shader_framebuffer_fetch	Not Supported
	GL_ARM_shader_framebuffer_fetch_depth_stencil	Not Supported
	GL_ATI_array_rev_comps_in_4_bytes	Not Supported
	GL_ATI_blend_equation_separate	Not Supported
	GL_ATI_blend_weighted_minmax	Not Supported
	GL_ATI_draw_buffers	Not Supported
	GL_ATI_element_array	Not Supported
	GL_ATI_envmap_bumpmap	Not Supported
	GL_ATI_fragment_shader	Not Supported
	GL_ATI_lock_texture	Not Supported
	GL_ATI_map_object_buffer	Not Supported
	GL_ATI_meminfo	Not Supported
	GL_ATI_pixel_format_float	Not Supported
	GL_ATI_pn_triangles	Not Supported
	GL_ATI_point_cull_mode	Not Supported
	GL_ATI_separate_stencil	Supported
	GL_ATI_shader_texture_lod	Not Supported
	GL_ATI_text_fragment_shader	Not Supported
	GL_ATI_texture_compression_3dc	Not Supported
	GL_ATI_texture_env_combine3	Not Supported
	GL_ATI_texture_float	Not Supported
	GL_ATI_texture_mirror_once	Not Supported
	GL_ATI_vertex_array_object	Not Supported
	GL_ATI_vertex_attrib_array_object	Not Supported
	GL_ATI_vertex_blend	Not Supported
	GL_ATI_vertex_shader	Not Supported
	GL_ATI_vertex_streams	Not Supported
	GL_ATIX_pn_triangles	Not Supported
	GL_ATIX_texture_env_combine3	Not Supported
	GL_ATIX_texture_env_route	Not Supported
	GL_ATIX_vertex_shader_output_point_size	Not Supported
	GL_Autodesk_facet_normal	Not Supported
	GL_Autodesk_valid_back_buffer_hint	Not Supported
	GL_CR_bounding_box	Not Supported
	GL_CR_cursor_position	Not Supported
	GL_CR_head_spu_name	Not Supported
	GL_CR_performance_info	Not Supported
	GL_CR_print_string	Not Supported
	GL_CR_readback_barrier_size	Not Supported
	GL_CR_saveframe	Not Supported
	GL_CR_server_id_sharing	Not Supported
	GL_CR_server_matrix	Not Supported
	GL_CR_state_parameter	Not Supported
	GL_CR_synchronization	Not Supported
	GL_CR_tile_info	Not Supported
	GL_CR_tilesort_info	Not Supported
	GL_CR_window_size	Not Supported
	GL_DIMD_YUV	Not Supported
	GL_DMP_shader_binary	Not Supported
	GL_EXT_422_pixels	Not Supported
	GL_EXT_abgr	Supported
	GL_EXT_bgra	Supported
	GL_EXT_bindable_uniform	Not Supported
	GL_EXT_blend_color	Supported
	GL_EXT_blend_equation_separate	Supported
	GL_EXT_blend_func_separate	Supported
	GL_EXT_blend_logic_op	Not Supported
	GL_EXT_blend_minmax	Supported
	GL_EXT_blend_subtract	Supported
	GL_EXT_Cg_shader	Not Supported
	GL_EXT_clip_control	Not Supported
	GL_EXT_clip_volume_hint	Supported
	GL_EXT_cmyka	Not Supported
	GL_EXT_color_buffer_float	Not Supported
	GL_EXT_color_buffer_half_float	Not Supported
	GL_EXT_color_matrix	Not Supported
	GL_EXT_color_subtable	Not Supported
	GL_EXT_color_table	Not Supported
	GL_EXT_compiled_vertex_array	Supported
	GL_EXT_convolution	Not Supported
	GL_EXT_convolution_border_modes	Not Supported
	GL_EXT_coordinate_frame	Not Supported
	GL_EXT_copy_buffer	Not Supported
	GL_EXT_copy_image	Not Supported
	GL_EXT_copy_texture	Not Supported
	GL_EXT_cull_vertex	Not Supported
	GL_EXT_debug_label	Not Supported
	GL_EXT_debug_marker	Not Supported
	GL_EXT_depth_bounds_test	Not Supported
	GL_EXT_depth_buffer_float	Not Supported
	GL_EXT_direct_state_access	Not Supported
	GL_EXT_discard_framebuffer	Not Supported
	GL_EXT_disjoint_timer_query	Not Supported
	GL_EXT_draw_buffers	Not Supported
	GL_EXT_draw_buffers_indexed	Not Supported
	GL_EXT_draw_buffers2	Supported
	GL_EXT_draw_indirect	Not Supported
	GL_EXT_draw_instanced	Not Supported
	GL_EXT_draw_range_elements	Supported
	GL_EXT_fog_coord	Supported
	GL_EXT_fog_function	Not Supported
	GL_EXT_fog_offset	Not Supported
	GL_EXT_frag_depth	Not Supported
	GL_EXT_fragment_lighting	Not Supported
	GL_EXT_framebuffer_blit	Supported
	GL_EXT_framebuffer_multisample	Supported
	GL_EXT_framebuffer_multisample_blit_scaled	Not Supported
	GL_EXT_framebuffer_object	Supported
	GL_EXT_framebuffer_sRGB	Not Supported
	GL_EXT_generate_mipmap	Not Supported
	GL_EXT_geometry_point_size	Not Supported
	GL_EXT_geometry_shader	Not Supported
	GL_EXT_geometry_shader4	Not Supported
	GL_EXT_glx_stereo_tree	Not Supported
	GL_EXT_gpu_program_parameters	Supported
	GL_EXT_gpu_shader_fp64	Not Supported
	GL_EXT_gpu_shader4	Not Supported
	GL_EXT_gpu_shader5	Not Supported
	GL_EXT_histogram	Not Supported
	GL_EXT_import_sync_object	Not Supported
	GL_EXT_index_array_formats	Not Supported
	GL_EXT_index_func	Not Supported
	GL_EXT_index_material	Not Supported
	GL_EXT_index_texture	Not Supported
	GL_EXT_instanced_arrays	Not Supported
	GL_EXT_interlace	Not Supported
	GL_EXT_light_texture	Not Supported
	GL_EXT_map_buffer_range	Not Supported
	GL_EXT_misc_attribute	Not Supported
	GL_EXT_multi_draw_arrays	Supported
	GL_EXT_multisample	Not Supported
	GL_EXT_multisampled_render_to_texture	Not Supported
	GL_EXT_multiview_draw_buffers	Not Supported
	GL_EXT_occlusion_query_boolean	Not Supported
	GL_EXT_packed_depth_stencil	Supported
	GL_EXT_packed_float	Supported
	GL_EXT_packed_pixels	Supported
	GL_EXT_packed_pixels_12	Not Supported
	GL_EXT_paletted_texture	Not Supported
	GL_EXT_pixel_buffer_object	Not Supported
	GL_EXT_pixel_format	Not Supported
	GL_EXT_pixel_texture	Not Supported
	GL_EXT_pixel_transform	Not Supported
	GL_EXT_pixel_transform_color_table	Not Supported
	GL_EXT_point_parameters	Not Supported
	GL_EXT_polygon_offset	Not Supported
	GL_EXT_polygon_offset_clamp	Not Supported
	GL_EXT_post_depth_coverage	Not Supported
	GL_EXT_primitive_bounding_box	Not Supported
	GL_EXT_provoking_vertex	Not Supported
	GL_EXT_pvrtc_sRGB	Not Supported
	GL_EXT_raster_multisample	Not Supported
	GL_EXT_read_format_bgra	Not Supported
	GL_EXT_rescale_normal	Supported
	GL_EXT_robustness	Not Supported
	GL_EXT_scene_marker	Not Supported
	GL_EXT_secondary_color	Supported
	GL_EXT_separate_shader_objects	Not Supported
	GL_EXT_separate_specular_color	Supported
	GL_EXT_shader_atomic_counters	Not Supported
	GL_EXT_shader_framebuffer_fetch	Not Supported
	GL_EXT_shader_image_load_formatted	Not Supported
	GL_EXT_shader_image_load_store	Not Supported
	GL_EXT_shader_implicit_conversions	Not Supported
	GL_EXT_shader_integer_mix	Not Supported
	GL_EXT_shader_io_blocks	Not Supported
	GL_EXT_shader_pixel_local_storage	Not Supported
	GL_EXT_shader_subroutine	Not Supported
	GL_EXT_shader_texture_lod	Not Supported
	GL_EXT_shadow_funcs	Supported
	GL_EXT_shadow_samplers	Not Supported
	GL_EXT_shared_texture_palette	Not Supported
	GL_EXT_sparse_texture2	Not Supported
	GL_EXT_sRGB	Not Supported
	GL_EXT_sRGB_write_control	Not Supported
	GL_EXT_static_vertex_array	Not Supported
	GL_EXT_stencil_clear_tag	Not Supported
	GL_EXT_stencil_two_side	Supported
	GL_EXT_stencil_wrap	Supported
	GL_EXT_subtexture	Not Supported
	GL_EXT_swap_control	Not Supported
	GL_EXT_tessellation_point_size	Not Supported
	GL_EXT_tessellation_shader	Not Supported
	GL_EXT_texgen_reflection	Not Supported
	GL_EXT_texture	Not Supported
	GL_EXT_texture_array	Supported
	GL_EXT_texture_border_clamp	Not Supported
	GL_EXT_texture_buffer	Not Supported
	GL_EXT_texture_buffer_object	Not Supported
	GL_EXT_texture_buffer_object_rgb32	Not Supported
	GL_EXT_texture_color_table	Not Supported
	GL_EXT_texture_compression_bptc	Not Supported
	GL_EXT_texture_compression_dxt1	Not Supported
	GL_EXT_texture_compression_latc	Not Supported
	GL_EXT_texture_compression_rgtc	Not Supported
	GL_EXT_texture_compression_s3tc	Supported
	GL_EXT_texture_cube_map	Not Supported
	GL_EXT_texture_cube_map_array	Not Supported
	GL_EXT_texture_edge_clamp	Supported
	GL_EXT_texture_env	Not Supported
	GL_EXT_texture_env_add	Supported
	GL_EXT_texture_env_combine	Supported
	GL_EXT_texture_env_dot3	Not Supported
	GL_EXT_texture_filter_anisotropic	Supported
	GL_EXT_texture_filter_minmax	Not Supported
	GL_EXT_texture_format_BGRA8888	Not Supported
	GL_EXT_texture_integer	Supported
	GL_EXT_texture_lod	Not Supported
	GL_EXT_texture_lod_bias	Supported
	GL_EXT_texture_mirror_clamp	Not Supported
	GL_EXT_texture_object	Not Supported
	GL_EXT_texture_perturb_normal	Not Supported
	GL_EXT_texture_rectangle	Supported
	GL_EXT_texture_rg	Not Supported
	GL_EXT_texture_shared_exponent	Supported
	GL_EXT_texture_snorm	Supported
	GL_EXT_texture_sRGB	Supported
	GL_EXT_texture_sRGB_decode	Not Supported
	GL_EXT_texture_storage	Not Supported
	GL_EXT_texture_swizzle	Supported
	GL_EXT_texture_type_2_10_10_10_REV	Not Supported
	GL_EXT_texture_view	Not Supported
	GL_EXT_texture3D	Supported
	GL_EXT_texture4D	Not Supported
	GL_EXT_timer_query	Not Supported
	GL_EXT_transform_feedback	Supported
	GL_EXT_transform_feedback2	Not Supported
	GL_EXT_transform_feedback3	Not Supported
	GL_EXT_unpack_subimage	Not Supported
	GL_EXT_vertex_array	Not Supported
	GL_EXT_vertex_array_bgra	Not Supported
	GL_EXT_vertex_array_set	Not Supported
	GL_EXT_vertex_array_setXXX	Not Supported
	GL_EXT_vertex_attrib_64bit	Not Supported
	GL_EXT_vertex_shader	Not Supported
	GL_EXT_vertex_weighting	Not Supported
	GL_EXT_x11_sync_object	Not Supported
	GL_EXTX_framebuffer_mixed_formats	Not Supported
	GL_EXTX_packed_depth_stencil	Not Supported
	GL_FGL_lock_texture	Not Supported
	GL_FJ_shader_binary_GCCSO	Not Supported
	GL_GL2_geometry_shader	Not Supported
	GL_GREMEDY_frame_terminator	Not Supported
	GL_GREMEDY_string_marker	Not Supported
	GL_HP_convolution_border_modes	Not Supported
	GL_HP_image_transform	Not Supported
	GL_HP_occlusion_test	Not Supported
	GL_HP_texture_lighting	Not Supported
	GL_I3D_argb	Not Supported
	GL_I3D_color_clamp	Not Supported
	GL_I3D_interlace_read	Not Supported
	GL_IBM_clip_check	Not Supported
	GL_IBM_cull_vertex	Not Supported
	GL_IBM_load_named_matrix	Not Supported
	GL_IBM_multi_draw_arrays	Not Supported
	GL_IBM_multimode_draw_arrays	Not Supported
	GL_IBM_occlusion_cull	Not Supported
	GL_IBM_pixel_filter_hint	Not Supported
	GL_IBM_rasterpos_clip	Not Supported
	GL_IBM_rescale_normal	Not Supported
	GL_IBM_static_data	Not Supported
	GL_IBM_texture_clamp_nodraw	Not Supported
	GL_IBM_texture_mirrored_repeat	Supported
	GL_IBM_vertex_array_lists	Not Supported
	GL_IBM_YCbCr	Not Supported
	GL_IMG_multisampled_render_to_texture	Not Supported
	GL_IMG_program_binary	Not Supported
	GL_IMG_read_format	Not Supported
	GL_IMG_sgx_binary	Not Supported
	GL_IMG_shader_binary	Not Supported
	GL_IMG_texture_compression_pvrtc	Not Supported
	GL_IMG_texture_compression_pvrtc2	Not Supported
	GL_IMG_texture_env_enhanced_fixed_function	Not Supported
	GL_IMG_texture_format_BGRA8888	Not Supported
	GL_IMG_user_clip_plane	Not Supported
	GL_IMG_vertex_program	Not Supported
	GL_INTEL_compute_shader_lane_shift	Not Supported
	GL_INTEL_conservative_rasterization	Not Supported
	GL_INTEL_fragment_shader_ordering	Not Supported
	GL_INTEL_fragment_shader_span_sharing	Not Supported
	GL_INTEL_image_serialize	Not Supported
	GL_INTEL_map_texture	Supported
	GL_INTEL_multi_rate_fragment_shader	Not Supported
	GL_INTEL_parallel_arrays	Not Supported
	GL_INTEL_performance_queries	Supported
	GL_INTEL_performance_query	Not Supported
	GL_INTEL_texture_scissor	Not Supported
	GL_INGR_blend_func_separate	Not Supported
	GL_INGR_color_clamp	Not Supported
	GL_INGR_interlace_read	Not Supported
	GL_INGR_multiple_palette	Not Supported
	GL_KTX_buffer_region	Not Supported
	GL_KHR_blend_equation_advanced	Not Supported
	GL_KHR_blend_equation_advanced_coherent	Not Supported
	GL_KHR_context_flush_control	Not Supported
	GL_KHR_debug	Not Supported
	GL_KHR_robust_buffer_access_behavior	Not Supported
	GL_KHR_robustness	Not Supported
	GL_KHR_texture_compression_astc_hdr	Not Supported
	GL_KHR_texture_compression_astc_ldr	Not Supported
	GL_MESA_pack_invert	Not Supported
	GL_MESA_program_debug	Not Supported
	GL_MESA_resize_buffers	Not Supported
	GL_MESA_texture_array	Not Supported
	GL_MESA_texture_signed_rgba	Not Supported
	GL_MESA_window_pos	Not Supported
	GL_MESA_ycbcr_texture	Not Supported
	GL_MESAX_texture_float	Not Supported
	GL_MESAX_texture_stack	Not Supported
	GL_MTX_fragment_shader	Not Supported
	GL_MTX_precision_dpi	Not Supported
	GL_NV_3dvision_settings	Not Supported
	GL_NV_alpha_test	Not Supported
	GL_NV_bgr	Not Supported
	GL_NV_bindless_multi_draw_indirect	Not Supported
	GL_NV_bindless_multi_draw_indirect_count	Not Supported
	GL_NV_bindless_texture	Not Supported
	GL_NV_blend_equation_advanced	Not Supported
	GL_NV_blend_equation_advanced_coherent	Not Supported
	GL_NV_blend_minmax	Not Supported
	GL_NV_blend_square	Supported
	GL_NV_centroid_sample	Not Supported
	GL_NV_command_list	Not Supported
	GL_NV_complex_primitives	Not Supported
	GL_NV_compute_program5	Not Supported
	GL_NV_conditional_render	Supported
	GL_NV_conservative_raster	Not Supported
	GL_NV_copy_buffer	Not Supported
	GL_NV_copy_depth_to_color	Not Supported
	GL_NV_copy_image	Not Supported
	GL_NV_coverage_sample	Not Supported
	GL_NV_deep_texture3D	Not Supported
	GL_NV_depth_buffer_float	Not Supported
	GL_NV_depth_clamp	Not Supported
	GL_NV_depth_nonlinear	Not Supported
	GL_NV_depth_range_unclamped	Not Supported
	GL_NV_draw_buffers	Not Supported
	GL_NV_draw_instanced	Not Supported
	GL_NV_draw_texture	Not Supported
	GL_NV_EGL_stream_consumer_external	Not Supported
	GL_NV_ES1_1_compatibility	Not Supported
	GL_NV_ES3_1_compatibility	Not Supported
	GL_NV_evaluators	Not Supported
	GL_NV_explicit_attrib_location	Not Supported
	GL_NV_explicit_multisample	Not Supported
	GL_NV_fbo_color_attachments	Not Supported
	GL_NV_fence	Not Supported
	GL_NV_fill_rectangle	Not Supported
	GL_NV_float_buffer	Not Supported
	GL_NV_fog_distance	Not Supported
	GL_NV_fragdepth	Not Supported
	GL_NV_fragment_coverage_to_color	Not Supported
	GL_NV_fragment_program	Not Supported
	GL_NV_fragment_program_option	Not Supported
	GL_NV_fragment_program2	Not Supported
	GL_NV_fragment_program4	Not Supported
	GL_NV_fragment_shader_interlock	Not Supported
	GL_NV_framebuffer_blit	Not Supported
	GL_NV_framebuffer_mixed_samples	Not Supported
	GL_NV_framebuffer_multisample	Not Supported
	GL_NV_framebuffer_multisample_coverage	Not Supported
	GL_NV_framebuffer_multisample_ex	Not Supported
	GL_NV_generate_mipmap_sRGB	Not Supported
	GL_NV_geometry_program4	Not Supported
	GL_NV_geometry_shader_passthrough	Not Supported
	GL_NV_geometry_shader4	Not Supported
	GL_NV_gpu_program_fp64	Not Supported
	GL_NV_gpu_program4	Not Supported
	GL_NV_gpu_program4_1	Not Supported
	GL_NV_gpu_program5	Not Supported
	GL_NV_gpu_program5_mem_extended	Not Supported
	GL_NV_gpu_shader5	Not Supported
	GL_NV_half_float	Not Supported
	GL_NV_instanced_arrays	Not Supported
	GL_NV_internalformat_sample_query	Not Supported
	GL_NV_light_max_exponent	Not Supported
	GL_NV_multisample_coverage	Not Supported
	GL_NV_multisample_filter_hint	Not Supported
	GL_NV_non_square_matrices	Not Supported
	GL_NV_occlusion_query	Not Supported
	GL_NV_pack_subimage	Not Supported
	GL_NV_packed_depth_stencil	Not Supported
	GL_NV_packed_float	Not Supported
	GL_NV_packed_float_linear	Not Supported
	GL_NV_parameter_buffer_object	Not Supported
	GL_NV_parameter_buffer_object2	Not Supported
	GL_NV_path_rendering	Not Supported
	GL_NV_path_rendering_shared_edge	Not Supported
	GL_NV_pixel_buffer_object	Not Supported
	GL_NV_pixel_data_range	Not Supported
	GL_NV_platform_binary	Not Supported
	GL_NV_point_sprite	Not Supported
	GL_NV_present_video	Not Supported
	GL_NV_primitive_restart	Supported
	GL_NV_read_buffer	Not Supported
	GL_NV_read_buffer_front	Not Supported
	GL_NV_read_depth	Not Supported
	GL_NV_read_depth_stencil	Not Supported
	GL_NV_read_stencil	Not Supported
	GL_NV_register_combiners	Not Supported
	GL_NV_register_combiners2	Not Supported
	GL_NV_sample_locations	Not Supported
	GL_NV_sample_mask_override_coverage	Not Supported
	GL_NV_shader_atomic_counters	Not Supported
	GL_NV_shader_atomic_float	Not Supported
	GL_NV_shader_atomic_fp16_vector	Not Supported
	GL_NV_shader_atomic_int64	Not Supported
	GL_NV_shader_buffer_load	Not Supported
	GL_NV_shader_buffer_store	Not Supported
	GL_NV_shader_storage_buffer_object	Not Supported
	GL_NV_shader_thread_group	Not Supported
	GL_NV_shader_thread_shuffle	Not Supported
	GL_NV_shadow_samplers_array	Not Supported
	GL_NV_shadow_samplers_cube	Not Supported
	GL_NV_sRGB_formats	Not Supported
	GL_NV_tessellation_program5	Not Supported
	GL_NV_texgen_emboss	Not Supported
	GL_NV_texgen_reflection	Supported
	GL_NV_texture_array	Not Supported
	GL_NV_texture_barrier	Not Supported
	GL_NV_texture_border_clamp	Not Supported
	GL_NV_texture_compression_latc	Not Supported
	GL_NV_texture_compression_s3tc	Not Supported
	GL_NV_texture_compression_s3tc_update	Not Supported
	GL_NV_texture_compression_vtc	Not Supported
	GL_NV_texture_env_combine4	Not Supported
	GL_NV_texture_expand_normal	Not Supported
	GL_NV_texture_lod_clamp	Not Supported
	GL_NV_texture_multisample	Not Supported
	GL_NV_texture_npot_2D_mipmap	Not Supported
	GL_NV_texture_rectangle	Not Supported
	GL_NV_texture_shader	Not Supported
	GL_NV_texture_shader2	Not Supported
	GL_NV_texture_shader3	Not Supported
	GL_NV_timer_query	Not Supported
	GL_NV_transform_feedback	Not Supported
	GL_NV_transform_feedback2	Not Supported
	GL_NV_uniform_buffer_unified_memory	Not Supported
	GL_NV_vdpau_interop	Not Supported
	GL_NV_vertex_array_range	Not Supported
	GL_NV_vertex_array_range2	Not Supported
	GL_NV_vertex_attrib_64bit	Not Supported
	GL_NV_vertex_attrib_integer_64bit	Not Supported
	GL_NV_vertex_buffer_unified_memory	Not Supported
	GL_NV_vertex_program	Not Supported
	GL_NV_vertex_program1_1	Not Supported
	GL_NV_vertex_program2	Not Supported
	GL_NV_vertex_program2_option	Not Supported
	GL_NV_vertex_program3	Not Supported
	GL_NV_vertex_program4	Not Supported
	GL_NV_video_capture	Not Supported
	GL_NV_viewport_array2	Not Supported
	GL_NVX_conditional_render	Not Supported
	GL_NVX_flush_hold	Not Supported
	GL_NVX_gpu_memory_info	Not Supported
	GL_NVX_instanced_arrays	Not Supported
	GL_NVX_nvenc_interop	Not Supported
	GL_NVX_shader_thread_group	Not Supported
	GL_NVX_shader_thread_shuffle	Not Supported
	GL_NVX_shared_sync_object	Not Supported
	GL_NVX_sysmem_buffer	Not Supported
	GL_NVX_ycrcb	Not Supported
	GL_OES_blend_equation_separate	Not Supported
	GL_OES_blend_func_separate	Not Supported
	GL_OES_blend_subtract	Not Supported
	GL_OES_byte_coordinates	Not Supported
	GL_OES_compressed_EAC_R11_signed_texture	Not Supported
	GL_OES_compressed_EAC_R11_unsigned_texture	Not Supported
	GL_OES_compressed_EAC_RG11_signed_texture	Not Supported
	GL_OES_compressed_EAC_RG11_unsigned_texture	Not Supported
	GL_OES_compressed_ETC1_RGB8_texture	Not Supported
	GL_OES_compressed_ETC2_punchthroughA_RGBA8_texture	Not Supported
	GL_OES_compressed_ETC2_punchthroughA_sRGB8_alpha_texture	Not Supported
	GL_OES_compressed_ETC2_RGB8_texture	Not Supported
	GL_OES_compressed_ETC2_RGBA8_texture	Not Supported
	GL_OES_compressed_ETC2_sRGB8_alpha8_texture	Not Supported
	GL_OES_compressed_ETC2_sRGB8_texture	Not Supported
	GL_OES_compressed_paletted_texture	Not Supported
	GL_OES_conditional_query	Not Supported
	GL_OES_depth_texture	Not Supported
	GL_OES_depth_texture_cube_map	Not Supported
	GL_OES_depth24	Not Supported
	GL_OES_depth32	Not Supported
	GL_OES_draw_texture	Not Supported
	GL_OES_EGL_image	Not Supported
	GL_OES_EGL_image_external	Not Supported
	GL_OES_EGL_sync	Not Supported
	GL_OES_element_index_uint	Not Supported
	GL_OES_extended_matrix_palette	Not Supported
	GL_OES_fbo_render_mipmap	Not Supported
	GL_OES_fixed_point	Not Supported
	GL_OES_fragment_precision_high	Not Supported
	GL_OES_framebuffer_object	Not Supported
	GL_OES_get_program_binary	Not Supported
	GL_OES_mapbuffer	Not Supported
	GL_OES_matrix_get	Not Supported
	GL_OES_matrix_palette	Not Supported
	GL_OES_packed_depth_stencil	Not Supported
	GL_OES_point_size_array	Not Supported
	GL_OES_point_sprite	Not Supported
	GL_OES_query_matrix	Not Supported
	GL_OES_read_format	Not Supported
	GL_OES_required_internalformat	Not Supported
	GL_OES_rgb8_rgba8	Not Supported
	GL_OES_sample_shading	Not Supported
	GL_OES_sample_variables	Not Supported
	GL_OES_shader_image_atomic	Not Supported
	GL_OES_shader_multisample_interpolation	Not Supported
	GL_OES_single_precision	Not Supported
	GL_OES_standard_derivatives	Not Supported
	GL_OES_stencil_wrap	Not Supported
	GL_OES_stencil1	Not Supported
	GL_OES_stencil4	Not Supported
	GL_OES_stencil8	Not Supported
	GL_OES_surfaceless_context	Not Supported
	GL_OES_texture_3D	Not Supported
	GL_OES_texture_compression_astc	Not Supported
	GL_OES_texture_cube_map	Not Supported
	GL_OES_texture_env_crossbar	Not Supported
	GL_OES_texture_float	Not Supported
	GL_OES_texture_float_linear	Not Supported
	GL_OES_texture_half_float	Not Supported
	GL_OES_texture_half_float_linear	Not Supported
	GL_OES_texture_mirrored_repeat	Not Supported
	GL_OES_texture_npot	Not Supported
	GL_OES_texture_stencil8	Not Supported
	GL_OES_texture_storage_multisample_2d_array	Not Supported
	GL_OES_vertex_array_object	Not Supported
	GL_OES_vertex_half_float	Not Supported
	GL_OES_vertex_type_10_10_10_2	Not Supported
	GL_OML_interlace	Not Supported
	GL_OML_resample	Not Supported
	GL_OML_subsample	Not Supported
	GL_PGI_misc_hints	Not Supported
	GL_PGI_vertex_hints	Not Supported
	GL_QCOM_alpha_test	Not Supported
	GL_QCOM_binning_control	Not Supported
	GL_QCOM_driver_control	Not Supported
	GL_QCOM_extended_get	Not Supported
	GL_QCOM_extended_get2	Not Supported
	GL_QCOM_perfmon_global_mode	Not Supported
	GL_QCOM_tiled_rendering	Not Supported
	GL_QCOM_writeonly_rendering	Not Supported
	GL_REND_screen_coordinates	Not Supported
	GL_S3_performance_analyzer	Not Supported
	GL_S3_s3tc	Not Supported
	GL_SGI_color_matrix	Not Supported
	GL_SGI_color_table	Not Supported
	GL_SGI_compiled_vertex_array	Not Supported
	GL_SGI_cull_vertex	Not Supported
	GL_SGI_index_array_formats	Not Supported
	GL_SGI_index_func	Not Supported
	GL_SGI_index_material	Not Supported
	GL_SGI_index_texture	Not Supported
	GL_SGI_make_current_read	Not Supported
	GL_SGI_texture_add_env	Not Supported
	GL_SGI_texture_color_table	Not Supported
	GL_SGI_texture_edge_clamp	Not Supported
	GL_SGI_texture_lod	Not Supported
	GL_SGIS_color_range	Not Supported
	GL_SGIS_detail_texture	Not Supported
	GL_SGIS_fog_function	Not Supported
	GL_SGIS_generate_mipmap	Supported
	GL_SGIS_multisample	Not Supported
	GL_SGIS_multitexture	Not Supported
	GL_SGIS_pixel_texture	Not Supported
	GL_SGIS_point_line_texgen	Not Supported
	GL_SGIS_sharpen_texture	Not Supported
	GL_SGIS_texture_border_clamp	Not Supported
	GL_SGIS_texture_color_mask	Not Supported
	GL_SGIS_texture_edge_clamp	Supported
	GL_SGIS_texture_filter4	Not Supported
	GL_SGIS_texture_lod	Supported
	GL_SGIS_texture_select	Not Supported
	GL_SGIS_texture4D	Not Supported
	GL_SGIX_async	Not Supported
	GL_SGIX_async_histogram	Not Supported
	GL_SGIX_async_pixel	Not Supported
	GL_SGIX_blend_alpha_minmax	Not Supported
	GL_SGIX_clipmap	Not Supported
	GL_SGIX_convolution_accuracy	Not Supported
	GL_SGIX_depth_pass_instrument	Not Supported
	GL_SGIX_depth_texture	Not Supported
	GL_SGIX_flush_raster	Not Supported
	GL_SGIX_fog_offset	Not Supported
	GL_SGIX_fog_texture	Not Supported
	GL_SGIX_fragment_specular_lighting	Not Supported
	GL_SGIX_framezoom	Not Supported
	GL_SGIX_instruments	Not Supported
	GL_SGIX_interlace	Not Supported
	GL_SGIX_ir_instrument1	Not Supported
	GL_SGIX_list_priority	Not Supported
	GL_SGIX_pbuffer	Not Supported
	GL_SGIX_pixel_texture	Not Supported
	GL_SGIX_pixel_texture_bits	Not Supported
	GL_SGIX_reference_plane	Not Supported
	GL_SGIX_resample	Not Supported
	GL_SGIX_shadow	Not Supported
	GL_SGIX_shadow_ambient	Not Supported
	GL_SGIX_sprite	Not Supported
	GL_SGIX_subsample	Not Supported
	GL_SGIX_tag_sample_buffer	Not Supported
	GL_SGIX_texture_add_env	Not Supported
	GL_SGIX_texture_coordinate_clamp	Not Supported
	GL_SGIX_texture_lod_bias	Not Supported
	GL_SGIX_texture_multi_buffer	Not Supported
	GL_SGIX_texture_range	Not Supported
	GL_SGIX_texture_scale_bias	Not Supported
	GL_SGIX_vertex_preclip	Not Supported
	GL_SGIX_vertex_preclip_hint	Not Supported
	GL_SGIX_ycrcb	Not Supported
	GL_SGIX_ycrcb_subsample	Not Supported
	GL_SUN_convolution_border_modes	Not Supported
	GL_SUN_global_alpha	Not Supported
	GL_SUN_mesh_array	Not Supported
	GL_SUN_multi_draw_arrays	Not Supported
	GL_SUN_read_video_pixels	Not Supported
	GL_SUN_slice_accum	Not Supported
	GL_SUN_triangle_list	Not Supported
	GL_SUN_vertex	Not Supported
	GL_SUNX_constant_data	Not Supported
	GL_VIV_shader_binary	Not Supported
	GL_WGL_ARB_extensions_string	Not Supported
	GL_WGL_EXT_extensions_string	Not Supported
	GL_WGL_EXT_swap_control	Not Supported
	GL_WIN_phong_shading	Not Supported
	GL_WIN_specular_fog	Not Supported
	GL_WIN_swap_hint	Supported
	GLU_EXT_nurbs_tessellator	Not Supported
	GLU_EXT_object_space_tess	Not Supported
	GLU_SGI_filter4_parameters	Not Supported
	GLX_AMD_gpu_association	Not Supported
	GLX_ARB_create_context	Not Supported
	GLX_ARB_create_context_profile	Not Supported
	GLX_ARB_create_context_robustness	Not Supported
	GLX_ARB_fbconfig_float	Not Supported
	GLX_ARB_framebuffer_sRGB	Not Supported
	GLX_ARB_get_proc_address	Not Supported
	GLX_ARB_multisample	Not Supported
	GLX_ARB_robustness_application_isolation	Not Supported
	GLX_ARB_robustness_share_group_isolation	Not Supported
	GLX_ARB_vertex_buffer_object	Not Supported
	GLX_EXT_buffer_age	Not Supported
	GLX_EXT_create_context_es_profile	Not Supported
	GLX_EXT_create_context_es2_profile	Not Supported
	GLX_EXT_fbconfig_packed_float	Not Supported
	GLX_EXT_framebuffer_sRGB	Not Supported
	GLX_EXT_import_context	Not Supported
	GLX_EXT_scene_marker	Not Supported
	GLX_EXT_swap_control	Not Supported
	GLX_EXT_swap_control_tear	Not Supported
	GLX_EXT_texture_from_pixmap	Not Supported
	GLX_EXT_visual_info	Not Supported
	GLX_EXT_visual_rating	Not Supported
	GLX_INTEL_swap_event	Not Supported
	GLX_MESA_agp_offset	Not Supported
	GLX_MESA_copy_sub_buffer	Not Supported
	GLX_MESA_multithread_makecurrent	Not Supported
	GLX_MESA_pixmap_colormap	Not Supported
	GLX_MESA_query_renderer	Not Supported
	GLX_MESA_release_buffers	Not Supported
	GLX_MESA_set_3dfx_mode	Not Supported
	GLX_MESA_swap_control	Not Supported
	GLX_NV_copy_image	Not Supported
	GLX_NV_delay_before_swap	Not Supported
	GLX_NV_float_buffer	Not Supported
	GLX_NV_multisample_coverage	Not Supported
	GLX_NV_present_video	Not Supported
	GLX_NV_swap_group	Not Supported
	GLX_NV_video_capture	Not Supported
	GLX_NV_video_out	Not Supported
	GLX_NV_video_output	Not Supported
	GLX_OML_interlace	Not Supported
	GLX_OML_swap_method	Not Supported
	GLX_OML_sync_control	Not Supported
	GLX_SGI_cushion	Not Supported
	GLX_SGI_make_current_read	Not Supported
	GLX_SGI_swap_control	Not Supported
	GLX_SGI_video_sync	Not Supported
	GLX_SGIS_blended_overlay	Not Supported
	GLX_SGIS_color_range	Not Supported
	GLX_SGIS_multisample	Not Supported
	GLX_SGIX_dm_buffer	Not Supported
	GLX_SGIX_fbconfig	Not Supported
	GLX_SGIX_hyperpipe	Not Supported
	GLX_SGIX_pbuffer	Not Supported
	GLX_SGIX_swap_barrier	Not Supported
	GLX_SGIX_swap_group	Not Supported
	GLX_SGIX_video_resize	Not Supported
	GLX_SGIX_video_source	Not Supported
	GLX_SGIX_visual_select_group	Not Supported
	GLX_SUN_get_transparent_index	Not Supported
	GLX_SUN_video_resize	Not Supported
	WGL_3DFX_gamma_control	Not Supported
	WGL_3DFX_multisample	Not Supported
	WGL_3DL_stereo_control	Not Supported
	WGL_AMD_gpu_association	Not Supported
	WGL_AMDX_gpu_association	Not Supported
	WGL_ARB_buffer_region	Supported
	WGL_ARB_context_flush_control	Not Supported
	WGL_ARB_create_context	Supported
	WGL_ARB_create_context_profile	Not Supported
	WGL_ARB_create_context_robustness	Not Supported
	WGL_ARB_extensions_string	Supported
	WGL_ARB_framebuffer_sRGB	Supported
	WGL_ARB_make_current_read	Supported
	WGL_ARB_multisample	Supported
	WGL_ARB_pbuffer	Supported
	WGL_ARB_pixel_format	Supported
	WGL_ARB_pixel_format_float	Supported
	WGL_ARB_render_texture	Not Supported
	WGL_ARB_robustness_application_isolation	Not Supported
	WGL_ARB_robustness_share_group_isolation	Not Supported
	WGL_ATI_pbuffer_memory_hint	Not Supported
	WGL_ATI_pixel_format_float	Not Supported
	WGL_ATI_render_texture_rectangle	Not Supported
	WGL_EXT_buffer_region	Not Supported
	WGL_EXT_create_context_es_profile	Not Supported
	WGL_EXT_create_context_es2_profile	Not Supported
	WGL_EXT_depth_float	Supported
	WGL_EXT_display_color_table	Not Supported
	WGL_EXT_extensions_string	Supported
	WGL_EXT_framebuffer_sRGB	Not Supported
	WGL_EXT_framebuffer_sRGBWGL_ARB_create_context	Not Supported
	WGL_EXT_gamma_control	Not Supported
	WGL_EXT_make_current_read	Not Supported
	WGL_EXT_multisample	Not Supported
	WGL_EXT_pbuffer	Not Supported
	WGL_EXT_pixel_format	Not Supported
	WGL_EXT_pixel_format_packed_float	Supported
	WGL_EXT_render_texture	Not Supported
	WGL_EXT_swap_control	Supported
	WGL_EXT_swap_control_tear	Supported
	WGL_EXT_swap_interval	Not Supported
	WGL_I3D_digital_video_control	Not Supported
	WGL_I3D_gamma	Not Supported
	WGL_I3D_genlock	Not Supported
	WGL_I3D_image_buffer	Not Supported
	WGL_I3D_swap_frame_lock	Not Supported
	WGL_I3D_swap_frame_usage	Not Supported
	WGL_MTX_video_preview	Not Supported
	WGL_NV_copy_image	Not Supported
	WGL_NV_delay_before_swap	Not Supported
	WGL_NV_DX_interop	Not Supported
	WGL_NV_DX_interop2	Not Supported
	WGL_NV_float_buffer	Not Supported
	WGL_NV_gpu_affinity	Not Supported
	WGL_NV_multisample_coverage	Not Supported
	WGL_NV_present_video	Not Supported
	WGL_NV_render_depth_texture	Not Supported
	WGL_NV_render_texture_rectangle	Not Supported
	WGL_NV_swap_group	Not Supported
	WGL_NV_texture_rectangle	Not Supported
	WGL_NV_vertex_array_range	Not Supported
	WGL_NV_video_capture	Not Supported
	WGL_NV_video_output	Not Supported
	WGL_NVX_DX_interop	Not Supported
	WGL_OML_sync_control	Not Supported
	WGL_S3_cl_sharingWGL_ARB_create_context_profile	Not Supported

Supported Compressed Texture Formats:
	RGB DXT1	Supported
	RGBA DXT1	Supported
	RGBA DXT3	Supported
	RGBA DXT5	Supported
	RGB FXT1	Supported
	RGBA FXT1	Supported
	3Dc	Not Supported

Video Adapter Manufacturer:
	Company Name	Intel Corporation
	Product Information	http://www.intel.com/products/chipsets
	Driver Download	http://support.intel.com/support/graphics
	Driver Update	http://www.aida64.com/driver-updates

Fonts


Font Family	Type	Style	Character Set	Char. Size	Char. Weight
@Arial Unicode MS	Swiss	Regular	Arabic	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Baltic	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Central European	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Cyrillic	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	CHINESE_BIG5	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	CHINESE_GB2312	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Greek	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Hangul(Johab)	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Hangul	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Hebrew	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Japanese	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Turkish	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Thai	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Vietnamese	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Western	14 x 43	40 %
@Malgun Gothic Semilight	Swiss	Regular	Baltic	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Cyrillic	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	CHINESE_BIG5	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	CHINESE_GB2312	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Greek	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Hangul(Johab)	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Hangul	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Hebrew	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Japanese	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Turkish	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Vietnamese	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Western	31 x 43	30 %
@Malgun Gothic	Swiss	Regular	Hangul	15 x 43	40 %
@Malgun Gothic	Swiss	Regular	Western	15 x 43	40 %
@Microsoft JhengHei Light	Swiss	Regular	Baltic	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	Central European	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	Cyrillic	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	CHINESE_BIG5	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	CHINESE_GB2312	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	Greek	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	Hangul(Johab)	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	Hangul	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	Hebrew	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	Japanese	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	Turkish	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	Vietnamese	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	Western	32 x 43	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	Baltic	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	Central European	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	Cyrillic	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	CHINESE_BIG5	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	CHINESE_GB2312	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	Greek	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	Hangul(Johab)	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	Hangul	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	Hebrew	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	Japanese	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	Turkish	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	Vietnamese	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	Western	32 x 41	29 %
@Microsoft JhengHei UI	Swiss	Regular	CHINESE_BIG5	15 x 41	40 %
@Microsoft JhengHei UI	Swiss	Regular	Greek	15 x 41	40 %
@Microsoft JhengHei UI	Swiss	Regular	Western	15 x 41	40 %
@Microsoft JhengHei	Swiss	Regular	CHINESE_BIG5	15 x 43	40 %
@Microsoft JhengHei	Swiss	Regular	Greek	15 x 43	40 %
@Microsoft JhengHei	Swiss	Regular	Western	15 x 43	40 %
@Microsoft YaHei Light	Swiss	Regular	Central European	15 x 41	29 %
@Microsoft YaHei Light	Swiss	Regular	Cyrillic	15 x 41	29 %
@Microsoft YaHei Light	Swiss	Regular	CHINESE_GB2312	15 x 41	29 %
@Microsoft YaHei Light	Swiss	Regular	Greek	15 x 41	29 %
@Microsoft YaHei Light	Swiss	Regular	Western	15 x 41	29 %
@Microsoft YaHei UI Light	Swiss	Regular	Central European	15 x 42	29 %
@Microsoft YaHei UI Light	Swiss	Regular	Cyrillic	15 x 42	29 %
@Microsoft YaHei UI Light	Swiss	Regular	CHINESE_GB2312	15 x 42	29 %
@Microsoft YaHei UI Light	Swiss	Regular	Greek	15 x 42	29 %
@Microsoft YaHei UI Light	Swiss	Regular	Western	15 x 42	29 %
@Microsoft YaHei UI	Swiss	Regular	Central European	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	Cyrillic	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	CHINESE_GB2312	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	Greek	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	Turkish	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	Western	15 x 41	40 %
@Microsoft YaHei	Swiss	Regular	Central European	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Cyrillic	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	CHINESE_GB2312	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Greek	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Turkish	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Western	15 x 42	40 %
@MingLiU_HKSCS-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@MingLiU_HKSCS-ExtB	Roman	Regular	Western	16 x 32	40 %
@MingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@MingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
@NSimSun	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
@NSimSun	Modern	Regular	Western	16 x 32	40 %
@PMingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@PMingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
@SimSun	Special	Regular	CHINESE_GB2312	16 x 32	40 %
@SimSun	Special	Regular	Western	16 x 32	40 %
@SimSun-ExtB	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
@SimSun-ExtB	Modern	Regular	Western	16 x 32	40 %
@Yu Gothic Light	Swiss	Regular	Baltic	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Central European	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Cyrillic	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Greek	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Japanese	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Turkish	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Western	31 x 41	30 %
@Yu Gothic Medium	Swiss	Regular	Baltic	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Central European	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Cyrillic	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Greek	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Japanese	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Turkish	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Western	31 x 41	50 %
@Yu Gothic UI Light	Swiss	Regular	Baltic	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Central European	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Cyrillic	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Greek	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Japanese	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Turkish	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Western	17 x 43	30 %
@Yu Gothic UI Semibold	Swiss	Regular	Baltic	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Central European	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Cyrillic	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Greek	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Japanese	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Turkish	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Western	19 x 43	60 %
@Yu Gothic UI Semilight	Swiss	Regular	Baltic	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Central European	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Cyrillic	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Greek	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Japanese	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Turkish	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Western	17 x 43	35 %
@Yu Gothic UI	Swiss	Regular	Baltic	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Central European	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Cyrillic	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Greek	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Japanese	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Turkish	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Western	17 x 43	40 %
@Yu Gothic	Swiss	Regular	Baltic	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Central European	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Cyrillic	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Greek	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Japanese	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Turkish	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Western	31 x 41	40 %
Agency FB	Swiss	Regular	Western	10 x 36	40 %
Aldhabi	Special	Regular	Arabic	16 x 56	40 %
Aldhabi	Special	Regular	Western	16 x 56	40 %
Algerian	Decorative	Regular	Western	17 x 36	40 %
Andalus	Roman	Regular	Arabic	15 x 49	40 %
Andalus	Roman	Regular	Western	15 x 49	40 %
Aparajita	Swiss	Regular	Western	16 x 38	40 %
Arabic Typesetting	Script	Regular	Arabic	9 x 36	40 %
Arabic Typesetting	Script	Regular	Baltic	9 x 36	40 %
Arabic Typesetting	Script	Regular	Central European	9 x 36	40 %
Arabic Typesetting	Script	Regular	Turkish	9 x 36	40 %
Arabic Typesetting	Script	Regular	Western	9 x 36	40 %
Arial Black	Swiss	Regular	Baltic	18 x 45	90 %
Arial Black	Swiss	Regular	Central European	18 x 45	90 %
Arial Black	Swiss	Regular	Cyrillic	18 x 45	90 %
Arial Black	Swiss	Regular	Greek	18 x 45	90 %
Arial Black	Swiss	Regular	Turkish	18 x 45	90 %
Arial Black	Swiss	Regular	Western	18 x 45	90 %
Arial Narrow	Swiss	Regular	Baltic	12 x 36	40 %
Arial Narrow	Swiss	Regular	Central European	12 x 36	40 %
Arial Narrow	Swiss	Regular	Cyrillic	12 x 36	40 %
Arial Narrow	Swiss	Regular	Greek	12 x 36	40 %
Arial Narrow	Swiss	Regular	Turkish	12 x 36	40 %
Arial Narrow	Swiss	Regular	Western	12 x 36	40 %
Arial Rounded MT Bold	Swiss	Regular	Western	15 x 37	40 %
Arial Unicode MS	Swiss	Regular	Arabic	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Baltic	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Central European	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Cyrillic	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	CHINESE_BIG5	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	CHINESE_GB2312	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Greek	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Hangul(Johab)	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Hangul	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Hebrew	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Japanese	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Turkish	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Thai	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Vietnamese	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Western	14 x 43	40 %
Arial	Swiss	Regular	Arabic	14 x 36	40 %
Arial	Swiss	Regular	Baltic	14 x 36	40 %
Arial	Swiss	Regular	Central European	14 x 36	40 %
Arial	Swiss	Regular	Cyrillic	14 x 36	40 %
Arial	Swiss	Regular	Greek	14 x 36	40 %
Arial	Swiss	Regular	Hebrew	14 x 36	40 %
Arial	Swiss	Regular	Turkish	14 x 36	40 %
Arial	Swiss	Regular	Vietnamese	14 x 36	40 %
Arial	Swiss	Regular	Western	14 x 36	40 %
Baskerville Old Face	Roman	Regular	Western	13 x 37	40 %
Bauhaus 93	Decorative	Regular	Western	14 x 36	40 %
Bell MT	Roman	Regular	Western	13 x 35	40 %
Berlin Sans FB Demi	Swiss	Bold	Western	14 x 36	70 %
Berlin Sans FB	Swiss	Regular	Western	13 x 35	40 %
Bernard MT Condensed	Roman	Regular	Western	12 x 38	40 %
Blackadder ITC	Decorative	Regular	Western	10 x 41	40 %
Bodoni MT Black	Roman	Regular	Western	16 x 37	90 %
Bodoni MT Condensed	Roman	Regular	Western	9 x 38	40 %
Bodoni MT Poster Compressed	Roman	Regular	Turkish	8 x 37	30 %
Bodoni MT Poster Compressed	Roman	Regular	Western	8 x 37	30 %
Bodoni MT	Roman	Regular	Western	13 x 38	40 %
Book Antiqua	Roman	Regular	Baltic	14 x 40	40 %
Book Antiqua	Roman	Regular	Central European	14 x 40	40 %
Book Antiqua	Roman	Regular	Cyrillic	14 x 40	40 %
Book Antiqua	Roman	Regular	Greek	14 x 40	40 %
Book Antiqua	Roman	Regular	Turkish	14 x 40	40 %
Book Antiqua	Roman	Regular	Western	14 x 40	40 %
Bookman Old Style	Roman	Regular	Baltic	16 x 36	30 %
Bookman Old Style	Roman	Regular	Central European	16 x 36	30 %
Bookman Old Style	Roman	Regular	Cyrillic	16 x 36	30 %
Bookman Old Style	Roman	Regular	Greek	16 x 36	30 %
Bookman Old Style	Roman	Regular	Turkish	16 x 36	30 %
Bookman Old Style	Roman	Regular	Western	16 x 36	30 %
Bookshelf Symbol 7	Special	Regular	Symbol	21 x 32	40 %
Bradley Hand ITC	Script	Regular	Western	13 x 40	40 %
Britannic Bold	Swiss	Regular	Western	14 x 35	40 %
Broadway	Decorative	Regular	Western	17 x 36	40 %
Brush Script MT	Script	Italic	Western	10 x 39	40 %
Calibri Light	Swiss	Regular	Baltic	17 x 39	30 %
Calibri Light	Swiss	Regular	Central European	17 x 39	30 %
Calibri Light	Swiss	Regular	Cyrillic	17 x 39	30 %
Calibri Light	Swiss	Regular	Greek	17 x 39	30 %
Calibri Light	Swiss	Regular	Turkish	17 x 39	30 %
Calibri Light	Swiss	Regular	Vietnamese	17 x 39	30 %
Calibri Light	Swiss	Regular	Western	17 x 39	30 %
Calibri	Swiss	Regular	Baltic	17 x 39	40 %
Calibri	Swiss	Regular	Central European	17 x 39	40 %
Calibri	Swiss	Regular	Cyrillic	17 x 39	40 %
Calibri	Swiss	Regular	Greek	17 x 39	40 %
Calibri	Swiss	Regular	Turkish	17 x 39	40 %
Calibri	Swiss	Regular	Vietnamese	17 x 39	40 %
Calibri	Swiss	Regular	Western	17 x 39	40 %
Californian FB	Roman	Regular	Western	13 x 36	40 %
Calisto MT	Roman	Regular	Western	13 x 37	40 %
Cambria Math	Roman	Regular	Baltic	20 x 179	40 %
Cambria Math	Roman	Regular	Central European	20 x 179	40 %
Cambria Math	Roman	Regular	Cyrillic	20 x 179	40 %
Cambria Math	Roman	Regular	Greek	20 x 179	40 %
Cambria Math	Roman	Regular	Turkish	20 x 179	40 %
Cambria Math	Roman	Regular	Vietnamese	20 x 179	40 %
Cambria Math	Roman	Regular	Western	20 x 179	40 %
Cambria	Roman	Regular	Baltic	20 x 38	40 %
Cambria	Roman	Regular	Central European	20 x 38	40 %
Cambria	Roman	Regular	Cyrillic	20 x 38	40 %
Cambria	Roman	Regular	Greek	20 x 38	40 %
Cambria	Roman	Regular	Turkish	20 x 38	40 %
Cambria	Roman	Regular	Vietnamese	20 x 38	40 %
Cambria	Roman	Regular	Western	20 x 38	40 %
Candara	Swiss	Regular	Baltic	17 x 39	40 %
Candara	Swiss	Regular	Central European	17 x 39	40 %
Candara	Swiss	Regular	Cyrillic	17 x 39	40 %
Candara	Swiss	Regular	Greek	17 x 39	40 %
Candara	Swiss	Regular	Turkish	17 x 39	40 %
Candara	Swiss	Regular	Vietnamese	17 x 39	40 %
Candara	Swiss	Regular	Western	17 x 39	40 %
Castellar	Roman	Regular	Western	21 x 39	40 %
Centaur	Roman	Regular	Western	12 x 36	40 %
Century Gothic	Swiss	Regular	Baltic	16 x 38	40 %
Century Gothic	Swiss	Regular	Central European	16 x 38	40 %
Century Gothic	Swiss	Regular	Cyrillic	16 x 38	40 %
Century Gothic	Swiss	Regular	Greek	16 x 38	40 %
Century Gothic	Swiss	Regular	Turkish	16 x 38	40 %
Century Gothic	Swiss	Regular	Western	16 x 38	40 %
Century Schoolbook	Roman	Regular	Baltic	15 x 38	40 %
Century Schoolbook	Roman	Regular	Central European	15 x 38	40 %
Century Schoolbook	Roman	Regular	Cyrillic	15 x 38	40 %
Century Schoolbook	Roman	Regular	Greek	15 x 38	40 %
Century Schoolbook	Roman	Regular	Turkish	15 x 38	40 %
Century Schoolbook	Roman	Regular	Western	15 x 38	40 %
Century	Roman	Regular	Baltic	15 x 38	40 %
Century	Roman	Regular	Central European	15 x 38	40 %
Century	Roman	Regular	Cyrillic	15 x 38	40 %
Century	Roman	Regular	Greek	15 x 38	40 %
Century	Roman	Regular	Turkish	15 x 38	40 %
Century	Roman	Regular	Western	15 x 38	40 %
Colonna MT	Decorative	Regular	Western	13 x 34	40 %
Comic Sans MS	Script	Regular	Baltic	15 x 45	40 %
Comic Sans MS	Script	Regular	Central European	15 x 45	40 %
Comic Sans MS	Script	Regular	Cyrillic	15 x 45	40 %
Comic Sans MS	Script	Regular	Greek	15 x 45	40 %
Comic Sans MS	Script	Regular	Turkish	15 x 45	40 %
Comic Sans MS	Script	Regular	Western	15 x 45	40 %
Consolas	Modern	Regular	Baltic	18 x 37	40 %
Consolas	Modern	Regular	Central European	18 x 37	40 %
Consolas	Modern	Regular	Cyrillic	18 x 37	40 %
Consolas	Modern	Regular	Greek	18 x 37	40 %
Consolas	Modern	Regular	Turkish	18 x 37	40 %
Consolas	Modern	Regular	Vietnamese	18 x 37	40 %
Consolas	Modern	Regular	Western	18 x 37	40 %
Constantia	Roman	Regular	Baltic	17 x 39	40 %
Constantia	Roman	Regular	Central European	17 x 39	40 %
Constantia	Roman	Regular	Cyrillic	17 x 39	40 %
Constantia	Roman	Regular	Greek	17 x 39	40 %
Constantia	Roman	Regular	Turkish	17 x 39	40 %
Constantia	Roman	Regular	Vietnamese	17 x 39	40 %
Constantia	Roman	Regular	Western	17 x 39	40 %
Cooper Black	Roman	Regular	Western	16 x 37	40 %
Copperplate Gothic Bold	Swiss	Regular	Western	19 x 36	40 %
Copperplate Gothic Light	Swiss	Regular	Western	18 x 35	40 %
Corbel	Swiss	Regular	Baltic	17 x 39	40 %
Corbel	Swiss	Regular	Central European	17 x 39	40 %
Corbel	Swiss	Regular	Cyrillic	17 x 39	40 %
Corbel	Swiss	Regular	Greek	17 x 39	40 %
Corbel	Swiss	Regular	Turkish	17 x 39	40 %
Corbel	Swiss	Regular	Vietnamese	17 x 39	40 %
Corbel	Swiss	Regular	Western	17 x 39	40 %
Courier New	Modern	Regular	Arabic	19 x 36	40 %
Courier New	Modern	Regular	Baltic	19 x 36	40 %
Courier New	Modern	Regular	Central European	19 x 36	40 %
Courier New	Modern	Regular	Cyrillic	19 x 36	40 %
Courier New	Modern	Regular	Greek	19 x 36	40 %
Courier New	Modern	Regular	Hebrew	19 x 36	40 %
Courier New	Modern	Regular	Turkish	19 x 36	40 %
Courier New	Modern	Regular	Vietnamese	19 x 36	40 %
Courier New	Modern	Regular	Western	19 x 36	40 %
Courier	Modern		Western	8 x 13	40 %
Curlz MT	Decorative	Regular	Western	12 x 42	40 %
Chiller	Decorative	Regular	Western	9 x 37	40 %
Ebrima	Special	Regular	Baltic	19 x 43	40 %
Ebrima	Special	Regular	Central European	19 x 43	40 %
Ebrima	Special	Regular	Turkish	19 x 43	40 %
Ebrima	Special	Regular	Western	19 x 43	40 %
Edwardian Script ITC	Script	Regular	Western	8 x 38	40 %
Elephant	Roman	Regular	Western	16 x 41	40 %
Engravers MT	Roman	Regular	Western	25 x 37	50 %
Eras Bold ITC	Swiss	Regular	Western	16 x 37	40 %
Eras Demi ITC	Swiss	Regular	Western	15 x 36	40 %
Eras Light ITC	Swiss	Regular	Western	13 x 36	40 %
Eras Medium ITC	Swiss	Regular	Western	14 x 36	40 %
Felix Titling	Decorative	Regular	Western	19 x 37	40 %
Fixedsys	Modern		Western	8 x 15	40 %
Footlight MT Light	Roman	Regular	Western	13 x 34	30 %
Forte	Script	Regular	Western	14 x 35	40 %
Franklin Gothic Book	Swiss	Regular	Baltic	13 x 36	40 %
Franklin Gothic Book	Swiss	Regular	Central European	13 x 36	40 %
Franklin Gothic Book	Swiss	Regular	Cyrillic	13 x 36	40 %
Franklin Gothic Book	Swiss	Regular	Greek	13 x 36	40 %
Franklin Gothic Book	Swiss	Regular	Turkish	13 x 36	40 %
Franklin Gothic Book	Swiss	Regular	Western	13 x 36	40 %
Franklin Gothic Demi Cond	Swiss	Regular	Baltic	12 x 36	40 %
Franklin Gothic Demi Cond	Swiss	Regular	Central European	12 x 36	40 %
Franklin Gothic Demi Cond	Swiss	Regular	Cyrillic	12 x 36	40 %
Franklin Gothic Demi Cond	Swiss	Regular	Greek	12 x 36	40 %
Franklin Gothic Demi Cond	Swiss	Regular	Turkish	12 x 36	40 %
Franklin Gothic Demi Cond	Swiss	Regular	Western	12 x 36	40 %
Franklin Gothic Demi	Swiss	Regular	Baltic	14 x 36	40 %
Franklin Gothic Demi	Swiss	Regular	Central European	14 x 36	40 %
Franklin Gothic Demi	Swiss	Regular	Cyrillic	14 x 36	40 %
Franklin Gothic Demi	Swiss	Regular	Greek	14 x 36	40 %
Franklin Gothic Demi	Swiss	Regular	Turkish	14 x 36	40 %
Franklin Gothic Demi	Swiss	Regular	Western	14 x 36	40 %
Franklin Gothic Heavy	Swiss	Regular	Baltic	15 x 36	40 %
Franklin Gothic Heavy	Swiss	Regular	Central European	15 x 36	40 %
Franklin Gothic Heavy	Swiss	Regular	Cyrillic	15 x 36	40 %
Franklin Gothic Heavy	Swiss	Regular	Greek	15 x 36	40 %
Franklin Gothic Heavy	Swiss	Regular	Turkish	15 x 36	40 %
Franklin Gothic Heavy	Swiss	Regular	Western	15 x 36	40 %
Franklin Gothic Medium Cond	Swiss	Regular	Baltic	12 x 36	40 %
Franklin Gothic Medium Cond	Swiss	Regular	Central European	12 x 36	40 %
Franklin Gothic Medium Cond	Swiss	Regular	Cyrillic	12 x 36	40 %
Franklin Gothic Medium Cond	Swiss	Regular	Greek	12 x 36	40 %
Franklin Gothic Medium Cond	Swiss	Regular	Turkish	12 x 36	40 %
Franklin Gothic Medium Cond	Swiss	Regular	Western	12 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Baltic	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Central European	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Cyrillic	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Greek	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Turkish	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Western	14 x 36	40 %
Freestyle Script	Script	Regular	Western	8 x 38	40 %
French Script MT	Script	Regular	Western	9 x 36	40 %
Gabriola	Decorative	Regular	Baltic	16 x 59	40 %
Gabriola	Decorative	Regular	Central European	16 x 59	40 %
Gabriola	Decorative	Regular	Cyrillic	16 x 59	40 %
Gabriola	Decorative	Regular	Greek	16 x 59	40 %
Gabriola	Decorative	Regular	Turkish	16 x 59	40 %
Gabriola	Decorative	Regular	Western	16 x 59	40 %
Gadugi	Swiss	Regular	Western	18 x 43	40 %
Garamond	Roman	Regular	Baltic	12 x 36	40 %
Garamond	Roman	Regular	Central European	12 x 36	40 %
Garamond	Roman	Regular	Cyrillic	12 x 36	40 %
Garamond	Roman	Regular	Greek	12 x 36	40 %
Garamond	Roman	Regular	Turkish	12 x 36	40 %
Garamond	Roman	Regular	Western	12 x 36	40 %
Georgia	Roman	Regular	Baltic	14 x 36	40 %
Georgia	Roman	Regular	Central European	14 x 36	40 %
Georgia	Roman	Regular	Cyrillic	14 x 36	40 %
Georgia	Roman	Regular	Greek	14 x 36	40 %
Georgia	Roman	Regular	Turkish	14 x 36	40 %
Georgia	Roman	Regular	Western	14 x 36	40 %
Gloucester MT Extra Condensed	Roman	Regular	Western	9 x 37	40 %
Goudy Old Style	Roman	Regular	Western	13 x 36	40 %
Goudy Stout	Roman	Regular	Western	36 x 44	40 %
Gigi	Decorative	Regular	Western	13 x 44	40 %
Gill Sans MT Condensed	Swiss	Regular	Central European	10 x 39	40 %
Gill Sans MT Condensed	Swiss	Regular	Western	10 x 39	40 %
Gill Sans MT Ext Condensed Bold	Swiss	Regular	Central European	7 x 38	40 %
Gill Sans MT Ext Condensed Bold	Swiss	Regular	Western	7 x 38	40 %
Gill Sans MT	Swiss	Regular	Central European	13 x 37	40 %
Gill Sans MT	Swiss	Regular	Western	13 x 37	40 %
Gill Sans Ultra Bold Condensed	Swiss	Regular	Central European	14 x 40	40 %
Gill Sans Ultra Bold Condensed	Swiss	Regular	Western	14 x 40	40 %
Gill Sans Ultra Bold	Swiss	Regular	Central European	20 x 40	40 %
Gill Sans Ultra Bold	Swiss	Regular	Western	20 x 40	40 %
Haettenschweiler	Swiss	Regular	Baltic	10 x 33	40 %
Haettenschweiler	Swiss	Regular	Central European	10 x 33	40 %
Haettenschweiler	Swiss	Regular	Cyrillic	10 x 33	40 %
Haettenschweiler	Swiss	Regular	Greek	10 x 33	40 %
Haettenschweiler	Swiss	Regular	Turkish	10 x 33	40 %
Haettenschweiler	Swiss	Regular	Western	10 x 33	40 %
Harlow Solid Italic	Decorative	Italic	Western	12 x 40	40 %
Harrington	Decorative	Regular	Western	14 x 38	40 %
High Tower Text	Roman	Regular	Western	13 x 37	40 %
Impact	Swiss	Regular	Baltic	19 x 39	40 %
Impact	Swiss	Regular	Central European	19 x 39	40 %
Impact	Swiss	Regular	Cyrillic	19 x 39	40 %
Impact	Swiss	Regular	Greek	19 x 39	40 %
Impact	Swiss	Regular	Turkish	19 x 39	40 %
Impact	Swiss	Regular	Western	19 x 39	40 %
Imprint MT Shadow	Decorative	Regular	Western	13 x 38	40 %
Informal Roman	Script	Regular	Western	12 x 32	40 %
Javanese Text	Special	Regular	Western	26 x 73	40 %
Jokerman	Decorative	Regular	Western	16 x 48	40 %
Juice ITC	Decorative	Regular	Western	9 x 36	40 %
Kokila	Swiss	Regular	Western	13 x 37	40 %
Kristen ITC	Script	Regular	Western	16 x 44	40 %
Kunstler Script	Script	Regular	Western	8 x 35	40 %
Leelawadee UI Semilight	Swiss	Regular	Thai	17 x 43	35 %
Leelawadee UI Semilight	Swiss	Regular	Vietnamese	17 x 43	35 %
Leelawadee UI Semilight	Swiss	Regular	Western	17 x 43	35 %
Leelawadee UI	Swiss	Regular	Thai	17 x 43	40 %
Leelawadee UI	Swiss	Regular	Vietnamese	17 x 43	40 %
Leelawadee UI	Swiss	Regular	Western	17 x 43	40 %
Leelawadee	Swiss	Regular	Thai	17 x 38	40 %
Leelawadee	Swiss	Regular	Western	17 x 38	40 %
Lucida Bright	Roman	Regular	Western	16 x 36	40 %
Lucida Calligraphy	Script	Italic	Western	17 x 40	40 %
Lucida Console	Modern	Regular	Central European	19 x 32	40 %
Lucida Console	Modern	Regular	Cyrillic	19 x 32	40 %
Lucida Console	Modern	Regular	Greek	19 x 32	40 %
Lucida Console	Modern	Regular	Turkish	19 x 32	40 %
Lucida Console	Modern	Regular	Western	19 x 32	40 %
Lucida Fax	Roman	Regular	Western	16 x 37	40 %
Lucida Handwriting	Script	Italic	Western	18 x 41	40 %
Lucida Sans Typewriter	Modern	Regular	Western	19 x 36	40 %
Lucida Sans Unicode	Swiss	Regular	Baltic	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Central European	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Cyrillic	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Greek	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Hebrew	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Turkish	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Western	16 x 49	40 %
Lucida Sans	Swiss	Regular	Western	16 x 36	40 %
Magneto	Decorative	Bold	Western	18 x 39	70 %
Maiandra GD	Swiss	Regular	Western	14 x 38	40 %
Malgun Gothic Semilight	Swiss	Regular	Baltic	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Cyrillic	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	CHINESE_BIG5	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	CHINESE_GB2312	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Greek	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Hangul(Johab)	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Hangul	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Hebrew	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Japanese	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Turkish	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Vietnamese	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Western	31 x 43	30 %
Malgun Gothic	Swiss	Regular	Hangul	15 x 43	40 %
Malgun Gothic	Swiss	Regular	Western	15 x 43	40 %
Mangal	Roman	Regular	Western	19 x 54	40 %
Marlett	Special	Regular	Symbol	31 x 32	50 %
Matura MT Script Capitals	Script	Regular	Western	14 x 43	40 %
Microsoft Himalaya	Special	Regular	Western	13 x 32	40 %
Microsoft JhengHei Light	Swiss	Regular	Baltic	32 x 43	29 %
Microsoft JhengHei Light	Swiss	Regular	Central European	32 x 43	29 %
Microsoft JhengHei Light	Swiss	Regular	Cyrillic	32 x 43	29 %
Microsoft JhengHei Light	Swiss	Regular	CHINESE_BIG5	32 x 43	29 %
Microsoft JhengHei Light	Swiss	Regular	CHINESE_GB2312	32 x 43	29 %
Microsoft JhengHei Light	Swiss	Regular	Greek	32 x 43	29 %
Microsoft JhengHei Light	Swiss	Regular	Hangul(Johab)	32 x 43	29 %
Microsoft JhengHei Light	Swiss	Regular	Hangul	32 x 43	29 %
Microsoft JhengHei Light	Swiss	Regular	Hebrew	32 x 43	29 %
Microsoft JhengHei Light	Swiss	Regular	Japanese	32 x 43	29 %
Microsoft JhengHei Light	Swiss	Regular	Turkish	32 x 43	29 %
Microsoft JhengHei Light	Swiss	Regular	Vietnamese	32 x 43	29 %
Microsoft JhengHei Light	Swiss	Regular	Western	32 x 43	29 %
Microsoft JhengHei UI Light	Swiss	Regular	Baltic	32 x 41	29 %
Microsoft JhengHei UI Light	Swiss	Regular	Central European	32 x 41	29 %
Microsoft JhengHei UI Light	Swiss	Regular	Cyrillic	32 x 41	29 %
Microsoft JhengHei UI Light	Swiss	Regular	CHINESE_BIG5	32 x 41	29 %
Microsoft JhengHei UI Light	Swiss	Regular	CHINESE_GB2312	32 x 41	29 %
Microsoft JhengHei UI Light	Swiss	Regular	Greek	32 x 41	29 %
Microsoft JhengHei UI Light	Swiss	Regular	Hangul(Johab)	32 x 41	29 %
Microsoft JhengHei UI Light	Swiss	Regular	Hangul	32 x 41	29 %
Microsoft JhengHei UI Light	Swiss	Regular	Hebrew	32 x 41	29 %
Microsoft JhengHei UI Light	Swiss	Regular	Japanese	32 x 41	29 %
Microsoft JhengHei UI Light	Swiss	Regular	Turkish	32 x 41	29 %
Microsoft JhengHei UI Light	Swiss	Regular	Vietnamese	32 x 41	29 %
Microsoft JhengHei UI Light	Swiss	Regular	Western	32 x 41	29 %
Microsoft JhengHei UI	Swiss	Regular	CHINESE_BIG5	15 x 41	40 %
Microsoft JhengHei UI	Swiss	Regular	Greek	15 x 41	40 %
Microsoft JhengHei UI	Swiss	Regular	Western	15 x 41	40 %
Microsoft JhengHei	Swiss	Regular	CHINESE_BIG5	15 x 43	40 %
Microsoft JhengHei	Swiss	Regular	Greek	15 x 43	40 %
Microsoft JhengHei	Swiss	Regular	Western	15 x 43	40 %
Microsoft New Tai Lue	Swiss	Regular	Western	19 x 42	40 %
Microsoft PhagsPa	Swiss	Regular	Western	24 x 41	40 %
Microsoft Sans Serif	Swiss	Regular	Arabic	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Baltic	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Central European	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Cyrillic	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Greek	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Hebrew	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Turkish	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Thai	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Vietnamese	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Western	14 x 36	40 %
Microsoft Tai Le	Swiss	Regular	Western	19 x 41	40 %
Microsoft Uighur	Special	Regular	Arabic	13 x 32	40 %
Microsoft Uighur	Special	Regular	Western	13 x 32	40 %
Microsoft YaHei Light	Swiss	Regular	Central European	15 x 41	29 %
Microsoft YaHei Light	Swiss	Regular	Cyrillic	15 x 41	29 %
Microsoft YaHei Light	Swiss	Regular	CHINESE_GB2312	15 x 41	29 %
Microsoft YaHei Light	Swiss	Regular	Greek	15 x 41	29 %
Microsoft YaHei Light	Swiss	Regular	Western	15 x 41	29 %
Microsoft YaHei UI Light	Swiss	Regular	Central European	15 x 42	29 %
Microsoft YaHei UI Light	Swiss	Regular	Cyrillic	15 x 42	29 %
Microsoft YaHei UI Light	Swiss	Regular	CHINESE_GB2312	15 x 42	29 %
Microsoft YaHei UI Light	Swiss	Regular	Greek	15 x 42	29 %
Microsoft YaHei UI Light	Swiss	Regular	Western	15 x 42	29 %
Microsoft YaHei UI	Swiss	Regular	Central European	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	Cyrillic	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	CHINESE_GB2312	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	Greek	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	Turkish	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	Western	15 x 41	40 %
Microsoft YaHei	Swiss	Regular	Central European	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Cyrillic	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	CHINESE_GB2312	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Greek	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Turkish	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Western	15 x 42	40 %
Microsoft Yi Baiti	Script	Regular	Western	21 x 32	40 %
MingLiU_HKSCS-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
MingLiU_HKSCS-ExtB	Roman	Regular	Western	16 x 32	40 %
MingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
MingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
Mistral	Script	Regular	Baltic	10 x 39	40 %
Mistral	Script	Regular	Central European	10 x 39	40 %
Mistral	Script	Regular	Cyrillic	10 x 39	40 %
Mistral	Script	Regular	Greek	10 x 39	40 %
Mistral	Script	Regular	Turkish	10 x 39	40 %
Mistral	Script	Regular	Western	10 x 39	40 %
Modern No. 20	Roman	Regular	Western	13 x 33	40 %
Modern	Modern		OEM/DOS	19 x 37	40 %
Monotype Corsiva	Script	Regular	Baltic	11 x 35	40 %
Monotype Corsiva	Script	Regular	Central European	11 x 35	40 %
Monotype Corsiva	Script	Regular	Cyrillic	11 x 35	40 %
Monotype Corsiva	Script	Regular	Greek	11 x 35	40 %
Monotype Corsiva	Script	Regular	Turkish	11 x 35	40 %
Monotype Corsiva	Script	Regular	Western	11 x 35	40 %
Mongolian Baiti	Script	Regular	Western	14 x 34	40 %
MS Outlook	Special	Regular	Symbol	31 x 33	40 %
MS Reference Sans Serif	Swiss	Regular	Baltic	16 x 39	40 %
MS Reference Sans Serif	Swiss	Regular	Central European	16 x 39	40 %
MS Reference Sans Serif	Swiss	Regular	Cyrillic	16 x 39	40 %
MS Reference Sans Serif	Swiss	Regular	Greek	16 x 39	40 %
MS Reference Sans Serif	Swiss	Regular	Turkish	16 x 39	40 %
MS Reference Sans Serif	Swiss	Regular	Vietnamese	16 x 39	40 %
MS Reference Sans Serif	Swiss	Regular	Western	16 x 39	40 %
MS Reference Specialty	Special	Regular	Symbol	23 x 39	40 %
MS Sans Serif	Swiss		Western	5 x 13	40 %
MS Serif	Roman		Western	5 x 13	40 %
MT Extra	Roman	Regular	Symbol	20 x 32	40 %
MV Boli	Special	Regular	Western	18 x 52	40 %
Myanmar Text	Swiss	Regular	Western	18 x 60	40 %
Niagara Engraved	Decorative	Regular	Western	8 x 34	40 %
Niagara Solid	Decorative	Regular	Western	8 x 34	40 %
Nirmala UI Semilight	Swiss	Regular	Western	17 x 43	35 %
Nirmala UI	Swiss	Regular	Western	31 x 43	40 %
NSimSun	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
NSimSun	Modern	Regular	Western	16 x 32	40 %
Nyala	Special	Regular	Baltic	18 x 33	40 %
Nyala	Special	Regular	Central European	18 x 33	40 %
Nyala	Special	Regular	Turkish	18 x 33	40 %
Nyala	Special	Regular	Western	18 x 33	40 %
OCR A Extended	Modern	Regular	Western	19 x 33	40 %
Old English Text MT	Script	Regular	Western	12 x 39	40 %
Onyx	Decorative	Regular	Western	8 x 37	40 %
Palace Script MT	Script	Regular	Western	7 x 30	40 %
Palatino Linotype	Roman	Regular	Baltic	14 x 43	40 %
Palatino Linotype	Roman	Regular	Central European	14 x 43	40 %
Palatino Linotype	Roman	Regular	Cyrillic	14 x 43	40 %
Palatino Linotype	Roman	Regular	Greek	14 x 43	40 %
Palatino Linotype	Roman	Regular	Turkish	14 x 43	40 %
Palatino Linotype	Roman	Regular	Vietnamese	14 x 43	40 %
Palatino Linotype	Roman	Regular	Western	14 x 43	40 %
Papyrus	Script	Regular	Western	13 x 50	40 %
Parchment	Script	Regular	Western	6 x 34	40 %
Perpetua Titling MT	Roman	Light	Western	19 x 38	30 %
Perpetua	Roman	Regular	Western	12 x 37	40 %
Playbill	Decorative	Regular	Western	8 x 32	40 %
PMingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
PMingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
Poor Richard	Roman	Regular	Western	12 x 36	40 %
Pristina	Script	Regular	Western	10 x 42	40 %
Rage Italic	Script	Regular	Western	11 x 40	40 %
Ravie	Decorative	Regular	Western	22 x 43	40 %
Rockwell Condensed	Roman	Regular	Western	11 x 38	40 %
Rockwell Extra Bold	Roman	Regular	Western	19 x 38	80 %
Rockwell	Roman	Regular	Western	15 x 38	40 %
Roman	Roman		OEM/DOS	22 x 37	40 %
Sakkal Majalla	Special	Regular	Arabic	16 x 45	40 %
Sakkal Majalla	Special	Regular	Baltic	16 x 45	40 %
Sakkal Majalla	Special	Regular	Central European	16 x 45	40 %
Sakkal Majalla	Special	Regular	Turkish	16 x 45	40 %
Sakkal Majalla	Special	Regular	Western	16 x 45	40 %
Script MT Bold	Script	Regular	Western	13 x 39	70 %
Script	Script		OEM/DOS	16 x 36	40 %
Segoe MDL2 Assets	Roman	Regular	Western	32 x 32	40 %
Segoe Print	Special	Regular	Baltic	21 x 56	40 %
Segoe Print	Special	Regular	Central European	21 x 56	40 %
Segoe Print	Special	Regular	Cyrillic	21 x 56	40 %
Segoe Print	Special	Regular	Greek	21 x 56	40 %
Segoe Print	Special	Regular	Turkish	21 x 56	40 %
Segoe Print	Special	Regular	Western	21 x 56	40 %
Segoe Script	Swiss	Regular	Baltic	22 x 51	40 %
Segoe Script	Swiss	Regular	Central European	22 x 51	40 %
Segoe Script	Swiss	Regular	Cyrillic	22 x 51	40 %
Segoe Script	Swiss	Regular	Greek	22 x 51	40 %
Segoe Script	Swiss	Regular	Turkish	22 x 51	40 %
Segoe Script	Swiss	Regular	Western	22 x 51	40 %
Segoe UI Black	Swiss	Regular	Baltic	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Central European	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Cyrillic	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Greek	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Turkish	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Vietnamese	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Western	20 x 43	90 %
Segoe UI Emoji	Swiss	Regular	Western	23 x 43	40 %
Segoe UI Historic	Swiss	Regular	Western	27 x 43	40 %
Segoe UI Light	Swiss	Regular	Arabic	18 x 43	30 %
Segoe UI Light	Swiss	Regular	Baltic	18 x 43	30 %
Segoe UI Light	Swiss	Regular	Central European	18 x 43	30 %
Segoe UI Light	Swiss	Regular	Cyrillic	18 x 43	30 %
Segoe UI Light	Swiss	Regular	Greek	18 x 43	30 %
Segoe UI Light	Swiss	Regular	Hebrew	18 x 43	30 %
Segoe UI Light	Swiss	Regular	Turkish	18 x 43	30 %
Segoe UI Light	Swiss	Regular	Vietnamese	18 x 43	30 %
Segoe UI Light	Swiss	Regular	Western	18 x 43	30 %
Segoe UI Semibold	Swiss	Regular	Arabic	19 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Baltic	19 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Central European	19 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Cyrillic	19 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Greek	19 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Hebrew	19 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Turkish	19 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Vietnamese	19 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Western	19 x 43	60 %
Segoe UI Semilight	Swiss	Regular	Arabic	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Baltic	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Central European	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Cyrillic	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Greek	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Hebrew	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Turkish	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Vietnamese	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Western	17 x 43	35 %
Segoe UI Symbol	Swiss	Regular	Western	23 x 43	40 %
Segoe UI	Swiss	Regular	Arabic	17 x 43	40 %
Segoe UI	Swiss	Regular	Baltic	17 x 43	40 %
Segoe UI	Swiss	Regular	Central European	17 x 43	40 %
Segoe UI	Swiss	Regular	Cyrillic	17 x 43	40 %
Segoe UI	Swiss	Regular	Greek	17 x 43	40 %
Segoe UI	Swiss	Regular	Hebrew	17 x 43	40 %
Segoe UI	Swiss	Regular	Turkish	17 x 43	40 %
Segoe UI	Swiss	Regular	Vietnamese	17 x 43	40 %
Segoe UI	Swiss	Regular	Western	17 x 43	40 %
Shonar Bangla	Swiss	Regular	Western	16 x 41	40 %
Showcard Gothic	Decorative	Regular	Western	18 x 40	40 %
Simplified Arabic Fixed	Modern	Regular	Arabic	19 x 35	40 %
Simplified Arabic Fixed	Modern	Regular	Western	19 x 35	40 %
Simplified Arabic	Roman	Regular	Arabic	13 x 53	40 %
Simplified Arabic	Roman	Regular	Western	13 x 53	40 %
SimSun	Special	Regular	CHINESE_GB2312	16 x 32	40 %
SimSun	Special	Regular	Western	16 x 32	40 %
SimSun-ExtB	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
SimSun-ExtB	Modern	Regular	Western	16 x 32	40 %
Sitka Banner	Special	Regular	Baltic	16 x 46	40 %
Sitka Banner	Special	Regular	Central European	16 x 46	40 %
Sitka Banner	Special	Regular	Cyrillic	16 x 46	40 %
Sitka Banner	Special	Regular	Greek	16 x 46	40 %
Sitka Banner	Special	Regular	Turkish	16 x 46	40 %
Sitka Banner	Special	Regular	Vietnamese	16 x 46	40 %
Sitka Banner	Special	Regular	Western	16 x 46	40 %
Sitka Display	Special	Regular	Baltic	17 x 46	40 %
Sitka Display	Special	Regular	Central European	17 x 46	40 %
Sitka Display	Special	Regular	Cyrillic	17 x 46	40 %
Sitka Display	Special	Regular	Greek	17 x 46	40 %
Sitka Display	Special	Regular	Turkish	17 x 46	40 %
Sitka Display	Special	Regular	Vietnamese	17 x 46	40 %
Sitka Display	Special	Regular	Western	17 x 46	40 %
Sitka Heading	Special	Regular	Baltic	17 x 46	40 %
Sitka Heading	Special	Regular	Central European	17 x 46	40 %
Sitka Heading	Special	Regular	Cyrillic	17 x 46	40 %
Sitka Heading	Special	Regular	Greek	17 x 46	40 %
Sitka Heading	Special	Regular	Turkish	17 x 46	40 %
Sitka Heading	Special	Regular	Vietnamese	17 x 46	40 %
Sitka Heading	Special	Regular	Western	17 x 46	40 %
Sitka Small	Special	Regular	Baltic	21 x 47	40 %
Sitka Small	Special	Regular	Central European	21 x 47	40 %
Sitka Small	Special	Regular	Cyrillic	21 x 47	40 %
Sitka Small	Special	Regular	Greek	21 x 47	40 %
Sitka Small	Special	Regular	Turkish	21 x 47	40 %
Sitka Small	Special	Regular	Vietnamese	21 x 47	40 %
Sitka Small	Special	Regular	Western	21 x 47	40 %
Sitka Subheading	Special	Regular	Baltic	18 x 46	40 %
Sitka Subheading	Special	Regular	Central European	18 x 46	40 %
Sitka Subheading	Special	Regular	Cyrillic	18 x 46	40 %
Sitka Subheading	Special	Regular	Greek	18 x 46	40 %
Sitka Subheading	Special	Regular	Turkish	18 x 46	40 %
Sitka Subheading	Special	Regular	Vietnamese	18 x 46	40 %
Sitka Subheading	Special	Regular	Western	18 x 46	40 %
Sitka Text	Special	Regular	Baltic	19 x 46	40 %
Sitka Text	Special	Regular	Central European	19 x 46	40 %
Sitka Text	Special	Regular	Cyrillic	19 x 46	40 %
Sitka Text	Special	Regular	Greek	19 x 46	40 %
Sitka Text	Special	Regular	Turkish	19 x 46	40 %
Sitka Text	Special	Regular	Vietnamese	19 x 46	40 %
Sitka Text	Special	Regular	Western	19 x 46	40 %
Small Fonts	Swiss		Western	1 x 3	40 %
Snap ITC	Decorative	Regular	Western	19 x 41	40 %
Stencil	Decorative	Regular	Western	18 x 38	40 %
Sylfaen	Roman	Regular	Baltic	13 x 42	40 %
Sylfaen	Roman	Regular	Central European	13 x 42	40 %
Sylfaen	Roman	Regular	Cyrillic	13 x 42	40 %
Sylfaen	Roman	Regular	Greek	13 x 42	40 %
Sylfaen	Roman	Regular	Turkish	13 x 42	40 %
Sylfaen	Roman	Regular	Western	13 x 42	40 %
Symbol	Roman	Regular	Symbol	19 x 39	40 %
System	Swiss		Western	7 x 16	70 %
Tahoma	Swiss	Regular	Arabic	14 x 39	40 %
Tahoma	Swiss	Regular	Baltic	14 x 39	40 %
Tahoma	Swiss	Regular	Central European	14 x 39	40 %
Tahoma	Swiss	Regular	Cyrillic	14 x 39	40 %
Tahoma	Swiss	Regular	Greek	14 x 39	40 %
Tahoma	Swiss	Regular	Hebrew	14 x 39	40 %
Tahoma	Swiss	Regular	Turkish	14 x 39	40 %
Tahoma	Swiss	Regular	Thai	14 x 39	40 %
Tahoma	Swiss	Regular	Vietnamese	14 x 39	40 %
Tahoma	Swiss	Regular	Western	14 x 39	40 %
Tempus Sans ITC	Decorative	Regular	Western	13 x 42	40 %
Terminal	Modern		OEM/DOS	8 x 12	40 %
Times New Roman	Roman	Regular	Arabic	13 x 35	40 %
Times New Roman	Roman	Regular	Baltic	13 x 35	40 %
Times New Roman	Roman	Regular	Central European	13 x 35	40 %
Times New Roman	Roman	Regular	Cyrillic	13 x 35	40 %
Times New Roman	Roman	Regular	Greek	13 x 35	40 %
Times New Roman	Roman	Regular	Hebrew	13 x 35	40 %
Times New Roman	Roman	Regular	Turkish	13 x 35	40 %
Times New Roman	Roman	Regular	Vietnamese	13 x 35	40 %
Times New Roman	Roman	Regular	Western	13 x 35	40 %
Tw Cen MT Condensed Extra Bold	Swiss	Regular	Central European	12 x 35	40 %
Tw Cen MT Condensed Extra Bold	Swiss	Regular	Western	12 x 35	40 %
Tw Cen MT Condensed	Swiss	Regular	Central European	10 x 34	40 %
Tw Cen MT Condensed	Swiss	Regular	Western	10 x 34	40 %
Tw Cen MT	Swiss	Regular	Central European	13 x 35	40 %
Tw Cen MT	Swiss	Regular	Western	13 x 35	40 %
Traditional Arabic	Roman	Regular	Arabic	15 x 48	40 %
Traditional Arabic	Roman	Regular	Western	15 x 48	40 %
Trebuchet MS	Swiss	Regular	Baltic	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Central European	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Cyrillic	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Greek	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Turkish	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Western	15 x 37	40 %
Urdu Typesetting	Script	Regular	Arabic	13 x 55	40 %
Urdu Typesetting	Script	Regular	Western	13 x 55	40 %
Utsaah	Swiss	Regular	Western	13 x 36	40 %
Verdana	Swiss	Regular	Baltic	16 x 39	40 %
Verdana	Swiss	Regular	Central European	16 x 39	40 %
Verdana	Swiss	Regular	Cyrillic	16 x 39	40 %
Verdana	Swiss	Regular	Greek	16 x 39	40 %
Verdana	Swiss	Regular	Turkish	16 x 39	40 %
Verdana	Swiss	Regular	Vietnamese	16 x 39	40 %
Verdana	Swiss	Regular	Western	16 x 39	40 %
Viner Hand ITC	Script	Regular	Western	15 x 52	40 %
Vivaldi	Script	Italic	Western	9 x 38	40 %
Vladimir Script	Script	Regular	Western	10 x 39	40 %
Vrinda	Swiss	Regular	Western	20 x 44	40 %
Webdings	Roman	Regular	Symbol	31 x 32	40 %
Wide Latin	Roman	Regular	Western	26 x 39	40 %
Wingdings 2	Roman	Regular	Symbol	27 x 34	40 %
Wingdings 3	Roman	Regular	Symbol	25 x 36	40 %
Wingdings	Special	Regular	Symbol	28 x 36	40 %
Yu Gothic Light	Swiss	Regular	Baltic	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Central European	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Cyrillic	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Greek	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Japanese	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Turkish	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Western	31 x 41	30 %
Yu Gothic Medium	Swiss	Regular	Baltic	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Central European	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Cyrillic	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Greek	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Japanese	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Turkish	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Western	31 x 41	50 %
Yu Gothic UI Light	Swiss	Regular	Baltic	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Central European	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Cyrillic	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Greek	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Japanese	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Turkish	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Western	17 x 43	30 %
Yu Gothic UI Semibold	Swiss	Regular	Baltic	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Central European	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Cyrillic	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Greek	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Japanese	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Turkish	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Western	19 x 43	60 %
Yu Gothic UI Semilight	Swiss	Regular	Baltic	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Central European	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Cyrillic	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Greek	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Japanese	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Turkish	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Western	17 x 43	35 %
Yu Gothic UI	Swiss	Regular	Baltic	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Central European	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Cyrillic	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Greek	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Japanese	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Turkish	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Western	17 x 43	40 %
Yu Gothic	Swiss	Regular	Baltic	31 x 41	40 %
Yu Gothic	Swiss	Regular	Central European	31 x 41	40 %
Yu Gothic	Swiss	Regular	Cyrillic	31 x 41	40 %
Yu Gothic	Swiss	Regular	Greek	31 x 41	40 %
Yu Gothic	Swiss	Regular	Japanese	31 x 41	40 %
Yu Gothic	Swiss	Regular	Turkish	31 x 41	40 %
Yu Gothic	Swiss	Regular	Western	31 x 41	40 %

Windows Audio


Device	Identifier	Device Description
midi-out.0	0001 001B	Microsoft GS Wavetable Synth
mixer.0	0001 0068	Speakers (Realtek High Definiti
mixer.1	0001 0068	Microphone (Realtek High Defini
wave-in.0	0001 0065	Microphone (Realtek High Defini
wave-out.0	0001 0064	Speakers (Realtek High Definiti

PCI / PnP Audio


		Device Description	Type
		Intel Panther Point HDMI @ Intel Panther Point PCH - High Definition Audio Controller [C-1]	PCI
		Realtek ALC270 @ Intel Panther Point PCH - High Definition Audio Controller [C-1]	PCI

HD Audio


[ Intel Panther Point PCH - High Definition Audio Controller [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - High Definition Audio Controller [C-1]
		Device Description (Windows)	High Definition Audio Controller
		Bus Type	PCI
		Bus / Device / Function	0 / 27 / 0
		Device ID	8086-1E20
		Subsystem ID	1043-1567
		Revision	04
		Hardware ID	PCI\VEN_8086&DEV_1E20&SUBSYS_15671043&REV_04

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Realtek ALC270 ]

	Device Properties:
		Device Description	Realtek ALC270
		Device Description (Windows)	Realtek High Definition Audio
		Device Type	Audio
		Bus Type	HDAUDIO
		Device ID	10EC-0270
		Subsystem ID	1043-1567
		Revision	1001
		Hardware ID	HDAUDIO\FUNC_01&VEN_10EC&DEV_0270&SUBSYS_10431567&REV_1001

	Device Manufacturer:
		Company Name	Realtek Semiconductor Corp.
		Product Information	http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=8&PFid=14&Level=3&Conn=2
		Driver Download	http://www.realtek.com.tw/downloads
		Driver Update	http://www.aida64.com/driver-updates

[ Intel Panther Point HDMI ]

	Device Properties:
		Device Description	Intel Panther Point HDMI
		Device Description (Windows)	High Definition Audio Device
		Device Type	Audio
		Bus Type	HDAUDIO
		Device ID	8086-2806
		Subsystem ID	8086-0101
		Revision	1000
		Hardware ID	HDAUDIO\FUNC_01&VEN_8086&DEV_2806&SUBSYS_80860101&REV_1000

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		Driver Update	http://www.aida64.com/driver-updates

Audio Codecs


[ Fraunhofer IIS MPEG Layer-3 Codec (decode only) ]

	ACM Driver Properties:
		Driver Description	Fraunhofer IIS MPEG Layer-3 Codec (decode only)
		Copyright Notice	Copyright © 1996-1999 Fraunhofer Institut Integrierte Schaltungen IIS
		Driver Features	decoder only version
		Driver Version	1.09

[ Microsoft ADPCM CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft ADPCM CODEC
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses Microsoft ADPCM audio data.
		Driver Version	4.00

[ Microsoft CCITT G.711 A-Law and u-Law CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft CCITT G.711 A-Law and u-Law CODEC
		Copyright Notice	Copyright (c) 1993-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses CCITT G.711 A-Law and u-Law audio data.
		Driver Version	4.00

[ Microsoft GSM 6.10 Audio CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft GSM 6.10 Audio CODEC
		Copyright Notice	Copyright (C) 1993-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses audio data conforming to the ETSI-GSM (European Telecommunications Standards Institute-Groupe Special Mobile) recommendation 6.10.
		Driver Version	4.00

[ Microsoft IMA ADPCM CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft IMA ADPCM CODEC
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses IMA ADPCM audio data.
		Driver Version	4.00

[ Microsoft PCM Converter ]

	ACM Driver Properties:
		Driver Description	Microsoft PCM Converter
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Converts frequency and bits per sample of PCM audio data.
		Driver Version	5.00

Video Codecs


Driver	Version	Description
iccvid.dll	1.10.0.11	Cinepak® Codec
iyuv_32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	Intel Indeo(R) Video YUV Codec
msrle32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	Microsoft RLE Compressor
msvidc32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	Microsoft Video 1 Compressor
msyuv.dll	10.0.10041.0 (fbl_impressive.150313-1821)	Microsoft UYVY Video Decompressor
tsbyuv.dll	10.0.10041.0 (fbl_impressive.150313-1821)	Toshiba Video Codec

MCI


[ AVIVideo ]

	MCI Device Properties:
		Device	AVIVideo
		Name	Video for Windows
		Description	Video For Windows MCI driver
		Type	Digital Video Device
		Driver	mciavi32.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Play In Reverse	Yes
		Can Record	No
		Can Save Data	No
		Can Freeze Data	No
		Can Lock Data	No
		Can Stretch Frame	Yes
		Can Stretch Input	No
		Can Test	Yes
		Audio Capable	Yes
		Video Capable	Yes
		Still Image Capable	No

[ CDAudio ]

	MCI Device Properties:
		Device	CDAudio
		Name	CD Audio
		Description	MCI driver for cdaudio devices
		Type	CD Audio Device
		Driver	mcicda.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	No
		File Based Device	No
		Can Eject	Yes
		Can Play	Yes
		Can Record	No
		Can Save Data	No
		Audio Capable	Yes
		Video Capable	No

[ MPEGVideo ]

	MCI Device Properties:
		Device	MPEGVideo
		Name	DirectShow
		Description	DirectShow MCI Driver
		Type	Digital Video Device
		Driver	mciqtz32.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Play In Reverse	No
		Can Record	No
		Can Save Data	No
		Can Freeze Data	No
		Can Lock Data	No
		Can Stretch Frame	Yes
		Can Stretch Input	No
		Can Test	Yes
		Audio Capable	Yes
		Video Capable	Yes
		Still Image Capable	No

[ Sequencer ]

	MCI Device Properties:
		Device	Sequencer
		Name	MIDI Sequencer
		Description	MCI driver for MIDI sequencer
		Type	Sequencer Device
		Driver	mciseq.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Record	No
		Can Save Data	No
		Audio Capable	Yes
		Video Capable	No

[ WaveAudio ]

	MCI Device Properties:
		Device	WaveAudio
		Name	Sound
		Description	MCI driver for waveform audio
		Type	Waveform Audio Device
		Driver	mciwave.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Record	Yes
		Can Save Data	Yes
		Audio Capable	Yes
		Video Capable	No

SAPI


SAPI Properties:
	SAPI4 Version	-
	SAPI5 Version	5.3.18313.0

Voice (SAPI5):
	Name	Microsoft David Desktop - English (United States)
	Voice Path	C:\Windows\Speech\Engines\TTS\en-US\M1033DAV
	Age	Adult
	Gender	Male
	Language	Tie?ng Anh (My?)
	Vendor	Microsoft
	Version	11.0
	DLL File	C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll (x86)
	CLSID	{C64501F6-E6E6-451f-A150-25D0839BC510}

Voice (SAPI5):
	Name	Microsoft Zira Desktop - English (United States)
	Voice Path	C:\Windows\Speech\Engines\TTS\en-US\M1033ZIR
	Age	Adult
	Gender	Female
	Language	Tie?ng Anh (My?)
	Vendor	Microsoft
	Version	11.0
	DLL File	C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll (x86)
	CLSID	{C64501F6-E6E6-451f-A150-25D0839BC510}

Speech Recognizer (SAPI5):
	Name	Microsoft Speech Recognizer 8.0 for Windows (English - US)
	Description	Microsoft Speech Recognizer 8.0 for Windows (English - US)
	FE Config Data File	C:\Windows\Speech\Engines\SR\en-US\c1033dsk.fe
	Language	Tie?ng Anh (My?); Tie?ng Anh
	Speaking Style	Discrete;Continuous
	Supported Locales	Tie?ng Anh (My?); Tie?ng Anh (Canada); Tie?ng Anh (Philippin); Tie?ng Anh
	Vendor	Microsoft
	Version	8.0
	DLL File	C:\Windows\System32\Speech\Engines\SR\spsreng.dll (x64)
	CLSID	{DAC9F469-0C67-4643-9258-87EC128C5941}
	RecoExtension	{4F4DB904-CA35-4A3A-90AF-C9D8BE7532AC}

Windows Storage


[ WDC WD5000LPVT-80G33T2 ]

	Device Properties:
		Driver Description	WDC WD5000LPVT-80G33T2
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	disk.inf

	Disk Device Physical Info:
		Manufacturer	Western Digital
		Hard Disk Family	Scorpio Blue
		Form Factor	2.5"
		Formatted Capacity	500 GB
		Physical Dimensions	100.2 x 69.85 x 7 mm
		Max. Weight	90 g
		Average Rotational Latency	5.5 ms
		Rotational Speed	5400 RPM
		Max. Internal Data Rate	1176 Mbit/s
		Interface	SATA-II
		Buffer-to-Host Data Rate	300 MB/s
		Buffer Size	8 MB
		Spin-Up Time	3.5 sec

	Device Manufacturer:
		Company Name	Western Digital Corporation
		Product Information	http://www.wdc.com/en

[ MATSHITA DVD-RAM UJ8E1 ]

	Device Properties:
		Driver Description	MATSHITA DVD-RAM UJ8E1
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	cdrom.inf

	Optical Drive Properties:
		Manufacturer	Panasonic
		Device Type	DVD+RW/DVD-RW/DVD-RAM
		Interface	SATA

	Writing Speeds:
		DVD+R9 Dual Layer	4x
		DVD+R	8x
		DVD+RW	8x
		DVD-R9 Dual Layer	4x
		DVD-R	8x
		DVD-RW	6x
		DVD-RAM	5x
		CD-R	24x
		CD-RW	16x

	Reading Speeds:
		DVD-ROM	8x
		CD-ROM	24x

	Device Manufacturer:
		Company Name	Matsushita Electric Industrial Co., Ltd.
		Product Information	http://www.panasonic.com/industrial/optical-drives
		Firmware Download	http://www.panasonic.com/industrial/optical-drives

[ Realtek PCIE CardReader ]

	Device Properties:
		Driver Description	Realtek PCIE CardReader
		Driver Date	28/12/2011
		Driver Version	6.1.7601.27012
		Driver Provider	Realtek Semiconduct Corp.
		INF File	oem6.inf

	Device Resources:
		IRQ	65536
		Memory	F7C00000-F7C0FFFF

[ Standard SATA AHCI Controller ]

	Device Properties:
		Driver Description	Standard SATA AHCI Controller
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	mshdc.inf

	Device Resources:
		IRQ	65536
		Memory	F7E16000-F7E167FF

[ Microsoft Storage Spaces Controller ]

	Device Properties:
		Driver Description	Microsoft Storage Spaces Controller
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	spaceport.inf

Logical Drives


Drive	Drive Type	File System	Total Size	Used Space	Free Space	% Free	Volume Serial
C:	Local Disk	NTFS	76398 MB	40325 MB	36073 MB	47 %	D870-018E
D:	Optical Drive
E: (DATA)	Local Disk	NTFS	400011 MB	146 MB	399865 MB	100 %	DAB8-2B48

Physical Drives


[ Drive #1 - WDC WD5000LPVT-80G33T2 (465 GB) ]

	Partition	Partition Type	Drive	Start Offset	Partition Length
	#1	MS Recovery		1 MB	300 MB
	#2	EFI System		301 MB	100 MB
	#3	MS Reserved		401 MB	128 MB
	#4	Basic Data	C:	529 MB	76399 MB
	#5	Basic Data	E: (DATA)	76928 MB	400012 MB

Optical Drives


[ D:\ MATSHITA DVD-RAM UJ8E1 ]

	Optical Drive Properties:
		Device Description	MATSHITA DVD-RAM UJ8E1
		Manufacturer	Panasonic
		Device Type	DVD+RW/DVD-RW/DVD-RAM
		Interface	SATA

	Writing Speeds:
		DVD+R9 Dual Layer	4x
		DVD+R	8x
		DVD+RW	8x
		DVD-R9 Dual Layer	4x
		DVD-R	8x
		DVD-RW	6x
		DVD-RAM	5x
		CD-R	24x
		CD-RW	16x

	Reading Speeds:
		DVD-ROM	8x
		CD-ROM	24x

	Device Manufacturer:
		Company Name	Matsushita Electric Industrial Co., Ltd.
		Product Information	http://www.panasonic.com/industrial/optical-drives
		Firmware Download	http://www.panasonic.com/industrial/optical-drives
		Driver Update	http://www.aida64.com/driver-updates

ASPI


Host	ID	LUN	Device Type	Vendor	Model	Rev	Extra Information
00	00	00	Disk Drive	WDC	WD5000LPVT-80G33	01.0
00	00	00	Optical Drive	MATSHITA	DVD-RAM UJ8E1	1.00
00	07	00	Host Adapter	storahci

ATA


[ WDC WD5000LPVT-80G33T2 (WD-WX21AA258778) ]

	ATA Device Properties:
		Model ID	WDC WD5000LPVT-80G33T2
		Serial Number	WD-WX21AA258778
		Revision	01.01A01
		World Wide Name	5-0014EE-207A13656
		Device Type	SATA-II
		Parameters	969021 cylinders, 16 heads, 63 sectors per track, 512 bytes per sector
		LBA Sectors	976773168
		Physical / Logical Sector Size	4 KB / 512 bytes
		Buffer	8 MB
		Multiple Sectors	16
		Max. PIO Transfer Mode	PIO 4
		Max. MWDMA Transfer Mode	MWDMA 2
		Active MWDMA Transfer Mode	MWDMA 0
		Max. UDMA Transfer Mode	UDMA 6
		Unformatted Capacity	476940 MB
		Rotational Speed	5400 RPM
		ATA Standard	ATA8-ACS

	ATA Device Features:
		48-bit LBA	Supported, Enabled
		Automatic Acoustic Management (AAM)	Not Supported
		Device Configuration Overlay (DCO)	Supported, Enabled
		DMA Setup Auto-Activate	Supported, Disabled
		Free-Fall Control	Not Supported
		General Purpose Logging (GPL)	Supported, Enabled
		Hardware Feature Control	Not Supported
		Host Protected Area (HPA)	Supported, Enabled
		HPA Security Extensions	Supported, Disabled
		Hybrid Information Feature	Not Supported
		In-Order Data Delivery	Not Supported
		Native Command Queuing (NCQ)	Supported
		NCQ Autosense	Not Supported
		NCQ Priority Information	Supported
		NCQ Queue Management Command	Not Supported
		NCQ Streaming	Not Supported
		Phy Event Counters	Supported
		Read Look-Ahead	Supported, Enabled
		Release Interrupt	Not Supported
		Security Mode	Supported, Disabled
		Sense Data Reporting (SDR)	Not Supported
		Service Interrupt	Not Supported
		SMART	Supported, Enabled
		SMART Error Logging	Supported, Enabled
		SMART Self-Test	Supported, Enabled
		Software Settings Preservation (SSP)	Supported, Enabled
		Streaming	Not Supported
		Tagged Command Queuing (TCQ)	Not Supported
		Write Cache	Supported, Enabled
		Write-Read-Verify	Not Supported

	SSD Features:
		Data Set Management	Not Supported
		Deterministic Read After TRIM	Not Supported
		TRIM Command	Not Supported

	Power Management Features:
		Advanced Power Management	Supported, Enabled
		Automatic Partial to Slumber Transitions (APST)	Disabled
		Device Initiated Interface Power Management (DIPM)	Supported, Disabled
		Device Sleep (DEVSLP)	Not Supported
		Extended Power Conditions (EPC)	Not Supported
		Host Initiated Interface Power Management (HIPM)	Supported
		IDLE IMMEDIATE With UNLOAD FEATURE	Supported, Enabled
		Link Power State Device Sleep	Not Supported
		Power Management	Supported, Enabled
		Power-Up In Standby (PUIS)	Not Supported

	ATA Commands:
		DEVICE RESET	Not Supported
		DOWNLOAD MICROCODE	Supported, Enabled
		FLUSH CACHE	Supported, Enabled
		FLUSH CACHE EXT	Supported, Enabled
		NOP	Supported, Enabled
		READ BUFFER	Supported, Enabled
		WRITE BUFFER	Supported, Enabled

	ATA Device Physical Info:
		Manufacturer	Western Digital
		Hard Disk Family	Scorpio Blue
		Form Factor	2.5"
		Formatted Capacity	500 GB
		Physical Dimensions	100.2 x 69.85 x 7 mm
		Max. Weight	90 g
		Average Rotational Latency	5.5 ms
		Rotational Speed	5400 RPM
		Max. Internal Data Rate	1176 Mbit/s
		Interface	SATA-II
		Buffer-to-Host Data Rate	300 MB/s
		Buffer Size	8 MB
		Spin-Up Time	3.5 sec

	ATA Device Manufacturer:
		Company Name	Western Digital Corporation
		Product Information	http://www.wdc.com/en
		Driver Update	http://www.aida64.com/driver-updates

SMART


[ WDC WD5000LPVT-80G33T2 (WD-WX21AA258778) ]

	ID	Attribute Description	Threshold	Value	Worst	Data	Status
	01	Raw Read Error Rate	51	200	200	6853	OK: Value is normal
	03	Spinup Time	21	154	149	1300	OK: Value is normal
	04	Start/Stop Count	0	96	96	4343	OK: Always passes
	05	Reallocated Sector Count	140	200	200	0	OK: Value is normal
	07	Seek Error Rate	0	200	200	0	OK: Always passes
	09	Power-On Time Count	0	97	97	2731	OK: Always passes
	0A	Spinup Retry Count	0	100	100	0	OK: Always passes
	0B	Calibration Retry Count	0	100	100	0	OK: Always passes
	0C	Power Cycle Count	0	97	97	3797	OK: Always passes
	BF	Mechanical Shock	0	1	1	365	OK: Always passes
	C0	Power-Off Retract Count	0	199	199	870	OK: Always passes
	C1	Load/Unload Cycle Count	0	189	189	33245	OK: Always passes
	C2	Temperature	0	110	95	33	OK: Always passes
	C4	Reallocation Event Count	0	200	200	0	OK: Always passes
	C5	Current Pending Sector Count	0	200	200	0	OK: Always passes
	C6	Offline Uncorrectable Sector Count	0	100	253	0	OK: Always passes
	C7	Ultra ATA CRC Error Rate	0	200	200	0	OK: Always passes
	C8	Write Error Rate	0	100	253	0	OK: Always passes

Windows Network


[ Microsoft Wi-Fi Direct Virtual Adapter ]

	Network Adapter Properties:
		Network Adapter	Microsoft Wi-Fi Direct Virtual Adapter
		Interface Type	802.11 Wireless Ethernet
		Hardware Address	1E-71-D9-81-D0-BC
		Connection Name	Local Area Connection* 1
		MTU	1500 bytes
		Bytes Received	0
		Bytes Sent	0

[ Qualcomm Atheros AR9485 Wireless Network Adapter ]

	Network Adapter Properties:
		Network Adapter	Qualcomm Atheros AR9485 Wireless Network Adapter
		Interface Type	802.11 Wireless Ethernet
		Hardware Address	6C-71-D9-81-D0-BC
		Connection Name	Wi-Fi
		Connection Speed	54 Mbps
		MTU	1500 bytes
		DHCP Lease Obtained	09/04/2015 6:41:06 SA
		DHCP Lease Expires	10/04/2015 6:41:06 SA
		Bytes Received	266022795 (253.7 MB)
		Bytes Sent	39276775 (37.5 MB)

	Network Adapter Addresses:
		IP / Subnet Mask	192.168.0.102 / 255.255.255.0
		Gateway	192.168.0.1
		DHCP	192.168.0.1
		DNS	8.8.8.8
		DNS	8.8.4.4

[ Realtek PCIe GBE Family Controller ]

	Network Adapter Properties:
		Network Adapter	Realtek PCIe GBE Family Controller
		Interface Type	Ethernet
		Hardware Address	74-D0-2B-45-4F-D6
		Connection Name	Ethernet
		MTU	1500 bytes
		Bytes Received	0
		Bytes Sent	0

	Network Adapter Manufacturer:
		Company Name	Realtek Semiconductor Corp.
		Product Information	http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=7&PFid=10&Level=3&Conn=2
		Driver Download	http://www.realtek.com.tw/downloads
		Driver Update	http://www.aida64.com/driver-updates

PCI / PnP Network


		Device Description	Type
		Atheros AR9485 Wireless Network Adapter	PCI
		Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter (PHY: Realtek RTL8211/8212)	PCI

Internet


Internet Settings:
	Start Page	http://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M4FCA5F94-C347-4840-92D2-73C3C15DFE12&SearchSource=55&CUI=&UM=8&UP=SP60C1A108-2D3F-4AAB-A125-FC3E407D6593&D=031515&SSPV=
	Search Page	http://go.microsoft.com/fwlink/?LinkId=54896
	Local Page	C:\Windows\system32\blank.htm
	Download Folder

Current Proxy:
	Proxy Status	Disabled

LAN Proxy:
	Proxy Status	Disabled

Routes


Type	Net Destination	Netmask	Gateway	Metric	Interface
Active	0.0.0.0	0.0.0.0	192.168.0.1	25	192.168.0.102 (Qualcomm Atheros AR9485 Wireless Network Adapter)
Active	127.0.0.0	255.0.0.0	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	127.0.0.1	255.255.255.255	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	127.255.255.255	255.255.255.255	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	192.168.0.0	255.255.255.0	192.168.0.102	281	192.168.0.102 (Qualcomm Atheros AR9485 Wireless Network Adapter)
Active	192.168.0.102	255.255.255.255	192.168.0.102	281	192.168.0.102 (Qualcomm Atheros AR9485 Wireless Network Adapter)
Active	192.168.0.255	255.255.255.255	192.168.0.102	281	192.168.0.102 (Qualcomm Atheros AR9485 Wireless Network Adapter)
Active	224.0.0.0	240.0.0.0	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	224.0.0.0	240.0.0.0	192.168.0.102	281	192.168.0.102 (Qualcomm Atheros AR9485 Wireless Network Adapter)
Active	255.255.255.255	255.255.255.255	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	255.255.255.255	255.255.255.255	192.168.0.102	281	192.168.0.102 (Qualcomm Atheros AR9485 Wireless Network Adapter)

IE Cookie


		Last Access	URL
		2015-04-02 06:58:01	quanravita@bittorrent.com/
		2015-04-02 06:58:03	quanravita@bundles.bittorrent.com/
		2015-04-05 05:57:29	quanravita@g.live.com/
		2015-04-06 12:45:26	quanravita@live.com/
		2015-04-09 06:39:59	quanravita@facebook.com/
		2015-04-09 06:40:27	quanravita@ieonline.microsoft.com/
		2015-04-09 06:41:06	quanravita@login.live.com/
		2015-04-09 06:41:06	quanravita@microsoft.com/

Browser History


		Last Access	URL
		2015-04-02 06:53:21	Quanravita@file:///C:/Users/Quanravita/Downloads/Compressed/SinhVienIT.Net---Fix-IDM-Fake-Serial-Number.zip
		2015-04-02 06:57:57	Quanravita@https://bundles.bittorrent.com/
		2015-04-02 12:22:12	Quanravita@file:///C:/Users/Quanravita/Pictures/Screenshots/À‰nh%20chù£p%20mà€n%20hì€nh%20(4).png
		2015-04-02 14:13:39	Quanravita@file:///C:/Users/Quanravita/Downloads/10628350_636708196446733_4333264270768292920_n.jpg
		2015-04-02 20:39:47	Quanravita@file:///C:/Users/Quanravita/Downloads/16769014478_52f4662237_o.jpg
		2015-04-03 19:34:39	Quanravita@file:///C:/Users/Quanravita/Pictures/Capture.PNG
		2015-04-03 19:46:28	Quanravita@file:///C:/Users/Quanravita/Pictures/fffff.PNG
		2015-04-05 05:57:39	Quanravita@https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srf
		2015-04-05 05:57:41	Quanravita@https://login.live.com/oauth20_desktop.srf?lc=1066
		2015-04-05 06:06:42	Quanravita@file:///C:/Users/Quanravita/Downloads/OS%20X%2010.10.2%20Base%20System.dmg
		2015-04-05 06:07:28	Quanravita@file:///C:/Users/Quanravita/Downloads/1092_15042014.dmg
		2015-04-06 06:07:18	Quanravita@file:///C:/Users/Quanravita/Downloads/SMD2KN05628.100.jpg
		2015-04-06 06:11:35	Quanravita@file:///C:/Users/Quanravita/Downloads/slh2kk07655.100.jpg
		2015-04-06 11:43:02	Quanravita@file:///C:/Users/Quanravita/Downloads/SMD2KN05628.100%20(1).jpg
		2015-04-06 12:23:18	Quanravita@file:///C:/Users/Quanravita/Pictures/d3dÄ‘3wd.PNG
		2015-04-07 21:17:06	Quanravita@file:///C:/Users/Quanravita/Pictures/Screenshots/À‰nh%20chù£p%20mà€n%20hì€nh%20(5).png
		2015-04-08 20:45:32	Quanravita@file:///C:/Users/Quanravita/Pictures/Screenshots/À‰nh%20chù£p%20mà€n%20hì€nh%20(6).png
		2015-04-09 06:30:27	Quanravita@file:///C:/Users/Quanravita/Downloads/Compressed/BDU_v2.1.2015.012b.zip
		2015-04-09 06:37:00	Quanravita@file:///C:/Users/Quanravita/AppData/Local/Temp/rpt-1.txt
		2015-04-09 06:39:29	Quanravita@res://ieframe.dll/defaultbrowser.htm
		2015-04-09 06:39:59	Quanravita@http://sourceforge.net/projects/unikey/?source=typ_redirect
		2015-04-09 06:39:59	Quanravita@http://sourceforge.net/projects/unikey/files/unikey-win/4.2%20RC4/unikey42RC4-140823-win64.zip/download
		2015-04-09 06:39:59	Quanravita@http://sourceforge.net/projects/unikey/postdownload?source=dlp
		2015-04-09 06:39:59	Quanravita@http://www.bing.com/search?q=chrome&src=IE-SearchBox&FORM=IESR02
		2015-04-09 06:39:59	Quanravita@http://www.bing.com/search?q=facebook&src=IE-SearchBox&FORM=IESR02
		2015-04-09 06:39:59	Quanravita@http://www.bing.com/search?q=unikey&src=IE-SearchBox&FORM=IESR02
		2015-04-09 06:39:59	Quanravita@http://www.msn.com/vi-vn/?ocid=iehp
		2015-04-09 06:39:59	Quanravita@http://www.msn.com/vi-vn/?ocid=iehp&AR=1
		2015-04-09 06:39:59	Quanravita@http://www.unikey.org/
		2015-04-09 06:39:59	Quanravita@http://www.unikey.org/bdownload.php
		2015-04-09 06:39:59	Quanravita@https://www.facebook.com/
		2015-04-09 06:39:59	Quanravita@https://www.google.com/
		2015-04-09 06:39:59	Quanravita@https://www.google.com/chrome/browser/thankyou.html?platform=win&installdataindex=defaultbrowser
		2015-04-09 06:40:01	Quanravita@file:///C:/Users/Quanravita/Downloads/Compressed/AIDA64.Extreme.5.00.3335.Beta.rar
		2015-04-09 06:41:04	Quanravita@file:///C:/Users/Quanravita/Downloads/Compressed/Asus_TP550LD.zip
		2015-04-09 06:41:09	Quanravita@file:///C:/Users/Quanravita/AppData/Local/Temp/Temp1_Asus_TP550LD.zip/Asus_TP550LD.htm

DirectX Files


Name	Version	Type	Language	Size	Date
amstream.dll	10.00.10041.0000	Final Retail	Tiếng Anh	82432	14/03/2015 3:54:34 CH
bdaplgin.ax	10.00.10041.0000	Final Retail	Tiếng Việt	77824	14/03/2015 3:55:25 CH
d2d1.dll	10.00.10041.0000	Final Retail	English	4455424	14/03/2015 3:54:36 CH
d3d10.dll	10.00.10041.0000	Final Retail	English	1059840	14/03/2015 3:54:52 CH
d3d10_1.dll	10.00.10041.0000	Final Retail	English	157184	14/03/2015 3:54:52 CH
d3d10_1core.dll	10.00.10041.0000	Final Retail	English	355328	14/03/2015 3:54:52 CH
d3d10core.dll	10.00.10041.0000	Final Retail	English	318464	14/03/2015 3:54:52 CH
d3d10level9.dll	10.00.10041.0000	Final Retail	English	496280	14/03/2015 3:54:36 CH
d3d10warp.dll	10.00.10041.0000	Final Retail	English	2141912	14/03/2015 3:54:50 CH
d3d11.dll	10.00.10041.0000	Final Retail	English	2006064	14/03/2015 3:54:36 CH
d3d12.dll	10.00.10041.0000	Final Retail	English	738816	14/03/2015 3:54:36 CH
d3d8.dll	10.00.10041.0000	Final Retail	Tiếng Anh	1072640	14/03/2015 3:54:50 CH
d3d8thk.dll	10.00.10041.0000	Final Retail	Tiếng Anh	12288	14/03/2015 3:54:50 CH
d3d9.dll	10.00.10041.0000	Final Retail	Tiếng Anh	1849016	14/03/2015 3:54:50 CH
d3dim.dll	10.00.10041.0000	Final Retail	Tiếng Anh	401920	14/03/2015 3:54:50 CH
d3dim700.dll	10.00.10041.0000	Final Retail	Tiếng Anh	889344	14/03/2015 3:54:50 CH
d3dramp.dll	10.00.10041.0000	Final Retail	Tiếng Anh	594944	14/03/2015 3:54:50 CH
d3dxof.dll	10.00.10041.0000	Final Retail	Tiếng Anh	58368	14/03/2015 3:54:51 CH
ddraw.dll	10.00.10041.0000	Final Retail	Tiếng Anh	539136	14/03/2015 3:54:51 CH
ddrawex.dll	10.00.10041.0000	Final Retail	Tiếng Anh	39424	14/03/2015 3:54:51 CH
devenum.dll	10.00.10041.0000	Final Retail	Tiếng Anh	77376	14/03/2015 3:54:34 CH
dinput.dll	10.00.10041.0000	Final Retail	Tiếng Anh	135680	14/03/2015 3:54:41 CH
dinput8.dll	10.00.10041.0000	Final Retail	Tiếng Anh	171520	14/03/2015 3:54:41 CH
dmband.dll	10.00.10041.0000	Final Retail	Tiếng Anh	34816	14/03/2015 3:54:10 CH
dmcompos.dll	10.00.10041.0000	Final Retail	Tiếng Anh	75776	14/03/2015 3:54:10 CH
dmime.dll	10.00.10041.0000	Final Retail	Tiếng Anh	207872	14/03/2015 3:54:10 CH
dmloader.dll	10.00.10041.0000	Final Retail	Tiếng Anh	42496	14/03/2015 3:54:10 CH
dmscript.dll	10.00.10041.0000	Final Retail	Tiếng Anh	96256	14/03/2015 3:54:13 CH
dmstyle.dll	10.00.10041.0000	Final Retail	Tiếng Anh	122368	14/03/2015 3:54:10 CH
dmsynth.dll	10.00.10041.0000	Final Retail	Tiếng Anh	114176	14/03/2015 3:54:10 CH
dmusic.dll	10.00.10041.0000	Final Retail	Tiếng Anh	113152	14/03/2015 3:54:10 CH
dplaysvr.exe	10.00.10041.0000	Final Retail	Tiếng Anh	8192	14/03/2015 3:54:41 CH
dplayx.dll	10.00.10041.0000	Final Retail	Tiếng Anh	8192	14/03/2015 3:54:41 CH
dpmodemx.dll	10.00.10041.0000	Final Retail	Tiếng Anh	8192	14/03/2015 3:54:41 CH
dpnaddr.dll	10.00.10041.0000	Final Retail	Tiếng Anh	8192	14/03/2015 3:54:41 CH
dpnathlp.dll	10.00.10041.0000	Final Retail	English	8192	14/03/2015 3:54:42 CH
dpnet.dll	10.00.10041.0000	Final Retail	Tiếng Anh	8192	14/03/2015 3:54:41 CH
dpnlobby.dll	10.00.10041.0000	Final Retail	Tiếng Anh	8192	14/03/2015 3:54:41 CH
dpnsvr.exe	10.00.10041.0000	Final Retail	Tiếng Anh	8192	14/03/2015 3:54:41 CH
dpnhpast.dll	10.00.10041.0000	Final Retail	Tiếng Anh	8192	14/03/2015 3:54:41 CH
dpnhupnp.dll	10.00.10041.0000	Final Retail	Tiếng Anh	8192	14/03/2015 3:54:41 CH
dpwsockx.dll	10.00.10041.0000	Final Retail	Tiếng Anh	8192	14/03/2015 3:54:41 CH
dsdmo.dll	10.00.10041.0000	Final Retail	Tiếng Anh	186368	14/03/2015 3:54:34 CH
dsound.dll	10.00.10041.0000	Final Retail	Tiếng Anh	495616	14/03/2015 3:54:34 CH
dswave.dll	10.00.10041.0000	Final Retail	Tiếng Anh	23552	14/03/2015 3:54:10 CH
dwrite.dll	10.00.10041.0000	Final Retail	English	1952256	14/03/2015 3:54:36 CH
dxdiagn.dll	10.00.10041.0000	Final Retail	Tiếng Anh	268288	14/03/2015 3:54:50 CH
dxgi.dll	10.00.10041.0000	Final Retail	English	486480	14/03/2015 3:54:36 CH
dxmasf.dll	12.00.10041.0000	Final Retail	Tiếng Anh	4608	14/03/2015 3:55:50 CH
dxtmsft.dll	11.00.10041.0000	Final Retail	English	399872	14/03/2015 3:55:38 CH
dxtrans.dll	11.00.10041.0000	Final Retail	English	252416	14/03/2015 3:55:38 CH
dxva2.dll	10.00.10041.0000	Final Retail	English	106880	14/03/2015 3:54:36 CH
encapi.dll	10.00.10041.0000	Final Retail	Tiếng Anh	22016	14/03/2015 3:54:34 CH
gcdef.dll	10.00.10041.0000	Final Retail	Tiếng Anh	123392	14/03/2015 3:54:41 CH
iac25_32.ax	2.00.0005.0053	Final Retail	Tiếng Anh	197632	14/03/2015 3:54:10 CH
ir41_32.ax	10.00.10041.0000	Final Retail	Tiếng Anh	9216	14/03/2015 3:54:10 CH
ir41_qc.dll	10.00.10041.0000	Final Retail	Tiếng Anh	8704	14/03/2015 3:54:10 CH
ir41_qcx.dll	10.00.10041.0000	Final Retail	Tiếng Anh	8704	14/03/2015 3:54:10 CH
ir50_32.dll	10.00.10041.0000	Final Retail	Tiếng Anh	8704	14/03/2015 3:54:10 CH
ir50_qc.dll	10.00.10041.0000	Final Retail	Tiếng Anh	8704	14/03/2015 3:54:10 CH
ir50_qcx.dll	10.00.10041.0000	Final Retail	Tiếng Anh	8704	14/03/2015 3:54:10 CH
ivfsrc.ax	5.10.0002.0051	Final Retail	Tiếng Anh	146944	14/03/2015 3:54:10 CH
joy.cpl	10.00.10041.0000	Final Retail	Tiếng Anh	136704	14/03/2015 3:54:41 CH
ksproxy.ax	10.00.10041.0000	Final Retail	Tiếng Việt	234496	14/03/2015 3:54:34 CH
kstvtune.ax	10.00.10041.0000	Final Retail	Tiếng Anh	93696	14/03/2015 3:55:25 CH
ksuser.dll	10.00.10041.0000	Final Retail	Tiếng Việt	14952	14/03/2015 3:54:34 CH
kswdmcap.ax	10.00.10041.0000	Final Retail	Tiếng Anh	118272	14/03/2015 3:54:34 CH
ksxbar.ax	10.00.10041.0000	Final Retail	Tiếng Anh	57344	14/03/2015 3:55:25 CH
mciqtz32.dll	10.00.10041.0000	Final Retail	Tiếng Anh	39424	14/03/2015 3:54:34 CH
mfc40.dll	4.01.0000.6140	Final Retail	Tiếng Anh	924944	14/03/2015 3:54:33 CH
mfc42.dll	6.06.8063.0000	Beta Retail	Tiếng Việt	1203712	14/03/2015 3:54:29 CH
mpeg2data.ax	10.00.10041.0000	Final Retail	Tiếng Việt	82432	14/03/2015 3:55:24 CH
mpg2splt.ax	10.00.10041.0000	Final Retail	Tiếng Anh	221184	14/03/2015 3:54:41 CH
msdmo.dll	10.00.10041.0000	Final Retail	Tiếng Anh	22672	14/03/2015 3:54:35 CH
msdvbnp.ax	10.00.10041.0000	Final Retail	Tiếng Việt	71680	14/03/2015 3:55:24 CH
msvidctl.dll	6.05.10041.0000	Final Retail	Tiếng Anh	2358272	14/03/2015 3:55:25 CH
msyuv.dll	10.00.10041.0000	Final Retail	Tiếng Anh	23552	14/03/2015 3:54:34 CH
pid.dll	10.00.10041.0000	Final Retail	Tiếng Anh	37888	14/03/2015 3:54:41 CH
psisdecd.dll	10.00.10041.0000	Final Retail	Tiếng Việt	498176	14/03/2015 3:55:24 CH
psisrndr.ax	10.00.10041.0000	Final Retail	Tiếng Việt	87040	14/03/2015 3:55:24 CH
qasf.dll	12.00.10041.0000	Final Retail	Tiếng Anh	236032	14/03/2015 3:54:41 CH
qcap.dll	10.00.10041.0000	Final Retail	Tiếng Anh	217600	14/03/2015 3:54:34 CH
qdv.dll	10.00.10041.0000	Final Retail	Tiếng Anh	296448	14/03/2015 3:54:34 CH
qdvd.dll	10.00.10041.0000	Final Retail	Tiếng Anh	549376	14/03/2015 3:54:34 CH
qedit.dll	10.00.10041.0000	Final Retail	Tiếng Anh	571392	14/03/2015 3:55:24 CH
qedwipes.dll	10.00.10041.0000	Final Retail	Tiếng Anh	733184	14/03/2015 3:55:24 CH
quartz.dll	10.00.10041.0000	Final Retail	Tiếng Anh	1521664	14/03/2015 3:54:34 CH
vbisurf.ax	10.00.10041.0000	Final Retail	Tiếng Anh	40960	14/03/2015 3:55:25 CH
vfwwdm32.dll	10.00.10041.0000	Final Retail	Tiếng Anh	58368	14/03/2015 3:54:34 CH
wsock32.dll	10.00.10041.0000	Final Retail	Tiếng Anh	15872	14/03/2015 3:54:41 CH

DirectX Video


[ Primary Display Driver ]

	DirectDraw Device Properties:
		DirectDraw Driver Name	display
		DirectDraw Driver Description	Primary Display Driver
		Hardware Driver	igdumd32.dll (9.17.10.3347)
		Hardware Description	Intel(R) HD Graphics 3000

	Direct3D Device Properties:
		Rendering Bit Depths	8, 16, 32
		Z-Buffer Bit Depths	16, 24, 32
		Multisample Anti-Aliasing Modes	MSAA 2x, MSAA 4x
		Min Texture Size	1 x 1
		Max Texture Size	8192 x 8192
		Unified Shader Version	4.1
		DirectX Hardware Support	DirectX v10.1

	Direct3D Device Features:
		Additive Texture Blending	Supported
		AGP Texturing	Not Supported
		Anisotropic Filtering	Supported
		Automatic Mipmap Generation	Supported
		Bilinear Filtering	Supported
		Compute Shader	Not Supported
		Cubic Environment Mapping	Supported
		Cubic Filtering	Not Supported
		Decal-Alpha Texture Blending	Supported
		Decal Texture Blending	Supported
		Directional Lights	Supported
		DirectX Texture Compression	Not Supported
		DirectX Volumetric Texture Compression	Not Supported
		Dithering	Supported
		Dot3 Texture Blending	Supported
		Double-Precision Floating-Point	Not Supported
		Driver Concurrent Creates	Supported
		Driver Command Lists	Not Supported
		Dynamic Textures	Supported
		Edge Anti-Aliasing	Not Supported
		Environmental Bump Mapping	Supported
		Environmental Bump Mapping + Luminance	Supported
		Factor Alpha Blending	Supported
		Geometric Hidden-Surface Removal	Not Supported
		Geometry Shader	Supported
		Guard Band	Supported
		Hardware Scene Rasterization	Supported
		Hardware Transform & Lighting	Supported
		Legacy Depth Bias	Supported
		Map On Default Buffers	Not Supported
		Mipmap LOD Bias Adjustments	Supported
		Mipmapped Cube Textures	Supported
		Mipmapped Volume Textures	Supported
		Modulate-Alpha Texture Blending	Supported
		Modulate Texture Blending	Supported
		Non-Square Textures	Supported
		N-Patches	Not Supported
		Perspective Texture Correction	Supported
		Point Lights	Supported
		Point Sampling	Supported
		Projective Textures	Supported
		Quintic Bezier Curves & B-Splines	Not Supported
		Range-Based Fog	Supported
		Rectangular & Triangular Patches	Not Supported
		Rendering In Windowed Mode	Supported
		Runtime Shader Linking	Supported
		Scissor Test	Supported
		Slope-Scale Based Depth Bias	Supported
		Specular Flat Shading	Supported
		Specular Gouraud Shading	Supported
		Specular Phong Shading	Not Supported
		Spherical Mapping	Supported
		Spot Lights	Supported
		Stencil Buffers	Supported
		Sub-Pixel Accuracy	Supported
		Subtractive Texture Blending	Supported
		Table Fog	Supported
		Texture Alpha Blending	Supported
		Texture Clamping	Supported
		Texture Mirroring	Supported
		Texture Transparency	Supported
		Texture Wrapping	Supported
		Tiled Resources	Not Supported
		Triangle Culling	Not Supported
		Trilinear Filtering	Supported
		Two-Sided Stencil Test	Supported
		Vertex Alpha Blending	Supported
		Vertex Fog	Supported
		Vertex Tweening	Supported
		Volume Textures	Supported
		W-Based Fog	Supported
		W-Buffering	Not Supported
		Z-Based Fog	Supported
		Z-Bias	Supported
		Z-Test	Supported

	Supported FourCC Codes:
		AI44	Supported
		AYUV	Supported
		I420	Supported
		IA44	Supported
		IMC1	Supported
		IMC2	Supported
		IMC3	Supported
		IMC4	Supported
		IYUV	Supported
		NV11	Supported
		NV12	Supported
		P208	Supported
		UYVY	Supported
		VYUY	Supported
		YUY2	Supported
		YV12	Supported
		YVU9	Supported
		YVYU	Supported

	Video Adapter Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

DirectX Sound


[ Primary Sound Driver ]

	DirectSound Device Properties:
		Device Description	Primary Sound Driver
		Driver Module
		Primary Buffers	1
		Min / Max Secondary Buffers Sample Rate	100 / 200000 Hz
		Primary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Secondary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Total / Free Sound Buffers	1 / 0
		Total / Free Static Sound Buffers	1 / 0
		Total / Free Streaming Sound Buffers	1 / 0
		Total / Free 3D Sound Buffers	0 / 0
		Total / Free 3D Static Sound Buffers	0 / 0
		Total / Free 3D Streaming Sound Buffers	0 / 0

	DirectSound Device Features:
		Certified Driver	No
		Emulated Device	No
		Precise Sample Rate	Supported
		DirectSound3D	Not Supported
		Creative EAX 1.0	Not Supported
		Creative EAX 2.0	Not Supported
		Creative EAX 3.0	Not Supported
		Creative EAX 4.0	Not Supported
		Creative EAX 5.0	Not Supported
		I3DL2	Not Supported
		Sensaura ZoomFX	Not Supported

[ Speakers (Realtek High Definition Audio) ]

	DirectSound Device Properties:
		Device Description	Speakers (Realtek High Definition Audio)
		Driver Module	{0.0.0.00000000}.{2c1a3f2d-8703-4177-a682-7cd5fd73fcce}
		Primary Buffers	1
		Min / Max Secondary Buffers Sample Rate	100 / 200000 Hz
		Primary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Secondary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Total / Free Sound Buffers	1 / 0
		Total / Free Static Sound Buffers	1 / 0
		Total / Free Streaming Sound Buffers	1 / 0
		Total / Free 3D Sound Buffers	0 / 0
		Total / Free 3D Static Sound Buffers	0 / 0
		Total / Free 3D Streaming Sound Buffers	0 / 0

	DirectSound Device Features:
		Certified Driver	No
		Emulated Device	No
		Precise Sample Rate	Supported
		DirectSound3D	Not Supported
		Creative EAX 1.0	Not Supported
		Creative EAX 2.0	Not Supported
		Creative EAX 3.0	Not Supported
		Creative EAX 4.0	Not Supported
		Creative EAX 5.0	Not Supported
		I3DL2	Not Supported
		Sensaura ZoomFX	Not Supported

DirectX Input


[ Mouse ]

	DirectInput Device Properties:
		Device Description	Mouse
		Device Type	Unknown
		Device Subtype	Unknown
		Axes	2
		Buttons/Keys	2

	DirectInput Device Features:
		Emulated Device	Yes
		Alias Device	No
		Polled Device	No
		Polled Data Format	No
		Attack Force Feedback	Not Supported
		Deadband Force Feedback	Not Supported
		Fade Force Feedback	Not Supported
		Force Feedback	Not Supported
		Saturation Force Feedback	Not Supported
		+/- Force Feedback Coefficients	Not Supported
		+/- Force Feedback Saturation	Not Supported

[ Keyboard ]

	DirectInput Device Properties:
		Device Description	Keyboard
		Device Type	Unknown
		Device Subtype	Unknown
		Buttons/Keys	128

	DirectInput Device Features:
		Emulated Device	Yes
		Alias Device	No
		Polled Device	No
		Polled Data Format	No
		Attack Force Feedback	Not Supported
		Deadband Force Feedback	Not Supported
		Fade Force Feedback	Not Supported
		Force Feedback	Not Supported
		Saturation Force Feedback	Not Supported
		+/- Force Feedback Coefficients	Not Supported
		+/- Force Feedback Saturation	Not Supported

[ ASUS Wireless Radio Control ]

	DirectInput Device Properties:
		Device Description	ASUS Wireless Radio Control
		Device Type	Unknown
		Device Subtype	Unknown
		Buttons/Keys	1

	DirectInput Device Features:
		Emulated Device	Yes
		Alias Device	No
		Polled Device	No
		Polled Data Format	No
		Attack Force Feedback	Not Supported
		Deadband Force Feedback	Not Supported
		Fade Force Feedback	Not Supported
		Force Feedback	Not Supported
		Saturation Force Feedback	Not Supported
		+/- Force Feedback Coefficients	Not Supported
		+/- Force Feedback Saturation	Not Supported

Windows Devices


[ Devices ]

	Audio inputs and outputs:
		Microphone (Realtek High Definition Audio)	10.0.10041.0
		Speakers (Realtek High Definition Audio)	10.0.10041.0

	Bo? die?u ho?p Ma?ng:
		Microsoft ISATAP Adapter #2	10.0.10041.0
		Microsoft Kernel Debug Network Adapter	10.0.10041.0
		Microsoft Wi-Fi Direct Virtual Adapter	10.0.10041.0
		Qualcomm Atheros AR9485 Wireless Network Adapter	3.0.2.171
		Realtek PCIe GBE Family Controller	9.1.123.2015
		Teredo Tunneling Pseudo-Interface	10.0.10041.0

	Computer:
		ACPI x64-based PC	10.0.10041.0

	Disk drives:
		WDC WD5000LPVT-80G33T2	10.0.10041.0

	Display adapters:
		Intel(R) HD Graphics 3000	9.17.10.3347

	DVD/CD-ROM drives:
		MATSHITA DVD-RAM UJ8E1	10.0.10041.0

	Human Interface Devices:
		HID-compliant wireless radio controls	10.0.10041.0

	IDE ATA/ATAPI controllers:
		Standard SATA AHCI Controller	10.0.10041.0

	Imaging devices:
		USB2.0 HD UVC WebCam	10.0.10041.0

	Keyboards:
		PC/AT Enhanced PS/2 Keyboard (101/102-Key)	10.0.10041.0

	Memory technology devices:
		Realtek PCIE CardReader	6.1.7601.27012

	Mice and other pointing devices:
		ASUS PS/2 Port Clickpad	1.0.0.125

	Monitors:
		Generic PnP Monitor	10.0.10041.0

	Pin:
		Microsoft AC Adapter	10.0.10041.0
		Microsoft ACPI-Compliant Control Method Battery	10.0.10041.0

	Print queues:
		Fax	10.0.10041.0
		Microsoft XPS Document Writer	10.0.10041.0
		Print as a PDF	10.0.10041.0
		Root Print Queue	10.0.10041.0
		Send To OneNote 2013	10.0.10041.0

	Processors:
		Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz	10.0.10041.0
		Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz	10.0.10041.0
		Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz	10.0.10041.0
		Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz	10.0.10041.0

	Software devices:
		Microsoft Device Association Root Enumerator	10.0.10041.0
		Microsoft GS Wavetable Synth	10.0.10041.0
		Microsoft IPv4 IPv6 Transition Adapter Bus	10.0.10041.0
		Microsoft Radio Device Enumeration Bus	10.0.10041.0

	Sound, video and game controllers:
		High Definition Audio Device	10.0.10041.0
		Realtek High Definition Audio	6.0.1.7458

	Storage controllers:
		Microsoft Storage Spaces Controller	10.0.10041.0

	Storage volume shadow copies:
		Generic volume shadow copy	10.0.10041.0
		Generic volume shadow copy	10.0.10041.0

	Storage volumes:
		Generic volume	10.0.10041.0
		Generic volume	10.0.10041.0
		Generic volume	10.0.10041.0
		Generic volume	10.0.10041.0
		Generic volume	10.0.10041.0

	System devices:
		2nd Generation Intel(R) Core(TM) Processor Family DRAM Controller - 0104	10.0.10041.0
		ACPI Fixed Feature Button	10.0.10041.0
		ACPI Lid	10.0.10041.0
		ACPI Sleep Button	10.0.10041.0
		ACPI Thermal Zone	10.0.10041.0
		ASUS Wireless Radio Control	1.0.0.3
		Composite Bus Enumerator	10.0.10041.0
		Direct memory access controller	10.0.10041.0
		High Definition Audio Controller	10.0.10041.0
		High precision event timer	10.0.10041.0
		Intel(R) 7 Series/C216 Chipset Family SMBus Host Controller - 1E22	10.0.10041.0
		Intel(R) 82802 Firmware Hub Device	10.0.10041.0
		Intel(R) HM76 Express Chipset LPC Controller - 1E59	10.0.10041.0
		Intel(R) Management Engine Interface	8.1.0.1263
		Microsoft ACPI-Compliant Embedded Controller	10.0.10041.0
		Microsoft ACPI-Compliant System	10.0.10041.0
		Microsoft Basic Display Driver	10.0.10041.0
		Microsoft Basic Render Driver	10.0.10041.0
		Microsoft System Management BIOS Driver	10.0.10041.0
		Microsoft Virtual Drive Enumerator	10.0.10041.0
		Microsoft Windows Management Interface for ACPI	10.0.10041.0
		Miracast HID	10.0.10041.0
		Motherboard resources	10.0.10041.0
		Motherboard resources	10.0.10041.0
		Motherboard resources	10.0.10041.0
		Motherboard resources	10.0.10041.0
		Motherboard resources	10.0.10041.0
		Motherboard resources	10.0.10041.0
		NDIS Virtual Network Adapter Enumerator	10.0.10041.0
		Numeric data processor	10.0.10041.0
		PCI Express Root Complex	10.0.10041.0
		PCI-to-PCI Bridge	10.0.10041.0
		PCI-to-PCI Bridge	10.0.10041.0
		PCI-to-PCI Bridge	10.0.10041.0
		Plug and Play Software Device Enumerator	10.0.10041.0
		Programmable interrupt controller	10.0.10041.0
		Remote Desktop Device Redirector Bus	10.0.10041.0
		System board	10.0.10041.0
		System board	10.0.10041.0
		System CMOS/real time clock	10.0.10041.0
		System timer	10.0.10041.0
		UMBus Root Bus Enumerator	10.0.10041.0
		Volume Manager	10.0.10041.0

	Universal Serial Bus controllers:
		Generic USB Hub	10.0.10041.0
		Generic USB Hub	10.0.10041.0
		Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26	10.0.10041.0
		Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D	10.0.10041.0
		Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)	10.0.10041.0
		USB Composite Device	10.0.10041.0
		USB Root Hub (xHCI)	10.0.10041.0
		USB Root Hub	10.0.10041.0
		USB Root Hub	10.0.10041.0

	Unknown:
		Unknown

[ Audio inputs and outputs / Microphone (Realtek High Definition Audio) ]

	Device Properties:
		Driver Description	Microphone (Realtek High Definition Audio)
		Driver Date	13/03/2015
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	audioendpoint.inf
		Hardware ID	MMDEVAPI\AudioEndpoints

[ Audio inputs and outputs / Speakers (Realtek High Definition Audio) ]

	Device Properties:
		Driver Description	Speakers (Realtek High Definition Audio)
		Driver Date	13/03/2015
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	audioendpoint.inf
		Hardware ID	MMDEVAPI\AudioEndpoints

[ Bo? die?u ho?p Ma?ng / Microsoft ISATAP Adapter #2 ]

	Device Properties:
		Driver Description	Microsoft ISATAP Adapter #2
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	nettun.inf
		Hardware ID	*ISATAP

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Bo? die?u ho?p Ma?ng / Microsoft Kernel Debug Network Adapter ]

	Device Properties:
		Driver Description	Microsoft Kernel Debug Network Adapter
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	kdnic.inf
		Hardware ID	root\kdnic

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Bo? die?u ho?p Ma?ng / Microsoft Wi-Fi Direct Virtual Adapter ]

	Device Properties:
		Driver Description	Microsoft Wi-Fi Direct Virtual Adapter
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	netvwifimp.inf
		Hardware ID	{5d624f94-8850-40c3-a3fa-a4fd2080baf3}\vwifimp_wfd
		Location Information	VWiFi Bus 0

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Bo? die?u ho?p Ma?ng / Qualcomm Atheros AR9485 Wireless Network Adapter ]

	Device Properties:
		Driver Description	Qualcomm Atheros AR9485 Wireless Network Adapter
		Driver Date	04/05/2013
		Driver Version	3.0.2.171
		Driver Provider	Qualcomm Atheros Communications Inc.
		INF File	athw8x.inf
		Hardware ID	PCI\VEN_168C&DEV_0032&SUBSYS_11861A3B&REV_01
		Location Information	PCI bus 2, device 0, function 0
		PCI Device	Atheros AR9485 Wireless Network Adapter

	Device Resources:
		IRQ	17
		Memory	F7D00000-F7D7FFFF

	Network Adapter Manufacturer:
		Company Name	Atheros Communications, Inc.
		Product Information	http://www.atheros.com/networking
		Driver Download	http://www.atheros.com
		Driver Update	http://www.aida64.com/driver-updates

[ Bo? die?u ho?p Ma?ng / Realtek PCIe GBE Family Controller ]

	Device Properties:
		Driver Description	Realtek PCIe GBE Family Controller
		Driver Date	23/01/2015
		Driver Version	9.1.123.2015
		Driver Provider	Realtek
		INF File	rt640x64.inf
		Hardware ID	PCI\VEN_10EC&DEV_8168&SUBSYS_15671043&REV_0A
		Location Information	PCI bus 3, device 0, function 2
		PCI Device	Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter

	Device Resources:
		IRQ	65536
		Memory	F0000000-F0003FFF
		Memory	F0004000-F0004FFF
		Port	E000-E0FF

	Network Adapter Manufacturer:
		Company Name	Realtek Semiconductor Corp.
		Product Information	http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=7&PFid=10&Level=3&Conn=2
		Driver Download	http://www.realtek.com.tw/downloads
		Driver Update	http://www.aida64.com/driver-updates

[ Bo? die?u ho?p Ma?ng / Teredo Tunneling Pseudo-Interface ]

	Device Properties:
		Driver Description	Teredo Tunneling Pseudo-Interface
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	nettun.inf
		Hardware ID	*TEREDO

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Computer / ACPI x64-based PC ]

	Device Properties:
		Driver Description	ACPI x64-based PC
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	hal.inf
		Hardware ID	acpiapic

[ Disk drives / WDC WD5000LPVT-80G33T2 ]

	Device Properties:
		Driver Description	WDC WD5000LPVT-80G33T2
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	disk.inf
		Hardware ID	SCSI\DiskWDC_____WD5000LPVT-80G3301.0
		Location Information	Bus Number 0, Target Id 0, LUN 0

	Device Manufacturer:
		Company Name	Western Digital Corporation
		Product Information	http://www.wdc.com/en
		Driver Update	http://www.aida64.com/driver-updates

[ Display adapters / Intel(R) HD Graphics 3000 ]

	Device Properties:
		Driver Description	Intel(R) HD Graphics 3000
		Driver Date	29/01/2014
		Driver Version	9.17.10.3347
		Driver Provider	Intel Corporation
		INF File	oem4.inf
		Hardware ID	PCI\VEN_8086&DEV_0116&SUBSYS_15671043&REV_09
		Location Information	PCI bus 0, device 2, function 0
		PCI Device	Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2)

	Device Resources:
		IRQ	65536
		Memory	000A0000-000BFFFF
		Memory	E0000000-EFFFFFFF
		Memory	F7800000-F7BFFFFF
		Port	03B0-03BB
		Port	03C0-03DF
		Port	F000-F03F

	Video Adapter Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

[ DVD/CD-ROM drives / MATSHITA DVD-RAM UJ8E1 ]

	Device Properties:
		Driver Description	MATSHITA DVD-RAM UJ8E1
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	cdrom.inf
		Hardware ID	SCSI\CdRomMATSHITADVD-RAM_UJ8E1___1.00
		Location Information	Bus Number 2, Target Id 0, LUN 0

	Device Manufacturer:
		Company Name	Matsushita Electric Industrial Co., Ltd.
		Product Information	http://www.panasonic.com/industrial/optical-drives
		Firmware Download	http://www.panasonic.com/industrial/optical-drives
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant wireless radio controls ]

	Device Properties:
		Driver Description	HID-compliant wireless radio controls
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	HID\VEN_ATK&DEV_4001

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ IDE ATA/ATAPI controllers / Standard SATA AHCI Controller ]

	Device Properties:
		Driver Description	Standard SATA AHCI Controller
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	mshdc.inf
		Hardware ID	PCI\VEN_8086&DEV_1E03&SUBSYS_15671043&REV_04
		Location Information	PCI bus 0, device 31, function 2
		PCI Device	Intel Panther Point-M PCH - SATA AHCI Controller [C-1]

	Device Resources:
		IRQ	65536
		Memory	F7E16000-F7E167FF

[ Imaging devices / USB2.0 HD UVC WebCam ]

	Device Properties:
		Driver Description	USB2.0 HD UVC WebCam
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	usbvideo.inf
		Hardware ID	USB\VID_04F2&PID_B354&REV_7570&MI_00
		Location Information	0000.001a.0000.001.003.000.000.000.000

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Keyboards / PC/AT Enhanced PS/2 Keyboard (101/102-Key) ]

	Device Properties:
		Driver Description	PC/AT Enhanced PS/2 Keyboard (101/102-Key)
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	keyboard.inf
		Hardware ID	ACPI\VEN_ATK&DEV_3001

	Device Resources:
		IRQ	01
		Port	0060-0060
		Port	0064-0064

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Memory technology devices / Realtek PCIE CardReader ]

	Device Properties:
		Driver Description	Realtek PCIE CardReader
		Driver Date	28/12/2011
		Driver Version	6.1.7601.27012
		Driver Provider	Realtek Semiconduct Corp.
		INF File	oem6.inf
		Hardware ID	PCI\VEN_10EC&DEV_5289&SUBSYS_15671043&REV_01
		Location Information	PCI bus 3, device 0, function 0
		PCI Device	Realtek RTS5289 PCI-E Card Reader

	Device Resources:
		IRQ	65536
		Memory	F7C00000-F7C0FFFF

[ Mice and other pointing devices / ASUS PS/2 Port Clickpad ]

	Device Properties:
		Driver Description	ASUS PS/2 Port Clickpad
		Driver Date	27/08/2012
		Driver Version	1.0.0.125
		Driver Provider	ASUS
		INF File	oem3.inf
		Hardware ID	ACPI\VEN_ETD&DEV_0108

	Device Resources:
		IRQ	12

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Monitors / Generic PnP Monitor ]

	Device Properties:
		Driver Description	Generic PnP Monitor
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	monitor.inf
		Hardware ID	MONITOR\CMN1470

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Pin / Microsoft AC Adapter ]

	Device Properties:
		Driver Description	Microsoft AC Adapter
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	cmbatt.inf
		Hardware ID	ACPI\VEN_ACPI&DEV_0003

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Pin / Microsoft ACPI-Compliant Control Method Battery ]

	Device Properties:
		Driver Description	Microsoft ACPI-Compliant Control Method Battery
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	cmbatt.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C0A

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Print queues / Fax ]

	Device Properties:
		Driver Description	Fax
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	printqueue.inf
		Hardware ID	PRINTENUM\microsoftmicrosoft_s7d14

[ Print queues / Microsoft XPS Document Writer ]

	Device Properties:
		Driver Description	Microsoft XPS Document Writer
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	printqueue.inf
		Hardware ID	PRINTENUM\{0f4130dd-19c7-7ab6-99a1-980f03b2ee4e}

[ Print queues / Print as a PDF ]

	Device Properties:
		Driver Description	Print as a PDF
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	printqueue.inf
		Hardware ID	PRINTENUM\{084f01fa-e634-4d77-83ee-074817c03581}

[ Print queues / Root Print Queue ]

	Device Properties:
		Driver Description	Root Print Queue
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	printqueue.inf
		Hardware ID	PRINTENUM\LocalPrintQueue

[ Print queues / Send To OneNote 2013 ]

	Device Properties:
		Driver Description	Send To OneNote 2013
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	printqueue.inf
		Hardware ID	PRINTENUM\{3ee39114-30b4-45a4-a109-19d4a40fcc22}

[ Processors / Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
		Driver Date	21/04/2009
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	cpu.inf
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_42

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel Core i3-2370M
		Driver Update	http://www.aida64.com/driver-updates

[ Processors / Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
		Driver Date	21/04/2009
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	cpu.inf
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_42

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel Core i3-2370M
		Driver Update	http://www.aida64.com/driver-updates

[ Processors / Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
		Driver Date	21/04/2009
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	cpu.inf
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_42

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel Core i3-2370M
		Driver Update	http://www.aida64.com/driver-updates

[ Processors / Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
		Driver Date	21/04/2009
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	cpu.inf
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_42

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel Core i3-2370M
		Driver Update	http://www.aida64.com/driver-updates

[ Software devices / Microsoft Device Association Root Enumerator ]

	Device Properties:
		Driver Description	Microsoft Device Association Root Enumerator
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Software devices / Microsoft GS Wavetable Synth ]

	Device Properties:
		Driver Description	Microsoft GS Wavetable Synth
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Software devices / Microsoft IPv4 IPv6 Transition Adapter Bus ]

	Device Properties:
		Driver Description	Microsoft IPv4 IPv6 Transition Adapter Bus
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Software devices / Microsoft Radio Device Enumeration Bus ]

	Device Properties:
		Driver Description	Microsoft Radio Device Enumeration Bus
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Sound, video and game controllers / High Definition Audio Device ]

	Device Properties:
		Driver Description	High Definition Audio Device
		Driver Date	13/03/2015
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	hdaudio.inf
		Hardware ID	HDAUDIO\FUNC_01&VEN_8086&DEV_2806&SUBSYS_80860101&REV_1000
		Location Information	Internal High Definition Audio Bus

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Sound, video and game controllers / Realtek High Definition Audio ]

	Device Properties:
		Driver Description	Realtek High Definition Audio
		Driver Date	02/03/2015
		Driver Version	6.0.1.7458
		Driver Provider	Realtek Semiconductor Corp.
		INF File	oem12.inf
		Hardware ID	HDAUDIO\FUNC_01&VEN_10EC&DEV_0270&SUBSYS_10431567&REV_1001
		Location Information	Internal High Definition Audio Bus

	Device Manufacturer:
		Company Name	Realtek Semiconductor Corp.
		Product Information	http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=8&PFid=14&Level=3&Conn=2
		Driver Download	http://www.realtek.com.tw/downloads
		Driver Update	http://www.aida64.com/driver-updates

[ Storage controllers / Microsoft Storage Spaces Controller ]

	Device Properties:
		Driver Description	Microsoft Storage Spaces Controller
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	spaceport.inf
		Hardware ID	Root\Spaceport

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Storage volume shadow copies / Generic volume shadow copy ]

	Device Properties:
		Driver Description	Generic volume shadow copy
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	volsnap.inf
		Hardware ID	STORAGE\VolumeSnapshot

[ Storage volume shadow copies / Generic volume shadow copy ]

	Device Properties:
		Driver Description	Generic volume shadow copy
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	volsnap.inf
		Hardware ID	STORAGE\VolumeSnapshot

[ Storage volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	volume.inf
		Hardware ID	STORAGE\Volume

[ Storage volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	volume.inf
		Hardware ID	STORAGE\Volume

[ Storage volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	volume.inf
		Hardware ID	STORAGE\Volume

[ Storage volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	volume.inf
		Hardware ID	STORAGE\Volume

[ Storage volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	volume.inf
		Hardware ID	STORAGE\Volume

[ System devices / 2nd Generation Intel(R) Core(TM) Processor Family DRAM Controller - 0104 ]

	Device Properties:
		Driver Description	2nd Generation Intel(R) Core(TM) Processor Family DRAM Controller - 0104
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	PCI\VEN_8086&DEV_0104&SUBSYS_15671043&REV_09
		Location Information	PCI bus 0, device 0, function 0
		PCI Device	Intel Sandy Bridge-MB - Host Bridge/DRAM Controller

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ System devices / ACPI Fixed Feature Button ]

	Device Properties:
		Driver Description	ACPI Fixed Feature Button
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\FixedButton

[ System devices / ACPI Lid ]

	Device Properties:
		Driver Description	ACPI Lid
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C0D

[ System devices / ACPI Sleep Button ]

	Device Properties:
		Driver Description	ACPI Sleep Button
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C0E

[ System devices / ACPI Thermal Zone ]

	Device Properties:
		Driver Description	ACPI Thermal Zone
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\ThermalZone

[ System devices / ASUS Wireless Radio Control ]

	Device Properties:
		Driver Description	ASUS Wireless Radio Control
		Driver Date	07/10/2013
		Driver Version	1.0.0.3
		Driver Provider	ASUS
		INF File	oem2.inf
		Hardware ID	ACPI\VEN_ATK&DEV_4001

[ System devices / Composite Bus Enumerator ]

	Device Properties:
		Driver Description	Composite Bus Enumerator
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	compositebus.inf
		Hardware ID	ROOT\CompositeBus

[ System devices / Direct memory access controller ]

	Device Properties:
		Driver Description	Direct memory access controller
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0200

[ System devices / High Definition Audio Controller ]

	Device Properties:
		Driver Description	High Definition Audio Controller
		Driver Date	13/03/2015
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	hdaudbus.inf
		Hardware ID	PCI\VEN_8086&DEV_1E20&SUBSYS_15671043&REV_04
		Location Information	PCI bus 0, device 27, function 0
		PCI Device	Intel Panther Point PCH - High Definition Audio Controller [C-1]

	Device Resources:
		IRQ	22
		Memory	F7E10000-F7E13FFF

[ System devices / High precision event timer ]

	Device Properties:
		Driver Description	High precision event timer
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0103

[ System devices / Intel(R) 7 Series/C216 Chipset Family SMBus Host Controller - 1E22 ]

	Device Properties:
		Driver Description	Intel(R) 7 Series/C216 Chipset Family SMBus Host Controller - 1E22
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	PCI\VEN_8086&DEV_1E22&SUBSYS_15671043&REV_04
		Location Information	PCI bus 0, device 31, function 3
		PCI Device	Intel Panther Point PCH - SMBus Controller [C-1]

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ System devices / Intel(R) 82802 Firmware Hub Device ]

	Device Properties:
		Driver Description	Intel(R) 82802 Firmware Hub Device
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_INT&DEV_0800

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ System devices / Intel(R) HM76 Express Chipset LPC Controller - 1E59 ]

	Device Properties:
		Driver Description	Intel(R) HM76 Express Chipset LPC Controller - 1E59
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	PCI\VEN_8086&DEV_1E59&SUBSYS_15671043&REV_04
		Location Information	PCI bus 0, device 31, function 0
		PCI Device	Intel HM76 Chipset - LPC Interface Controller [C-1]

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ System devices / Intel(R) Management Engine Interface ]

	Device Properties:
		Driver Description	Intel(R) Management Engine Interface
		Driver Date	02/07/2012
		Driver Version	8.1.0.1263
		Driver Provider	Intel
		INF File	oem7.inf
		Hardware ID	PCI\VEN_8086&DEV_1E3A&SUBSYS_15671043&REV_04
		Location Information	PCI bus 0, device 22, function 0
		PCI Device	Intel Panther Point PCH - Host Embedded Controller Interface 1 (HECI1) [C-1]

	Device Resources:
		IRQ	16
		Memory	F7E1A000-F7E1A00F

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ System devices / Microsoft ACPI-Compliant Embedded Controller ]

	Device Properties:
		Driver Description	Microsoft ACPI-Compliant Embedded Controller
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C09

	Device Resources:
		Port	0062-0062
		Port	0066-0066

[ System devices / Microsoft ACPI-Compliant System ]

	Device Properties:
		Driver Description	Microsoft ACPI-Compliant System
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	acpi.inf
		Hardware ID	ACPI_HAL\PNP0C08
		PnP Device	ACPI Driver/BIOS

	Device Resources:
		IRQ	100
		IRQ	101
		IRQ	102
		IRQ	103
		IRQ	104
		IRQ	105
		IRQ	106
		IRQ	107
		IRQ	108
		IRQ	109
		IRQ	110
		IRQ	111
		IRQ	112
		IRQ	113
		IRQ	114
		IRQ	115
		IRQ	116
		IRQ	117
		IRQ	118
		IRQ	119
		IRQ	120
		IRQ	121
		IRQ	122
		IRQ	123
		IRQ	124
		IRQ	125
		IRQ	126
		IRQ	127
		IRQ	128
		IRQ	129
		IRQ	130
		IRQ	131
		IRQ	132
		IRQ	133
		IRQ	134
		IRQ	135
		IRQ	136
		IRQ	137
		IRQ	138
		IRQ	139
		IRQ	140
		IRQ	141
		IRQ	142
		IRQ	143
		IRQ	144
		IRQ	145
		IRQ	146
		IRQ	147
		IRQ	148
		IRQ	149
		IRQ	150
		IRQ	151
		IRQ	152
		IRQ	153
		IRQ	154
		IRQ	155
		IRQ	156
		IRQ	157
		IRQ	158
		IRQ	159
		IRQ	160
		IRQ	161
		IRQ	162
		IRQ	163
		IRQ	164
		IRQ	165
		IRQ	166
		IRQ	167
		IRQ	168
		IRQ	169
		IRQ	170
		IRQ	171
		IRQ	172
		IRQ	173
		IRQ	174
		IRQ	175
		IRQ	176
		IRQ	177
		IRQ	178
		IRQ	179
		IRQ	180
		IRQ	181
		IRQ	182
		IRQ	183
		IRQ	184
		IRQ	185
		IRQ	186
		IRQ	187
		IRQ	188
		IRQ	189
		IRQ	190
		IRQ	191
		IRQ	192
		IRQ	193
		IRQ	194
		IRQ	195
		IRQ	196
		IRQ	197
		IRQ	198
		IRQ	199
		IRQ	200
		IRQ	201
		IRQ	202
		IRQ	203
		IRQ	204
		IRQ	205
		IRQ	256
		IRQ	257
		IRQ	258
		IRQ	259
		IRQ	260
		IRQ	261
		IRQ	262
		IRQ	263
		IRQ	264
		IRQ	265
		IRQ	266
		IRQ	267
		IRQ	268
		IRQ	269
		IRQ	270
		IRQ	271
		IRQ	272
		IRQ	273
		IRQ	274
		IRQ	275
		IRQ	276
		IRQ	277
		IRQ	278
		IRQ	279
		IRQ	280
		IRQ	281
		IRQ	282
		IRQ	283
		IRQ	284
		IRQ	285
		IRQ	286
		IRQ	287
		IRQ	288
		IRQ	289
		IRQ	290
		IRQ	291
		IRQ	292
		IRQ	293
		IRQ	294
		IRQ	295
		IRQ	296
		IRQ	297
		IRQ	298
		IRQ	299
		IRQ	300
		IRQ	301
		IRQ	302
		IRQ	303
		IRQ	304
		IRQ	305
		IRQ	306
		IRQ	307
		IRQ	308
		IRQ	309
		IRQ	310
		IRQ	311
		IRQ	312
		IRQ	313
		IRQ	314
		IRQ	315
		IRQ	316
		IRQ	317
		IRQ	318
		IRQ	319
		IRQ	320
		IRQ	321
		IRQ	322
		IRQ	323
		IRQ	324
		IRQ	325
		IRQ	326
		IRQ	327
		IRQ	328
		IRQ	329
		IRQ	330
		IRQ	331
		IRQ	332
		IRQ	333
		IRQ	334
		IRQ	335
		IRQ	336
		IRQ	337
		IRQ	338
		IRQ	339
		IRQ	340
		IRQ	341
		IRQ	342
		IRQ	343
		IRQ	344
		IRQ	345
		IRQ	346
		IRQ	347
		IRQ	348
		IRQ	349
		IRQ	350
		IRQ	351
		IRQ	352
		IRQ	353
		IRQ	354
		IRQ	355
		IRQ	356
		IRQ	357
		IRQ	358
		IRQ	359
		IRQ	360
		IRQ	361
		IRQ	362
		IRQ	363
		IRQ	364
		IRQ	365
		IRQ	366
		IRQ	367
		IRQ	368
		IRQ	369
		IRQ	370
		IRQ	371
		IRQ	372
		IRQ	373
		IRQ	374
		IRQ	375
		IRQ	376
		IRQ	377
		IRQ	378
		IRQ	379
		IRQ	380
		IRQ	381
		IRQ	382
		IRQ	383
		IRQ	384
		IRQ	385
		IRQ	386
		IRQ	387
		IRQ	388
		IRQ	389
		IRQ	390
		IRQ	391
		IRQ	392
		IRQ	393
		IRQ	394
		IRQ	395
		IRQ	396
		IRQ	397
		IRQ	398
		IRQ	399
		IRQ	400
		IRQ	401
		IRQ	402
		IRQ	403
		IRQ	404
		IRQ	405
		IRQ	406
		IRQ	407
		IRQ	408
		IRQ	409
		IRQ	410
		IRQ	411
		IRQ	412
		IRQ	413
		IRQ	414
		IRQ	415
		IRQ	416
		IRQ	417
		IRQ	418
		IRQ	419
		IRQ	420
		IRQ	421
		IRQ	422
		IRQ	423
		IRQ	424
		IRQ	425
		IRQ	426
		IRQ	427
		IRQ	428
		IRQ	429
		IRQ	430
		IRQ	431
		IRQ	432
		IRQ	433
		IRQ	434
		IRQ	435
		IRQ	436
		IRQ	437
		IRQ	438
		IRQ	439
		IRQ	440
		IRQ	441
		IRQ	442
		IRQ	443
		IRQ	444
		IRQ	445
		IRQ	446
		IRQ	447
		IRQ	448
		IRQ	449
		IRQ	450
		IRQ	451
		IRQ	452
		IRQ	453
		IRQ	454
		IRQ	455
		IRQ	456
		IRQ	457
		IRQ	458
		IRQ	459
		IRQ	460
		IRQ	461
		IRQ	462
		IRQ	463
		IRQ	464
		IRQ	465
		IRQ	466
		IRQ	467
		IRQ	468
		IRQ	469
		IRQ	470
		IRQ	471
		IRQ	472
		IRQ	473
		IRQ	474
		IRQ	475
		IRQ	476
		IRQ	477
		IRQ	478
		IRQ	479
		IRQ	480
		IRQ	481
		IRQ	482
		IRQ	483
		IRQ	484
		IRQ	485
		IRQ	486
		IRQ	487
		IRQ	488
		IRQ	489
		IRQ	490
		IRQ	491
		IRQ	492
		IRQ	493
		IRQ	494
		IRQ	495
		IRQ	496
		IRQ	497
		IRQ	498
		IRQ	499
		IRQ	500
		IRQ	501
		IRQ	502
		IRQ	503
		IRQ	504
		IRQ	505
		IRQ	506
		IRQ	507
		IRQ	508
		IRQ	509
		IRQ	510
		IRQ	511
		IRQ	54
		IRQ	55
		IRQ	56
		IRQ	57
		IRQ	58
		IRQ	59
		IRQ	60
		IRQ	61
		IRQ	62
		IRQ	63
		IRQ	64
		IRQ	65
		IRQ	66
		IRQ	67
		IRQ	68
		IRQ	69
		IRQ	70
		IRQ	71
		IRQ	72
		IRQ	73
		IRQ	74
		IRQ	75
		IRQ	76
		IRQ	77
		IRQ	78
		IRQ	79
		IRQ	80
		IRQ	81
		IRQ	82
		IRQ	83
		IRQ	84
		IRQ	85
		IRQ	86
		IRQ	87
		IRQ	88
		IRQ	89
		IRQ	90
		IRQ	91
		IRQ	92
		IRQ	93
		IRQ	94
		IRQ	95
		IRQ	96
		IRQ	97
		IRQ	98
		IRQ	99

[ System devices / Microsoft Basic Display Driver ]

	Device Properties:
		Driver Description	Microsoft Basic Display Driver
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	basicdisplay.inf
		Hardware ID	ROOT\BasicDisplay

[ System devices / Microsoft Basic Render Driver ]

	Device Properties:
		Driver Description	Microsoft Basic Render Driver
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	basicrender.inf
		Hardware ID	ROOT\BasicRender

[ System devices / Microsoft System Management BIOS Driver ]

	Device Properties:
		Driver Description	Microsoft System Management BIOS Driver
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	mssmbios.inf
		Hardware ID	ROOT\mssmbios

[ System devices / Microsoft Virtual Drive Enumerator ]

	Device Properties:
		Driver Description	Microsoft Virtual Drive Enumerator
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	vdrvroot.inf
		Hardware ID	ROOT\vdrvroot

[ System devices / Microsoft Windows Management Interface for ACPI ]

	Device Properties:
		Driver Description	Microsoft Windows Management Interface for ACPI
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	wmiacpi.inf
		Hardware ID	ACPI\VEN_pnp&DEV_0c14

[ System devices / Miracast HID ]

	Device Properties:
		Driver Description	Miracast HID
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	mirahid.inf
		Hardware ID	ROOT\mirahid

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_INT&DEV_340E

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C02

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C02

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C02

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_INT&DEV_3F0D

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C02

[ System devices / NDIS Virtual Network Adapter Enumerator ]

	Device Properties:
		Driver Description	NDIS Virtual Network Adapter Enumerator
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	ndisvirtualbus.inf
		Hardware ID	ROOT\NdisVirtualBus

[ System devices / Numeric data processor ]

	Device Properties:
		Driver Description	Numeric data processor
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C04

[ System devices / PCI Express Root Complex ]

	Device Properties:
		Driver Description	PCI Express Root Complex
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	pci.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0A08

	Device Resources:
		Memory	000A0000-000BFFFF
		Memory	000D0000-000D3FFF
		Memory	000D4000-000D7FFF
		Memory	000D8000-000DBFFF
		Memory	000DC000-000DFFFF
		Memory	DFE00000-FEAFFFFF
		Port	0000-0CF7
		Port	0D00-FFFF

[ System devices / PCI-to-PCI Bridge ]

	Device Properties:
		Driver Description	PCI-to-PCI Bridge
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	pci.inf
		Hardware ID	PCI\VEN_8086&DEV_1E10&SUBSYS_15671043&REV_C4
		Location Information	PCI bus 0, device 28, function 0
		PCI Device	Intel Panther Point PCH - PCI Express Port 1

[ System devices / PCI-to-PCI Bridge ]

	Device Properties:
		Driver Description	PCI-to-PCI Bridge
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	pci.inf
		Hardware ID	PCI\VEN_8086&DEV_1E12&SUBSYS_15671043&REV_C4
		Location Information	PCI bus 0, device 28, function 1
		PCI Device	Intel Panther Point PCH - PCI Express Port 2

	Device Resources:
		Memory	F7D00000-F7DFFFFF

[ System devices / PCI-to-PCI Bridge ]

	Device Properties:
		Driver Description	PCI-to-PCI Bridge
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	pci.inf
		Hardware ID	PCI\VEN_8086&DEV_1E16&SUBSYS_15671043&REV_C4
		Location Information	PCI bus 0, device 28, function 3
		PCI Device	Intel Panther Point PCH - PCI Express Port 4

	Device Resources:
		Memory	F0000000-F00FFFFF
		Memory	F7C00000-F7CFFFFF
		Port	E000-EFFF

[ System devices / Plug and Play Software Device Enumerator ]

	Device Properties:
		Driver Description	Plug and Play Software Device Enumerator
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	swenum.inf
		Hardware ID	ROOT\SWENUM

[ System devices / Programmable interrupt controller ]

	Device Properties:
		Driver Description	Programmable interrupt controller
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0000

[ System devices / Remote Desktop Device Redirector Bus ]

	Device Properties:
		Driver Description	Remote Desktop Device Redirector Bus
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	rdpbus.inf
		Hardware ID	ROOT\RDPBUS

[ System devices / System board ]

	Device Properties:
		Driver Description	System board
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C01

[ System devices / System board ]

	Device Properties:
		Driver Description	System board
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C01

[ System devices / System CMOS/real time clock ]

	Device Properties:
		Driver Description	System CMOS/real time clock
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0B00

	Device Resources:
		IRQ	08
		Port	0070-0077

[ System devices / System timer ]

	Device Properties:
		Driver Description	System timer
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0100

[ System devices / UMBus Root Bus Enumerator ]

	Device Properties:
		Driver Description	UMBus Root Bus Enumerator
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	umbus.inf
		Hardware ID	root\umbus

[ System devices / Volume Manager ]

	Device Properties:
		Driver Description	Volume Manager
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	volmgr.inf
		Hardware ID	ROOT\VOLMGR

[ Universal Serial Bus controllers / Generic USB Hub ]

	Device Properties:
		Driver Description	Generic USB Hub
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	usb.inf
		Hardware ID	USB\VID_8087&PID_0024&REV_0000
		Location Information	Port_#0001.Hub_#0001

[ Universal Serial Bus controllers / Generic USB Hub ]

	Device Properties:
		Driver Description	Generic USB Hub
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	usb.inf
		Hardware ID	USB\VID_8087&PID_0024&REV_0000
		Location Information	Port_#0001.Hub_#0002

[ Universal Serial Bus controllers / Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26 ]

	Device Properties:
		Driver Description	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	usbport.inf
		Hardware ID	PCI\VEN_8086&DEV_1E26&SUBSYS_15671043&REV_04
		Location Information	PCI bus 0, device 29, function 0
		PCI Device	Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1]

	Device Resources:
		IRQ	23
		Memory	F7E17000-F7E173FF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Universal Serial Bus controllers / Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D ]

	Device Properties:
		Driver Description	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	usbport.inf
		Hardware ID	PCI\VEN_8086&DEV_1E2D&SUBSYS_15671043&REV_04
		Location Information	PCI bus 0, device 26, function 0
		PCI Device	Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1]

	Device Resources:
		IRQ	16
		Memory	F7E18000-F7E183FF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Universal Serial Bus controllers / Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft) ]

	Device Properties:
		Driver Description	Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
		Driver Date	13/03/2015
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	usbxhci.inf
		Hardware ID	PCI\VEN_8086&DEV_1E31&SUBSYS_15671043&REV_04
		Location Information	PCI bus 0, device 20, function 0
		PCI Device	Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1]

	Device Resources:
		IRQ	65536
		Memory	F7E00000-F7E0FFFF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Universal Serial Bus controllers / USB Composite Device ]

	Device Properties:
		Driver Description	USB Composite Device
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	usb.inf
		Hardware ID	USB\VID_04F2&PID_B354&REV_7570
		Location Information	Port_#0003.Hub_#0004

[ Universal Serial Bus controllers / USB Root Hub (xHCI) ]

	Device Properties:
		Driver Description	USB Root Hub (xHCI)
		Driver Date	13/03/2015
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	usbhub3.inf
		Hardware ID	USB\ROOT_HUB30&VID8086&PID1E31&REV0004

[ Universal Serial Bus controllers / USB Root Hub ]

	Device Properties:
		Driver Description	USB Root Hub
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	usbport.inf
		Hardware ID	USB\ROOT_HUB20&VID8086&PID1E2D&REV0004

[ Universal Serial Bus controllers / USB Root Hub ]

	Device Properties:
		Driver Description	USB Root Hub
		Driver Date	21/06/2006
		Driver Version	10.0.10041.0
		Driver Provider	Microsoft
		INF File	usbport.inf
		Hardware ID	USB\ROOT_HUB20&VID8086&PID1E26&REV0004

[ Unknown / Unknown ]

	Device Properties:
		Driver Description	Unknown

Physical Devices


PCI Devices:
	Bus 2, Device 0, Function 0	Atheros AR9485 Wireless Network Adapter
	Bus 0, Device 31, Function 0	Intel HM76 Chipset - LPC Interface Controller [C-1]
	Bus 0, Device 27, Function 0	Intel Panther Point PCH - High Definition Audio Controller [C-1]
	Bus 0, Device 22, Function 0	Intel Panther Point PCH - Host Embedded Controller Interface 1 (HECI1) [C-1]
	Bus 0, Device 28, Function 0	Intel Panther Point PCH - PCI Express Port 1
	Bus 0, Device 28, Function 1	Intel Panther Point PCH - PCI Express Port 2
	Bus 0, Device 28, Function 3	Intel Panther Point PCH - PCI Express Port 4
	Bus 0, Device 31, Function 3	Intel Panther Point PCH - SMBus Controller [C-1]
	Bus 0, Device 31, Function 6	Intel Panther Point PCH - Thermal Management Controller [C-1]
	Bus 0, Device 29, Function 0	Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1]
	Bus 0, Device 26, Function 0	Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1]
	Bus 0, Device 20, Function 0	Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1]
	Bus 0, Device 31, Function 2	Intel Panther Point-M PCH - SATA AHCI Controller [C-1]
	Bus 0, Device 0, Function 0	Intel Sandy Bridge-MB - Host Bridge/DRAM Controller
	Bus 0, Device 2, Function 0	Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2)
	Bus 3, Device 0, Function 2	Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter
	Bus 3, Device 0, Function 0	Realtek RTS5289 PCI-E Card Reader

PnP Devices:
	PNP0C08	ACPI Driver/BIOS
	FIXEDBUTTON	ACPI Fixed Feature Button
	PNP0C14	ACPI Management Interface
	THERMALZONE	ACPI Thermal Zone
	PNP0A08	ACPI Three-wire Device Bus
	ATK3001	Asus Keyboard Device Filter
	ATK4001	Asus Wireless Radio Control
	PNP0C0A	Control Method Battery
	PNP0200	DMA Controller
	ETD0108	ELAN PS/2 Port Smart-Pad
	PNP0C09	Embedded Controller Device
	PNP0103	High Precision Event Timer
	INT0800	Intel Flash EEPROM
	INT340E	Intel System Device
	INT3F0D	Intel Watchdog Timer
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I3-2370M_CPU_@_2.40GHZ	Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I3-2370M_CPU_@_2.40GHZ	Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I3-2370M_CPU_@_2.40GHZ	Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I3-2370M_CPU_@_2.40GHZ	Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
	PNP0C0D	Lid
	ACPI0003	Microsoft AC Adapter
	PNP0C04	Numeric Data Processor
	PNP0000	Programmable Interrupt Controller
	PNP0B00	Real-Time Clock
	PNP0C0E	Sleep Button
	PNP0C01	System Board Extension
	PNP0C01	System Board Extension
	PNP0100	System Timer
	PNP0C02	Thermal Monitoring ACPI Device
	PNP0C02	Thermal Monitoring ACPI Device
	PNP0C02	Thermal Monitoring ACPI Device
	PNP0C02	Thermal Monitoring ACPI Device

USB Devices:
	8087 0024	Generic USB Hub
	8087 0024	Generic USB Hub
	04F2 B354	USB Composite Device
	04F2 B354	USB2.0 HD UVC WebCam

PCI Devices


[ Atheros AR9485 Wireless Network Adapter ]

	Device Properties:
		Device Description	Atheros AR9485 Wireless Network Adapter
		Bus Type	PCI Express 2.0 x1
		Bus / Device / Function	2 / 0 / 0
		Device ID	168C-0032
		Subsystem ID	1A3B-1186
		Device Class	0280 (Network Controller)
		Revision	01
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel HM76 Chipset - LPC Interface Controller [C-1] ]

	Device Properties:
		Device Description	Intel HM76 Chipset - LPC Interface Controller [C-1]
		Bus Type	PCI
		Bus / Device / Function	0 / 31 / 0
		Device ID	8086-1E59
		Subsystem ID	1043-1567
		Device Class	0601 (PCI/ISA Bridge)
		Revision	04
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Panther Point PCH - High Definition Audio Controller [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - High Definition Audio Controller [C-1]
		Bus Type	PCI Express 1.0
		Bus / Device / Function	0 / 27 / 0
		Device ID	8086-1E20
		Subsystem ID	1043-1567
		Device Class	0403 (High Definition Audio)
		Revision	04
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Panther Point PCH - Host Embedded Controller Interface 1 (HECI1) [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - Host Embedded Controller Interface 1 (HECI1) [C-1]
		Bus Type	PCI
		Bus / Device / Function	0 / 22 / 0
		Device ID	8086-1E3A
		Subsystem ID	1043-1567
		Device Class	0780 (Communications Controller)
		Revision	04
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Panther Point PCH - PCI Express Port 1 ]

	Device Properties:
		Device Description	Intel Panther Point PCH - PCI Express Port 1
		Bus Type	PCI
		Bus / Device / Function	0 / 28 / 0
		Device ID	8086-1E10
		Subsystem ID	0000-0000
		Device Class	0604 (PCI/PCI Bridge)
		Revision	C4
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Panther Point PCH - PCI Express Port 2 ]

	Device Properties:
		Device Description	Intel Panther Point PCH - PCI Express Port 2
		Bus Type	PCI
		Bus / Device / Function	0 / 28 / 1
		Device ID	8086-1E12
		Subsystem ID	0000-0000
		Device Class	0604 (PCI/PCI Bridge)
		Revision	C4
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Panther Point PCH - PCI Express Port 4 ]

	Device Properties:
		Device Description	Intel Panther Point PCH - PCI Express Port 4
		Bus Type	PCI
		Bus / Device / Function	0 / 28 / 3
		Device ID	8086-1E16
		Subsystem ID	0000-0000
		Device Class	0604 (PCI/PCI Bridge)
		Revision	C4
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Panther Point PCH - SMBus Controller [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - SMBus Controller [C-1]
		Bus Type	PCI
		Bus / Device / Function	0 / 31 / 3
		Device ID	8086-1E22
		Subsystem ID	1043-1567
		Device Class	0C05 (SMBus Controller)
		Revision	04
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Disabled

[ Intel Panther Point PCH - Thermal Management Controller [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - Thermal Management Controller [C-1]
		Bus Type	PCI
		Bus / Device / Function	0 / 31 / 6
		Device ID	8086-1E24
		Subsystem ID	1043-1567
		Device Class	1180 (Data Acquisition / Signal Processing Controller)
		Revision	04
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Disabled

[ Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1]
		Bus Type	PCI
		Bus / Device / Function	0 / 29 / 0
		Device ID	8086-1E26
		Subsystem ID	1043-1567
		Device Class	0C03 (USB Controller)
		Revision	04
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1]
		Bus Type	PCI
		Bus / Device / Function	0 / 26 / 0
		Device ID	8086-1E2D
		Subsystem ID	1043-1567
		Device Class	0C03 (USB Controller)
		Revision	04
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1]
		Bus Type	PCI
		Bus / Device / Function	0 / 20 / 0
		Device ID	8086-1E31
		Subsystem ID	1043-1567
		Device Class	0C03 (USB Controller)
		Revision	04
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Panther Point-M PCH - SATA AHCI Controller [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point-M PCH - SATA AHCI Controller [C-1]
		Bus Type	PCI
		Bus / Device / Function	0 / 31 / 2
		Device ID	8086-1E03
		Subsystem ID	1043-1567
		Device Class	0106 (SATA Controller)
		Revision	04
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Supported
		Bus Mastering	Enabled

[ Intel Sandy Bridge-MB - Host Bridge/DRAM Controller ]

	Device Properties:
		Device Description	Intel Sandy Bridge-MB - Host Bridge/DRAM Controller
		Bus Type	PCI
		Bus / Device / Function	0 / 0 / 0
		Device ID	8086-0104
		Subsystem ID	1043-1567
		Device Class	0600 (Host/PCI Bridge)
		Revision	09
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2) ]

	Device Properties:
		Device Description	Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2)
		Bus Type	PCI
		Bus / Device / Function	0 / 2 / 0
		Device ID	8086-0116
		Subsystem ID	1043-1567
		Device Class	0300 (VGA Display Controller)
		Revision	09
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

	Video Adapter Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

[ Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter ]

	Device Properties:
		Device Description	Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter
		Bus Type	PCI Express 2.0 x1
		Bus / Device / Function	3 / 0 / 2
		Device ID	10EC-8168
		Subsystem ID	1043-1567
		Device Class	0200 (Ethernet Controller)
		Revision	0A
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

	Network Adapter Manufacturer:
		Company Name	Realtek Semiconductor Corp.
		Product Information	http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=7&PFid=10&Level=3&Conn=2
		Driver Download	http://www.realtek.com.tw/downloads
		Driver Update	http://www.aida64.com/driver-updates

[ Realtek RTS5289 PCI-E Card Reader ]

	Device Properties:
		Device Description	Realtek RTS5289 PCI-E Card Reader
		Bus Type	PCI Express 2.0 x1
		Bus / Device / Function	3 / 0 / 0
		Device ID	10EC-5289
		Subsystem ID	1043-1567
		Device Class	FF00
		Revision	01
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

USB Devices


[ Generic USB Hub ]

	Device Properties:
		Device Description	Generic USB Hub
		Device ID	8087-0024
		Device Class	09 / 00 (Hi-Speed Hub with single TT)
		Device Protocol	01
		Supported USB Version	2.00
		Current Speed	High (USB 2.0)

[ USB Composite Device ]

	Device Properties:
		Device Description	USB Composite Device
		Device ID	04F2-B354
		Device Class	EF / 02 (Interface Association Descriptor)
		Device Protocol	01
		Supported USB Version	2.00
		Current Speed	High (USB 2.0)

[ Generic USB Hub ]

	Device Properties:
		Device Description	Generic USB Hub
		Device ID	8087-0024
		Device Class	09 / 00 (Hi-Speed Hub with single TT)
		Device Protocol	01
		Supported USB Version	2.00
		Current Speed	High (USB 2.0)

Device Resources


Resource	Share	Device Description
IRQ 01	Exclusive	PC/AT Enhanced PS/2 Keyboard (101/102-Key)
IRQ 08	Exclusive	System CMOS/real time clock
IRQ 100	Exclusive	Microsoft ACPI-Compliant System
IRQ 101	Exclusive	Microsoft ACPI-Compliant System
IRQ 102	Exclusive	Microsoft ACPI-Compliant System
IRQ 103	Exclusive	Microsoft ACPI-Compliant System
IRQ 104	Exclusive	Microsoft ACPI-Compliant System
IRQ 105	Exclusive	Microsoft ACPI-Compliant System
IRQ 106	Exclusive	Microsoft ACPI-Compliant System
IRQ 107	Exclusive	Microsoft ACPI-Compliant System
IRQ 108	Exclusive	Microsoft ACPI-Compliant System
IRQ 109	Exclusive	Microsoft ACPI-Compliant System
IRQ 110	Exclusive	Microsoft ACPI-Compliant System
IRQ 111	Exclusive	Microsoft ACPI-Compliant System
IRQ 112	Exclusive	Microsoft ACPI-Compliant System
IRQ 113	Exclusive	Microsoft ACPI-Compliant System
IRQ 114	Exclusive	Microsoft ACPI-Compliant System
IRQ 115	Exclusive	Microsoft ACPI-Compliant System
IRQ 116	Exclusive	Microsoft ACPI-Compliant System
IRQ 117	Exclusive	Microsoft ACPI-Compliant System
IRQ 118	Exclusive	Microsoft ACPI-Compliant System
IRQ 119	Exclusive	Microsoft ACPI-Compliant System
IRQ 12	Exclusive	ASUS PS/2 Port Clickpad
IRQ 120	Exclusive	Microsoft ACPI-Compliant System
IRQ 121	Exclusive	Microsoft ACPI-Compliant System
IRQ 122	Exclusive	Microsoft ACPI-Compliant System
IRQ 123	Exclusive	Microsoft ACPI-Compliant System
IRQ 124	Exclusive	Microsoft ACPI-Compliant System
IRQ 125	Exclusive	Microsoft ACPI-Compliant System
IRQ 126	Exclusive	Microsoft ACPI-Compliant System
IRQ 127	Exclusive	Microsoft ACPI-Compliant System
IRQ 128	Exclusive	Microsoft ACPI-Compliant System
IRQ 129	Exclusive	Microsoft ACPI-Compliant System
IRQ 130	Exclusive	Microsoft ACPI-Compliant System
IRQ 131	Exclusive	Microsoft ACPI-Compliant System
IRQ 132	Exclusive	Microsoft ACPI-Compliant System
IRQ 133	Exclusive	Microsoft ACPI-Compliant System
IRQ 134	Exclusive	Microsoft ACPI-Compliant System
IRQ 135	Exclusive	Microsoft ACPI-Compliant System
IRQ 136	Exclusive	Microsoft ACPI-Compliant System
IRQ 137	Exclusive	Microsoft ACPI-Compliant System
IRQ 138	Exclusive	Microsoft ACPI-Compliant System
IRQ 139	Exclusive	Microsoft ACPI-Compliant System
IRQ 140	Exclusive	Microsoft ACPI-Compliant System
IRQ 141	Exclusive	Microsoft ACPI-Compliant System
IRQ 142	Exclusive	Microsoft ACPI-Compliant System
IRQ 143	Exclusive	Microsoft ACPI-Compliant System
IRQ 144	Exclusive	Microsoft ACPI-Compliant System
IRQ 145	Exclusive	Microsoft ACPI-Compliant System
IRQ 146	Exclusive	Microsoft ACPI-Compliant System
IRQ 147	Exclusive	Microsoft ACPI-Compliant System
IRQ 148	Exclusive	Microsoft ACPI-Compliant System
IRQ 149	Exclusive	Microsoft ACPI-Compliant System
IRQ 150	Exclusive	Microsoft ACPI-Compliant System
IRQ 151	Exclusive	Microsoft ACPI-Compliant System
IRQ 152	Exclusive	Microsoft ACPI-Compliant System
IRQ 153	Exclusive	Microsoft ACPI-Compliant System
IRQ 154	Exclusive	Microsoft ACPI-Compliant System
IRQ 155	Exclusive	Microsoft ACPI-Compliant System
IRQ 156	Exclusive	Microsoft ACPI-Compliant System
IRQ 157	Exclusive	Microsoft ACPI-Compliant System
IRQ 158	Exclusive	Microsoft ACPI-Compliant System
IRQ 159	Exclusive	Microsoft ACPI-Compliant System
IRQ 16	Shared	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
IRQ 16	Shared	Intel(R) Management Engine Interface
IRQ 160	Exclusive	Microsoft ACPI-Compliant System
IRQ 161	Exclusive	Microsoft ACPI-Compliant System
IRQ 162	Exclusive	Microsoft ACPI-Compliant System
IRQ 163	Exclusive	Microsoft ACPI-Compliant System
IRQ 164	Exclusive	Microsoft ACPI-Compliant System
IRQ 165	Exclusive	Microsoft ACPI-Compliant System
IRQ 166	Exclusive	Microsoft ACPI-Compliant System
IRQ 167	Exclusive	Microsoft ACPI-Compliant System
IRQ 168	Exclusive	Microsoft ACPI-Compliant System
IRQ 169	Exclusive	Microsoft ACPI-Compliant System
IRQ 17	Shared	Qualcomm Atheros AR9485 Wireless Network Adapter
IRQ 170	Exclusive	Microsoft ACPI-Compliant System
IRQ 171	Exclusive	Microsoft ACPI-Compliant System
IRQ 172	Exclusive	Microsoft ACPI-Compliant System
IRQ 173	Exclusive	Microsoft ACPI-Compliant System
IRQ 174	Exclusive	Microsoft ACPI-Compliant System
IRQ 175	Exclusive	Microsoft ACPI-Compliant System
IRQ 176	Exclusive	Microsoft ACPI-Compliant System
IRQ 177	Exclusive	Microsoft ACPI-Compliant System
IRQ 178	Exclusive	Microsoft ACPI-Compliant System
IRQ 179	Exclusive	Microsoft ACPI-Compliant System
IRQ 180	Exclusive	Microsoft ACPI-Compliant System
IRQ 181	Exclusive	Microsoft ACPI-Compliant System
IRQ 182	Exclusive	Microsoft ACPI-Compliant System
IRQ 183	Exclusive	Microsoft ACPI-Compliant System
IRQ 184	Exclusive	Microsoft ACPI-Compliant System
IRQ 185	Exclusive	Microsoft ACPI-Compliant System
IRQ 186	Exclusive	Microsoft ACPI-Compliant System
IRQ 187	Exclusive	Microsoft ACPI-Compliant System
IRQ 188	Exclusive	Microsoft ACPI-Compliant System
IRQ 189	Exclusive	Microsoft ACPI-Compliant System
IRQ 190	Exclusive	Microsoft ACPI-Compliant System
IRQ 191	Exclusive	Microsoft ACPI-Compliant System
IRQ 192	Exclusive	Microsoft ACPI-Compliant System
IRQ 193	Exclusive	Microsoft ACPI-Compliant System
IRQ 194	Exclusive	Microsoft ACPI-Compliant System
IRQ 195	Exclusive	Microsoft ACPI-Compliant System
IRQ 196	Exclusive	Microsoft ACPI-Compliant System
IRQ 197	Exclusive	Microsoft ACPI-Compliant System
IRQ 198	Exclusive	Microsoft ACPI-Compliant System
IRQ 199	Exclusive	Microsoft ACPI-Compliant System
IRQ 200	Exclusive	Microsoft ACPI-Compliant System
IRQ 201	Exclusive	Microsoft ACPI-Compliant System
IRQ 202	Exclusive	Microsoft ACPI-Compliant System
IRQ 203	Exclusive	Microsoft ACPI-Compliant System
IRQ 204	Exclusive	Microsoft ACPI-Compliant System
IRQ 205	Exclusive	Microsoft ACPI-Compliant System
IRQ 22	Shared	High Definition Audio Controller
IRQ 23	Shared	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26
IRQ 256	Exclusive	Microsoft ACPI-Compliant System
IRQ 257	Exclusive	Microsoft ACPI-Compliant System
IRQ 258	Exclusive	Microsoft ACPI-Compliant System
IRQ 259	Exclusive	Microsoft ACPI-Compliant System
IRQ 260	Exclusive	Microsoft ACPI-Compliant System
IRQ 261	Exclusive	Microsoft ACPI-Compliant System
IRQ 262	Exclusive	Microsoft ACPI-Compliant System
IRQ 263	Exclusive	Microsoft ACPI-Compliant System
IRQ 264	Exclusive	Microsoft ACPI-Compliant System
IRQ 265	Exclusive	Microsoft ACPI-Compliant System
IRQ 266	Exclusive	Microsoft ACPI-Compliant System
IRQ 267	Exclusive	Microsoft ACPI-Compliant System
IRQ 268	Exclusive	Microsoft ACPI-Compliant System
IRQ 269	Exclusive	Microsoft ACPI-Compliant System
IRQ 270	Exclusive	Microsoft ACPI-Compliant System
IRQ 271	Exclusive	Microsoft ACPI-Compliant System
IRQ 272	Exclusive	Microsoft ACPI-Compliant System
IRQ 273	Exclusive	Microsoft ACPI-Compliant System
IRQ 274	Exclusive	Microsoft ACPI-Compliant System
IRQ 275	Exclusive	Microsoft ACPI-Compliant System
IRQ 276	Exclusive	Microsoft ACPI-Compliant System
IRQ 277	Exclusive	Microsoft ACPI-Compliant System
IRQ 278	Exclusive	Microsoft ACPI-Compliant System
IRQ 279	Exclusive	Microsoft ACPI-Compliant System
IRQ 280	Exclusive	Microsoft ACPI-Compliant System
IRQ 281	Exclusive	Microsoft ACPI-Compliant System
IRQ 282	Exclusive	Microsoft ACPI-Compliant System
IRQ 283	Exclusive	Microsoft ACPI-Compliant System
IRQ 284	Exclusive	Microsoft ACPI-Compliant System
IRQ 285	Exclusive	Microsoft ACPI-Compliant System
IRQ 286	Exclusive	Microsoft ACPI-Compliant System
IRQ 287	Exclusive	Microsoft ACPI-Compliant System
IRQ 288	Exclusive	Microsoft ACPI-Compliant System
IRQ 289	Exclusive	Microsoft ACPI-Compliant System
IRQ 290	Exclusive	Microsoft ACPI-Compliant System
IRQ 291	Exclusive	Microsoft ACPI-Compliant System
IRQ 292	Exclusive	Microsoft ACPI-Compliant System
IRQ 293	Exclusive	Microsoft ACPI-Compliant System
IRQ 294	Exclusive	Microsoft ACPI-Compliant System
IRQ 295	Exclusive	Microsoft ACPI-Compliant System
IRQ 296	Exclusive	Microsoft ACPI-Compliant System
IRQ 297	Exclusive	Microsoft ACPI-Compliant System
IRQ 298	Exclusive	Microsoft ACPI-Compliant System
IRQ 299	Exclusive	Microsoft ACPI-Compliant System
IRQ 300	Exclusive	Microsoft ACPI-Compliant System
IRQ 301	Exclusive	Microsoft ACPI-Compliant System
IRQ 302	Exclusive	Microsoft ACPI-Compliant System
IRQ 303	Exclusive	Microsoft ACPI-Compliant System
IRQ 304	Exclusive	Microsoft ACPI-Compliant System
IRQ 305	Exclusive	Microsoft ACPI-Compliant System
IRQ 306	Exclusive	Microsoft ACPI-Compliant System
IRQ 307	Exclusive	Microsoft ACPI-Compliant System
IRQ 308	Exclusive	Microsoft ACPI-Compliant System
IRQ 309	Exclusive	Microsoft ACPI-Compliant System
IRQ 310	Exclusive	Microsoft ACPI-Compliant System
IRQ 311	Exclusive	Microsoft ACPI-Compliant System
IRQ 312	Exclusive	Microsoft ACPI-Compliant System
IRQ 313	Exclusive	Microsoft ACPI-Compliant System
IRQ 314	Exclusive	Microsoft ACPI-Compliant System
IRQ 315	Exclusive	Microsoft ACPI-Compliant System
IRQ 316	Exclusive	Microsoft ACPI-Compliant System
IRQ 317	Exclusive	Microsoft ACPI-Compliant System
IRQ 318	Exclusive	Microsoft ACPI-Compliant System
IRQ 319	Exclusive	Microsoft ACPI-Compliant System
IRQ 320	Exclusive	Microsoft ACPI-Compliant System
IRQ 321	Exclusive	Microsoft ACPI-Compliant System
IRQ 322	Exclusive	Microsoft ACPI-Compliant System
IRQ 323	Exclusive	Microsoft ACPI-Compliant System
IRQ 324	Exclusive	Microsoft ACPI-Compliant System
IRQ 325	Exclusive	Microsoft ACPI-Compliant System
IRQ 326	Exclusive	Microsoft ACPI-Compliant System
IRQ 327	Exclusive	Microsoft ACPI-Compliant System
IRQ 328	Exclusive	Microsoft ACPI-Compliant System
IRQ 329	Exclusive	Microsoft ACPI-Compliant System
IRQ 330	Exclusive	Microsoft ACPI-Compliant System
IRQ 331	Exclusive	Microsoft ACPI-Compliant System
IRQ 332	Exclusive	Microsoft ACPI-Compliant System
IRQ 333	Exclusive	Microsoft ACPI-Compliant System
IRQ 334	Exclusive	Microsoft ACPI-Compliant System
IRQ 335	Exclusive	Microsoft ACPI-Compliant System
IRQ 336	Exclusive	Microsoft ACPI-Compliant System
IRQ 337	Exclusive	Microsoft ACPI-Compliant System
IRQ 338	Exclusive	Microsoft ACPI-Compliant System
IRQ 339	Exclusive	Microsoft ACPI-Compliant System
IRQ 340	Exclusive	Microsoft ACPI-Compliant System
IRQ 341	Exclusive	Microsoft ACPI-Compliant System
IRQ 342	Exclusive	Microsoft ACPI-Compliant System
IRQ 343	Exclusive	Microsoft ACPI-Compliant System
IRQ 344	Exclusive	Microsoft ACPI-Compliant System
IRQ 345	Exclusive	Microsoft ACPI-Compliant System
IRQ 346	Exclusive	Microsoft ACPI-Compliant System
IRQ 347	Exclusive	Microsoft ACPI-Compliant System
IRQ 348	Exclusive	Microsoft ACPI-Compliant System
IRQ 349	Exclusive	Microsoft ACPI-Compliant System
IRQ 350	Exclusive	Microsoft ACPI-Compliant System
IRQ 351	Exclusive	Microsoft ACPI-Compliant System
IRQ 352	Exclusive	Microsoft ACPI-Compliant System
IRQ 353	Exclusive	Microsoft ACPI-Compliant System
IRQ 354	Exclusive	Microsoft ACPI-Compliant System
IRQ 355	Exclusive	Microsoft ACPI-Compliant System
IRQ 356	Exclusive	Microsoft ACPI-Compliant System
IRQ 357	Exclusive	Microsoft ACPI-Compliant System
IRQ 358	Exclusive	Microsoft ACPI-Compliant System
IRQ 359	Exclusive	Microsoft ACPI-Compliant System
IRQ 360	Exclusive	Microsoft ACPI-Compliant System
IRQ 361	Exclusive	Microsoft ACPI-Compliant System
IRQ 362	Exclusive	Microsoft ACPI-Compliant System
IRQ 363	Exclusive	Microsoft ACPI-Compliant System
IRQ 364	Exclusive	Microsoft ACPI-Compliant System
IRQ 365	Exclusive	Microsoft ACPI-Compliant System
IRQ 366	Exclusive	Microsoft ACPI-Compliant System
IRQ 367	Exclusive	Microsoft ACPI-Compliant System
IRQ 368	Exclusive	Microsoft ACPI-Compliant System
IRQ 369	Exclusive	Microsoft ACPI-Compliant System
IRQ 370	Exclusive	Microsoft ACPI-Compliant System
IRQ 371	Exclusive	Microsoft ACPI-Compliant System
IRQ 372	Exclusive	Microsoft ACPI-Compliant System
IRQ 373	Exclusive	Microsoft ACPI-Compliant System
IRQ 374	Exclusive	Microsoft ACPI-Compliant System
IRQ 375	Exclusive	Microsoft ACPI-Compliant System
IRQ 376	Exclusive	Microsoft ACPI-Compliant System
IRQ 377	Exclusive	Microsoft ACPI-Compliant System
IRQ 378	Exclusive	Microsoft ACPI-Compliant System
IRQ 379	Exclusive	Microsoft ACPI-Compliant System
IRQ 380	Exclusive	Microsoft ACPI-Compliant System
IRQ 381	Exclusive	Microsoft ACPI-Compliant System
IRQ 382	Exclusive	Microsoft ACPI-Compliant System
IRQ 383	Exclusive	Microsoft ACPI-Compliant System
IRQ 384	Exclusive	Microsoft ACPI-Compliant System
IRQ 385	Exclusive	Microsoft ACPI-Compliant System
IRQ 386	Exclusive	Microsoft ACPI-Compliant System
IRQ 387	Exclusive	Microsoft ACPI-Compliant System
IRQ 388	Exclusive	Microsoft ACPI-Compliant System
IRQ 389	Exclusive	Microsoft ACPI-Compliant System
IRQ 390	Exclusive	Microsoft ACPI-Compliant System
IRQ 391	Exclusive	Microsoft ACPI-Compliant System
IRQ 392	Exclusive	Microsoft ACPI-Compliant System
IRQ 393	Exclusive	Microsoft ACPI-Compliant System
IRQ 394	Exclusive	Microsoft ACPI-Compliant System
IRQ 395	Exclusive	Microsoft ACPI-Compliant System
IRQ 396	Exclusive	Microsoft ACPI-Compliant System
IRQ 397	Exclusive	Microsoft ACPI-Compliant System
IRQ 398	Exclusive	Microsoft ACPI-Compliant System
IRQ 399	Exclusive	Microsoft ACPI-Compliant System
IRQ 400	Exclusive	Microsoft ACPI-Compliant System
IRQ 401	Exclusive	Microsoft ACPI-Compliant System
IRQ 402	Exclusive	Microsoft ACPI-Compliant System
IRQ 403	Exclusive	Microsoft ACPI-Compliant System
IRQ 404	Exclusive	Microsoft ACPI-Compliant System
IRQ 405	Exclusive	Microsoft ACPI-Compliant System
IRQ 406	Exclusive	Microsoft ACPI-Compliant System
IRQ 407	Exclusive	Microsoft ACPI-Compliant System
IRQ 408	Exclusive	Microsoft ACPI-Compliant System
IRQ 409	Exclusive	Microsoft ACPI-Compliant System
IRQ 410	Exclusive	Microsoft ACPI-Compliant System
IRQ 411	Exclusive	Microsoft ACPI-Compliant System
IRQ 412	Exclusive	Microsoft ACPI-Compliant System
IRQ 413	Exclusive	Microsoft ACPI-Compliant System
IRQ 414	Exclusive	Microsoft ACPI-Compliant System
IRQ 415	Exclusive	Microsoft ACPI-Compliant System
IRQ 416	Exclusive	Microsoft ACPI-Compliant System
IRQ 417	Exclusive	Microsoft ACPI-Compliant System
IRQ 418	Exclusive	Microsoft ACPI-Compliant System
IRQ 419	Exclusive	Microsoft ACPI-Compliant System
IRQ 420	Exclusive	Microsoft ACPI-Compliant System
IRQ 421	Exclusive	Microsoft ACPI-Compliant System
IRQ 422	Exclusive	Microsoft ACPI-Compliant System
IRQ 423	Exclusive	Microsoft ACPI-Compliant System
IRQ 424	Exclusive	Microsoft ACPI-Compliant System
IRQ 425	Exclusive	Microsoft ACPI-Compliant System
IRQ 426	Exclusive	Microsoft ACPI-Compliant System
IRQ 427	Exclusive	Microsoft ACPI-Compliant System
IRQ 428	Exclusive	Microsoft ACPI-Compliant System
IRQ 429	Exclusive	Microsoft ACPI-Compliant System
IRQ 430	Exclusive	Microsoft ACPI-Compliant System
IRQ 431	Exclusive	Microsoft ACPI-Compliant System
IRQ 432	Exclusive	Microsoft ACPI-Compliant System
IRQ 433	Exclusive	Microsoft ACPI-Compliant System
IRQ 434	Exclusive	Microsoft ACPI-Compliant System
IRQ 435	Exclusive	Microsoft ACPI-Compliant System
IRQ 436	Exclusive	Microsoft ACPI-Compliant System
IRQ 437	Exclusive	Microsoft ACPI-Compliant System
IRQ 438	Exclusive	Microsoft ACPI-Compliant System
IRQ 439	Exclusive	Microsoft ACPI-Compliant System
IRQ 440	Exclusive	Microsoft ACPI-Compliant System
IRQ 441	Exclusive	Microsoft ACPI-Compliant System
IRQ 442	Exclusive	Microsoft ACPI-Compliant System
IRQ 443	Exclusive	Microsoft ACPI-Compliant System
IRQ 444	Exclusive	Microsoft ACPI-Compliant System
IRQ 445	Exclusive	Microsoft ACPI-Compliant System
IRQ 446	Exclusive	Microsoft ACPI-Compliant System
IRQ 447	Exclusive	Microsoft ACPI-Compliant System
IRQ 448	Exclusive	Microsoft ACPI-Compliant System
IRQ 449	Exclusive	Microsoft ACPI-Compliant System
IRQ 450	Exclusive	Microsoft ACPI-Compliant System
IRQ 451	Exclusive	Microsoft ACPI-Compliant System
IRQ 452	Exclusive	Microsoft ACPI-Compliant System
IRQ 453	Exclusive	Microsoft ACPI-Compliant System
IRQ 454	Exclusive	Microsoft ACPI-Compliant System
IRQ 455	Exclusive	Microsoft ACPI-Compliant System
IRQ 456	Exclusive	Microsoft ACPI-Compliant System
IRQ 457	Exclusive	Microsoft ACPI-Compliant System
IRQ 458	Exclusive	Microsoft ACPI-Compliant System
IRQ 459	Exclusive	Microsoft ACPI-Compliant System
IRQ 460	Exclusive	Microsoft ACPI-Compliant System
IRQ 461	Exclusive	Microsoft ACPI-Compliant System
IRQ 462	Exclusive	Microsoft ACPI-Compliant System
IRQ 463	Exclusive	Microsoft ACPI-Compliant System
IRQ 464	Exclusive	Microsoft ACPI-Compliant System
IRQ 465	Exclusive	Microsoft ACPI-Compliant System
IRQ 466	Exclusive	Microsoft ACPI-Compliant System
IRQ 467	Exclusive	Microsoft ACPI-Compliant System
IRQ 468	Exclusive	Microsoft ACPI-Compliant System
IRQ 469	Exclusive	Microsoft ACPI-Compliant System
IRQ 470	Exclusive	Microsoft ACPI-Compliant System
IRQ 471	Exclusive	Microsoft ACPI-Compliant System
IRQ 472	Exclusive	Microsoft ACPI-Compliant System
IRQ 473	Exclusive	Microsoft ACPI-Compliant System
IRQ 474	Exclusive	Microsoft ACPI-Compliant System
IRQ 475	Exclusive	Microsoft ACPI-Compliant System
IRQ 476	Exclusive	Microsoft ACPI-Compliant System
IRQ 477	Exclusive	Microsoft ACPI-Compliant System
IRQ 478	Exclusive	Microsoft ACPI-Compliant System
IRQ 479	Exclusive	Microsoft ACPI-Compliant System
IRQ 480	Exclusive	Microsoft ACPI-Compliant System
IRQ 481	Exclusive	Microsoft ACPI-Compliant System
IRQ 482	Exclusive	Microsoft ACPI-Compliant System
IRQ 483	Exclusive	Microsoft ACPI-Compliant System
IRQ 484	Exclusive	Microsoft ACPI-Compliant System
IRQ 485	Exclusive	Microsoft ACPI-Compliant System
IRQ 486	Exclusive	Microsoft ACPI-Compliant System
IRQ 487	Exclusive	Microsoft ACPI-Compliant System
IRQ 488	Exclusive	Microsoft ACPI-Compliant System
IRQ 489	Exclusive	Microsoft ACPI-Compliant System
IRQ 490	Exclusive	Microsoft ACPI-Compliant System
IRQ 491	Exclusive	Microsoft ACPI-Compliant System
IRQ 492	Exclusive	Microsoft ACPI-Compliant System
IRQ 493	Exclusive	Microsoft ACPI-Compliant System
IRQ 494	Exclusive	Microsoft ACPI-Compliant System
IRQ 495	Exclusive	Microsoft ACPI-Compliant System
IRQ 496	Exclusive	Microsoft ACPI-Compliant System
IRQ 497	Exclusive	Microsoft ACPI-Compliant System
IRQ 498	Exclusive	Microsoft ACPI-Compliant System
IRQ 499	Exclusive	Microsoft ACPI-Compliant System
IRQ 500	Exclusive	Microsoft ACPI-Compliant System
IRQ 501	Exclusive	Microsoft ACPI-Compliant System
IRQ 502	Exclusive	Microsoft ACPI-Compliant System
IRQ 503	Exclusive	Microsoft ACPI-Compliant System
IRQ 504	Exclusive	Microsoft ACPI-Compliant System
IRQ 505	Exclusive	Microsoft ACPI-Compliant System
IRQ 506	Exclusive	Microsoft ACPI-Compliant System
IRQ 507	Exclusive	Microsoft ACPI-Compliant System
IRQ 508	Exclusive	Microsoft ACPI-Compliant System
IRQ 509	Exclusive	Microsoft ACPI-Compliant System
IRQ 510	Exclusive	Microsoft ACPI-Compliant System
IRQ 511	Exclusive	Microsoft ACPI-Compliant System
IRQ 54	Exclusive	Microsoft ACPI-Compliant System
IRQ 55	Exclusive	Microsoft ACPI-Compliant System
IRQ 56	Exclusive	Microsoft ACPI-Compliant System
IRQ 57	Exclusive	Microsoft ACPI-Compliant System
IRQ 58	Exclusive	Microsoft ACPI-Compliant System
IRQ 59	Exclusive	Microsoft ACPI-Compliant System
IRQ 60	Exclusive	Microsoft ACPI-Compliant System
IRQ 61	Exclusive	Microsoft ACPI-Compliant System
IRQ 62	Exclusive	Microsoft ACPI-Compliant System
IRQ 63	Exclusive	Microsoft ACPI-Compliant System
IRQ 64	Exclusive	Microsoft ACPI-Compliant System
IRQ 65	Exclusive	Microsoft ACPI-Compliant System
IRQ 65536	Exclusive	Realtek PCIe GBE Family Controller
IRQ 65536	Exclusive	Intel(R) HD Graphics 3000
IRQ 65536	Exclusive	Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
IRQ 65536	Exclusive	Realtek PCIE CardReader
IRQ 65536	Exclusive	Standard SATA AHCI Controller
IRQ 66	Exclusive	Microsoft ACPI-Compliant System
IRQ 67	Exclusive	Microsoft ACPI-Compliant System
IRQ 68	Exclusive	Microsoft ACPI-Compliant System
IRQ 69	Exclusive	Microsoft ACPI-Compliant System
IRQ 70	Exclusive	Microsoft ACPI-Compliant System
IRQ 71	Exclusive	Microsoft ACPI-Compliant System
IRQ 72	Exclusive	Microsoft ACPI-Compliant System
IRQ 73	Exclusive	Microsoft ACPI-Compliant System
IRQ 74	Exclusive	Microsoft ACPI-Compliant System
IRQ 75	Exclusive	Microsoft ACPI-Compliant System
IRQ 76	Exclusive	Microsoft ACPI-Compliant System
IRQ 77	Exclusive	Microsoft ACPI-Compliant System
IRQ 78	Exclusive	Microsoft ACPI-Compliant System
IRQ 79	Exclusive	Microsoft ACPI-Compliant System
IRQ 80	Exclusive	Microsoft ACPI-Compliant System
IRQ 81	Exclusive	Microsoft ACPI-Compliant System
IRQ 82	Exclusive	Microsoft ACPI-Compliant System
IRQ 83	Exclusive	Microsoft ACPI-Compliant System
IRQ 84	Exclusive	Microsoft ACPI-Compliant System
IRQ 85	Exclusive	Microsoft ACPI-Compliant System
IRQ 86	Exclusive	Microsoft ACPI-Compliant System
IRQ 87	Exclusive	Microsoft ACPI-Compliant System
IRQ 88	Exclusive	Microsoft ACPI-Compliant System
IRQ 89	Exclusive	Microsoft ACPI-Compliant System
IRQ 90	Exclusive	Microsoft ACPI-Compliant System
IRQ 91	Exclusive	Microsoft ACPI-Compliant System
IRQ 92	Exclusive	Microsoft ACPI-Compliant System
IRQ 93	Exclusive	Microsoft ACPI-Compliant System
IRQ 94	Exclusive	Microsoft ACPI-Compliant System
IRQ 95	Exclusive	Microsoft ACPI-Compliant System
IRQ 96	Exclusive	Microsoft ACPI-Compliant System
IRQ 97	Exclusive	Microsoft ACPI-Compliant System
IRQ 98	Exclusive	Microsoft ACPI-Compliant System
IRQ 99	Exclusive	Microsoft ACPI-Compliant System
Memory 000A0000-000BFFFF	Shared	Intel(R) HD Graphics 3000
Memory 000A0000-000BFFFF	Shared	PCI Express Root Complex
Memory 000D0000-000D3FFF	Shared	PCI Express Root Complex
Memory 000D4000-000D7FFF	Shared	PCI Express Root Complex
Memory 000D8000-000DBFFF	Shared	PCI Express Root Complex
Memory 000DC000-000DFFFF	Shared	PCI Express Root Complex
Memory DFE00000-FEAFFFFF	Shared	PCI Express Root Complex
Memory E0000000-EFFFFFFF	Exclusive	Intel(R) HD Graphics 3000
Memory F0000000-F0003FFF	Exclusive	Realtek PCIe GBE Family Controller
Memory F0000000-F00FFFFF	Exclusive	PCI-to-PCI Bridge
Memory F0004000-F0004FFF	Exclusive	Realtek PCIe GBE Family Controller
Memory F7800000-F7BFFFFF	Exclusive	Intel(R) HD Graphics 3000
Memory F7C00000-F7C0FFFF	Exclusive	Realtek PCIE CardReader
Memory F7C00000-F7CFFFFF	Exclusive	PCI-to-PCI Bridge
Memory F7D00000-F7D7FFFF	Exclusive	Qualcomm Atheros AR9485 Wireless Network Adapter
Memory F7D00000-F7DFFFFF	Exclusive	PCI-to-PCI Bridge
Memory F7E00000-F7E0FFFF	Exclusive	Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
Memory F7E10000-F7E13FFF	Exclusive	High Definition Audio Controller
Memory F7E16000-F7E167FF	Exclusive	Standard SATA AHCI Controller
Memory F7E17000-F7E173FF	Exclusive	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26
Memory F7E18000-F7E183FF	Exclusive	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
Memory F7E1A000-F7E1A00F	Exclusive	Intel(R) Management Engine Interface
Port 0000-0CF7	Shared	PCI Express Root Complex
Port 0060-0060	Exclusive	PC/AT Enhanced PS/2 Keyboard (101/102-Key)
Port 0062-0062	Exclusive	Microsoft ACPI-Compliant Embedded Controller
Port 0064-0064	Exclusive	PC/AT Enhanced PS/2 Keyboard (101/102-Key)
Port 0066-0066	Exclusive	Microsoft ACPI-Compliant Embedded Controller
Port 0070-0077	Exclusive	System CMOS/real time clock
Port 03B0-03BB	Shared	Intel(R) HD Graphics 3000
Port 03C0-03DF	Shared	Intel(R) HD Graphics 3000
Port 0D00-FFFF	Shared	PCI Express Root Complex
Port E000-E0FF	Exclusive	Realtek PCIe GBE Family Controller
Port E000-EFFF	Exclusive	PCI-to-PCI Bridge
Port F000-F03F	Exclusive	Intel(R) HD Graphics 3000

Input


[ PC/AT Enhanced PS/2 Keyboard (101/102-Key) ]

	Keyboard Properties:
		Keyboard Name	PC/AT Enhanced PS/2 Keyboard (101/102-Key)
		Keyboard Type	Japanese keyboard
		Keyboard Layout	India
		ANSI Code Page	1252 - Tay Au (Windows)
		OEM Code Page	437
		Repeat Delay	1
		Repeat Rate	31

[ ASUS PS/2 Port Clickpad ]

	Mouse Properties:
		Mouse Name	ASUS PS/2 Port Clickpad
		Mouse Buttons	2
		Mouse Hand	Right
		Pointer Speed	1
		Double-Click Time	500 msec
		X/Y Threshold	6 / 10
		Wheel Scroll Lines	3

	Mouse Features:
		Active Window Tracking	Disabled
		ClickLock	Disabled
		Hide Pointer While Typing	Enabled
		Mouse Wheel	Not Present
		Move Pointer To Default Button	Disabled
		Pointer Trails	Disabled
		Sonar	Disabled

Printers


[ Fax ]

	Printer Properties:
		Printer Name	Fax
		Default Printer	No
		Share Point	Not shared
		Printer Port	SHRFAX:
		Printer Driver	Microsoft Shared Fax Driver (v4.00)
		Device Name	Fax
		Print Processor	winprint
		Separator Page	None
		Availability	8:00 SA - 8:00 SA
		Priority	1
		Print Jobs Queued	0
		Status	Unknown

	Paper Properties:
		Paper Size	Letter, 8.5 x 11 in
		Orientation	Portrait
		Print Quality	200 x 200 dpi Mono

[ Microsoft XPS Document Writer (Default) ]

	Printer Properties:
		Printer Name	Microsoft XPS Document Writer
		Default Printer	Yes
		Share Point	Not shared
		Printer Port	PORTPROMPT:
		Printer Driver	Microsoft XPS Document Writer v4 (v6.03)
		Device Name	Microsoft XPS Document Writer
		Print Processor	winprint
		Separator Page	None
		Availability	8:00 SA - 8:00 SA
		Priority	1
		Print Jobs Queued	0
		Status	Unknown

	Paper Properties:
		Paper Size	Letter, 8.5 x 11 in
		Orientation	Portrait
		Print Quality	600 x 600 dpi Color

[ Print as a PDF ]

	Printer Properties:
		Printer Name	Print as a PDF
		Default Printer	No
		Share Point	Not shared
		Printer Port	PORTPROMPT:
		Printer Driver	Microsoft Print To PDF (v6.03)
		Device Name	Print as a PDF
		Print Processor	winprint
		Separator Page	None
		Availability	8:00 SA - 8:00 SA
		Priority	1
		Print Jobs Queued	0
		Status	Unknown

	Paper Properties:
		Paper Size	Letter, 8.5 x 11 in
		Orientation	Portrait
		Print Quality	600 x 600 dpi Color

[ Send To OneNote 2013 ]

	Printer Properties:
		Printer Name	Send To OneNote 2013
		Default Printer	No
		Share Point	Not shared
		Printer Port	nul:
		Printer Driver	Send to Microsoft OneNote 15 Driver (v6.03)
		Device Name	Send To OneNote 2013
		Print Processor	winprint
		Separator Page	None
		Availability	Always
		Priority	1
		Print Jobs Queued	0
		Status	Unknown

	Paper Properties:
		Paper Size	Letter, 8.5 x 11 in
		Orientation	Portrait
		Print Quality	600 x 600 dpi Color

Auto Start


Application Description	Start From	Application Command
ASUSQuickGesture(x64)	Registry\Common\Run	C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
ASUSQuickGesture(x86)	Registry\Common\Run	C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
ASUSTPLoader(x64)	Registry\Common\Run	C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
HotKeysCmds	Registry\Common\Run	C:\Windows\system32\hkcmd.exe
IDMan	Registry\User\Run	C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
IgfxTray	Registry\Common\Run	C:\Windows\system32\igfxtray.exe
OneDrive	Registry\User\Run	C:\Users\Quanravita\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
Persistence	Registry\Common\Run	C:\Windows\system32\igfxpers.exe
RTHDVCPL	Registry\Common\Run	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
uTorrent	Registry\User\Run	C:\Users\Quanravita\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED
WindowsDefender	Registry\Common\Run	%ProgramFiles%\Windows Defender\MSASCui.exe -hide -runkey

Scheduled


[ ASUS USB Charger Plus ]

	Task Properties:
		Task Name	ASUS USB Charger Plus
		Status	Running
		Application Name	"C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
		Application Parameters
		Working Folder
		Comment
		Account Name
		Creator	ASUSTek Computer Inc.
		Last Run	05/04/2015 6:24:56 SA
		Next Run	Unknown

	Task Triggers:
		At log on	At log on of any user

[ GoogleUpdateTaskMachineCore ]

	Task Properties:
		Task Name	GoogleUpdateTaskMachineCore
		Status	Enabled
		Application Name	C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
		Application Parameters	/c
		Working Folder
		Comment	Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
		Account Name	SYSTEM
		Creator	WIN-8FFL85VFQP9\Quanravita
		Last Run	05/04/2015 5:56:11 SA
		Next Run	10/04/2015 4:31:00 SA

	Task Triggers:
		At log on	At log on of any user
		Daily	At 4:31:00 SA every day

[ GoogleUpdateTaskMachineUA ]

	Task Properties:
		Task Name	GoogleUpdateTaskMachineUA
		Status	Enabled
		Application Name	C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
		Application Parameters	/ua /installsource scheduler
		Working Folder
		Comment	Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
		Account Name	SYSTEM
		Creator	WIN-8FFL85VFQP9\Quanravita
		Last Run	09/04/2015 6:30:59 SA
		Next Run	09/04/2015 7:31:00 SA

	Task Triggers:
		Daily	At 4:31:00 SA every day - After triggered, repeat every 1 hour for a duration of 1 day

[ Microsoft Office 15 Sync Maintenance for WIN-8FFL85VFQP9-Quanravita WIN-8FFL85VFQP9 ]

	Task Properties:
		Task Name	Microsoft Office 15 Sync Maintenance for WIN-8FFL85VFQP9-Quanravita WIN-8FFL85VFQP9
		Status	Enabled
		Application Name	C:\Program Files\Microsoft Office\Office15\MsoSync.exe
		Application Parameters
		Working Folder
		Comment	Lightweight task keeps Microsoft Office Document Cache in good shape. Disabling this task may lead to unexpected issues when working with documents from online sources as well as higher disk usage.
		Account Name	WIN-8FFL85VFQP9\Quanravita
		Creator	Microsoft Office
		Last Run	05/04/2015 5:57:11 SA
		Next Run	Unknown

	Task Triggers:
		At log on	At log on of WIN-8FFL85VFQP9\Quanravita
		On idle	When computer is idle
		One time	At 00:22:40Z on 02/04/2015

[ SpeechRuntimeTask ]

	Task Properties:
		Task Name	SpeechRuntimeTask
		Status	Disabled
		Application Name	%windir%\system32\speech_onecore\common\SpeechRuntime.exe
		Application Parameters	0 StartListeningForKeyword
		Working Folder
		Comment
		Account Name
		Creator
		Last Run	30/11/1999
		Next Run	Unknown

Installed Programs


Program	Version	Inst. Size	GUID	Publisher	Inst. Date
µTorrent	3.4.2.39744	Unknown	uTorrent	BitTorrent Inc.
ASUS Smart Gesture	1.0.32	Unknown	{4D3286A6-F6AB-498A-82A4-E4F040529F3D}	ASUS	2015-03-31
ASUS USB Charger Plus	2.1.1	Unknown	{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}	ASUS	2015-03-31
ATK Package	1.0.0020	Unknown	{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}	ASUS	2015-03-31
Definition Update for Microsoft Office 2013 (KB2956172) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A6D5F5D4-285D-4F1C-A230-38D2C1432227}	Microsoft
Google Chrome	41.0.2272.118	Unknown	Google Chrome	Google Inc.	2015-03-31
Google Update Helper	1.3.26.9	Unknown	{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	Google Inc.	2015-03-31
Intel(R) Processor Graphics	9.17.10.3347	Unknown	{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}	Intel Corporation
Internet Download Manager		Unknown	Internet Download Manager	Tonec Inc.
KaraFun Studio 1.20.90	1.20.90	Unknown	KaraFun Studio 1.20.90	CNTT2A2	2015-04-01
Microsoft Access MUI (English) 2013	15.0.4569.1506	Unknown	{90150000-0015-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft Access Setup Metadata MUI (English) 2013	15.0.4569.1506	Unknown	{90150000-0117-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft DCF MUI (English) 2013	15.0.4569.1506	Unknown	{90150000-0090-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft Excel MUI (English) 2013	15.0.4569.1506	Unknown	{90150000-0016-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft Groove MUI (English) 2013	15.0.4569.1506	Unknown	{90150000-00BA-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft InfoPath MUI (English) 2013	15.0.4569.1506	Unknown	{90150000-0044-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft Lync MUI (English) 2013	15.0.4569.1506	Unknown	{90150000-012B-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft Office 32-bit Components 2013	15.0.4569.1506	Unknown	{90150000-00C1-0000-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft Office OSM MUI (English) 2013	15.0.4569.1506	Unknown	{90150000-00E1-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft Office OSM UX MUI (English) 2013	15.0.4569.1506	Unknown	{90150000-00E2-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft Office Professional Plus 2013	15.0.4569.1506	Unknown	{90150000-0011-0000-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft Office Proofing (English) 2013	15.0.4569.1506	Unknown	{90150000-002C-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft Office Proofing Tools 2013 - English	15.0.4569.1506	Unknown	{90150000-001F-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft Office Proofing Tools 2013 - Espanol [tie?ng tay ban nha (tay ban nha, sa?p xe?p quo?c te?)]	15.0.4569.1506	Unknown	{90150000-001F-0C0A-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft Office Shared 32-bit MUI (English) 2013	15.0.4569.1506	Unknown	{90150000-00C1-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft Office Shared MUI (English) 2013	15.0.4569.1506	Unknown	{90150000-006E-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft Office Shared Setup Metadata MUI (English) 2013	15.0.4569.1506	Unknown	{90150000-0115-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft OneNote MUI (English) 2013	15.0.4569.1506	Unknown	{90150000-00A1-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft Outlook MUI (English) 2013	15.0.4569.1506	Unknown	{90150000-001A-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft PowerPoint MUI (English) 2013	15.0.4569.1506	Unknown	{90150000-0018-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft Publisher MUI (English) 2013	15.0.4569.1506	Unknown	{90150000-0019-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219	10.0.40219	Unknown	{1D8E6291-B0D5-35EC-8441-6616F567A0F7}	Microsoft Corporation	2015-04-04
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219	10.0.40219	Unknown	{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}	Microsoft Corporation	2015-04-04
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)	10.0.50903	Unknown	Microsoft Visual Studio 2010 Tools for Office Runtime (x64)	Microsoft Corporation
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)	10.0.50908	Unknown	{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}	Microsoft Corporation	2015-04-04
Microsoft Word MUI (English) 2013	15.0.4569.1506	Unknown	{90150000-001B-0409-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Outils de verification linguistique 2013 de Microsoft Office - Francais [tie?ng pha?p (pha?p)]	15.0.4569.1506	Unknown	{90150000-001F-040C-1000-0000000FF1CE}	Microsoft Corporation	2015-04-04
Photodex Presenter		Unknown	Photodex Presenter	Photodex Corporation
Photodex ProShow Producer		Unknown	Photodex ProShow Producer	Photodex Corporation
Realtek High Definition Audio Driver [tie?ng anh]	6.0.1.7458	Unknown	{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}	Realtek Semiconductor Corp.	2015-03-31
Realtek PCIE Card Reader	6.1.7601.27012	Unknown	{C1594429-8296-4652-BF54-9DBE4932A44C}	Realtek Semiconductor Corp.	2015-03-31
Security Update for Microsoft Office 2013 (KB2910941) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{43ECCB82-45DF-4800-8930-0689BF91F765}	Microsoft
Security Update for Microsoft Office 2013 (KB2956151) 64-Bit Edition		Unknown	{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E7A7C0B9-9725-468B-9B6F-1524DD7441FA}	Microsoft
Security Update for Microsoft Word 2013 (KB2956163) 64-Bit Edition		Unknown	{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{39AA9341-DAA0-45E6-8171-E49E2A0D95F7}	Microsoft
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition		Unknown	{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}	Microsoft
TransMac version 11.2	11.2	Unknown	TransMac_is1	Acute Systems	2015-04-05
Update for Microsoft Access 2013 (KB2956176) 64-Bit Edition		Unknown	{90150000-0015-0409-1000-0000000FF1CE}_Office15.PROPLUS_{39042DCD-C595-47E7-A351-F177CF0C0F5C}	Microsoft
Update for Microsoft Excel 2013 (KB2956145) 64-Bit Edition		Unknown	{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5136F26A-1CD2-4BA4-A059-E25E58403B18}	Microsoft
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition		Unknown	{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8260F0BF-F234-41FC-AB11-218A9925F77B}	Microsoft
Update for Microsoft Lync 2013 (KB2956174) 64-Bit Edition		Unknown	{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E7396A71-6BAC-4A67-8B4F-384CA2257A41}	Microsoft
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}	Microsoft
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}	Microsoft
Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{25DEA344-FF6F-41BD-B88F-5242BB8E80E1}	Microsoft
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}	Microsoft
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}	Microsoft
Update for Microsoft Office 2013 (KB2837654) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2147FFF7-71C4-4306-AFE2-1AA7A6025BB1}	Microsoft
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}	Microsoft
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}	Microsoft
Update for Microsoft Office 2013 (KB2880977) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3FF26B00-AC61-487F-B03B-5D83415C5408}	Microsoft
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF1B7B95-4A86-4605-A628-556394B5580A}	Microsoft
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition		Unknown	{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}	Microsoft
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E919ACF4-A1D7-4CAA-A103-5EB115563721}	Microsoft
Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EADBF225-163E-406B-B11A-26ECCCAB5A0E}	Microsoft
Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition		Unknown	{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D7FAA622-6BCF-4EDF-8C34-A48E1838D57B}	Microsoft
Update for Microsoft Office 2013 (KB2899522) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A4E88D96-814F-4183-8DB2-BA3EC2B7E434}	Microsoft
Update for Microsoft Office 2013 (KB2920754) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2513C305-E7E9-46F9-BECA-C6AC02D769B3}	Microsoft
Update for Microsoft Office 2013 (KB2920769) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C906EC6B-8610-487F-8528-658FE2575C86}	Microsoft
Update for Microsoft Office 2013 (KB2956148) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F499AD64-02E9-48E0-84BE-498FBCDC7A95}	Microsoft
Update for Microsoft Office 2013 (KB2956154) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8AB3858C-5246-4C78-937F-86A38A494CAA}	Microsoft
Update for Microsoft Office 2013 (KB2956160) 64-Bit Edition		Unknown	{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{BF379FBB-0ACA-47CB-86C6-12885C01505E}	Microsoft
Update for Microsoft Office 2013 (KB2956167) 64-Bit Edition		Unknown	{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A2478F3C-B1C6-483C-B655-D39B75E9D02C}	Microsoft
Update for Microsoft Office 2013 (KB2956168) 64-Bit Edition		Unknown	{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{6CD4D7BD-0445-4156-8912-49FDAED77CF7}	Microsoft
Update for Microsoft Office 2013 (KB2956169) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B5A6B49E-30F3-4D1D-8F9C-E53712D30996}	Microsoft
Update for Microsoft Office 2013 (KB2956171) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A3DC29E8-0E97-448A-B9C0-9086CB8B3E86}	Microsoft
Update for Microsoft Office 2013 (KB2956177) 64-Bit Edition		Unknown	{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3F8EF29A-A7F8-48B0-BA19-01D0B88AB1B7}	Microsoft
Update for Microsoft OneDrive for Business (KB2920746) 64-Bit Edition		Unknown	{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{98F3EBD3-07A0-4239-85BB-7DB8A1185CA6}	Microsoft
Update for Microsoft OneNote 2013 (KB2956165) 64-Bit Edition		Unknown	{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{91760BB8-6AB7-4252-BF92-EDCE196BCD8D}	Microsoft
Update for Microsoft Outlook 2013 (KB2956170) 64-Bit Edition		Unknown	{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{79EC1590-20DA-4B91-8674-7FD28CB73EBA}	Microsoft
Update for Microsoft Outlook Social Connector 2013 (KB2737996) 64-Bit Edition		Unknown	{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{4DAEE65E-8D3C-409C-8836-1777D2165F22}	Microsoft
Update for Microsoft PowerPoint 2013 (KB2965206) 64-Bit Edition		Unknown	{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{2D6B72C2-F8EC-4FBC-ACBE-A83767F6F56B}	Microsoft
Update for Microsoft Project 2013 (KB2956187) 64-Bit Edition		Unknown	{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E862B4E-0F3B-4B17-8E80-A0A81BE871C9}	Microsoft
Update for Microsoft Publisher 2013 (KB2883048) 64-Bit Edition		Unknown	{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F24DFA32-C8EE-4AFB-89AB-07EE7A52E414}	Microsoft
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition		Unknown	{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}	Microsoft
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition		Unknown	{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}	Microsoft
Windows Driver Package - ASUS (ATP) Mouse (08/27/2012 1.0.0.125)	08/27/2012 1.0.0.125	Unknown	2BD897DEE9289F769D9176245811D5330A360B0B	ASUS
WinRAR 5.21 (64-bit)	5.21.0	Unknown	WinRAR archiver	win.rar GmbH

Licenses


		Software	Product Key
		Microsoft Internet Explorer 9.11.10011.0	NKJFK-GPHP7-G8C3J-P6JXR-HQRJR
		Microsoft Office Professional Plus 2013	YC7DK-G2NP3-2QQC3-J6H88-GVGXT
		Microsoft Windows 8.1 Professional	NKJFK-GPHP7-G8C3J-P6JXR-HQRJR

File Types


Extension	File Type Description	Content Type
386	Virtual Device Driver
3G2	3GPP2 Audio/Video	video/3gpp2
3GP	3GPP Audio/Video	video/3gpp
3GP2	3GPP2 Audio/Video	video/3gpp2
3GPP	3GPP Audio/Video	video/3gpp
7Z	WinRAR archive
AAC	ADTS Audio	audio/vnd.dlna.adts
ACCDA	Microsoft Access Add-in	application/msaccess.addin
ACCDB	Microsoft Access Database	application/msaccess
ACCDC	Microsoft Access Signed Package	application/msaccess.cab
ACCDE	Microsoft Access ACCDE Database	application/msaccess.exec
ACCDR	Microsoft Access Runtime Application	application/msaccess.runtime
ACCDT	Microsoft Access Template	application/msaccess.template
ACCDU	Microsoft Access Add-in Data
ACCDW	Microsoft Access Web Application	application/msaccess.webapplication
ACCFT	Microsoft Access Template	application/msaccess.ftemplate
ACCOUNTPICTURE-MS	Account Picture File	application/windows-accountpicture
ACE	WinRAR archive
ACL	AutoCorrect List File
ADE	Microsoft Access Project Extension	application/msaccess
ADN	Microsoft Access Blank Project Template
ADP	Microsoft Access Project	application/msaccess
ADT	ADTS Audio	audio/vnd.dlna.adts
ADTS	ADTS Audio	audio/vnd.dlna.adts
AIF	AIFF Format Sound	audio/aiff
AIFC	AIFF Format Sound	audio/aiff
AIFF	AIFF Format Sound	audio/aiff
ANI	Animated Cursor
APPCONTENT-MS	Application Content	application/windows-appcontent+xml
APPLICATION	Application Manifest	application/x-ms-application
APPREF-MS	Application Reference
ARJ	WinRAR archive
ASA	ASA File
ASF	Windows Media Audio/Video file	video/x-ms-asf
ASP	ASP File
ASX	Windows Media Audio/Video playlist	video/x-ms-asf
AU	AU Format Sound	audio/basic
AVI	Video Clip	video/avi
AW	Answer Wizard File
BAT	Windows Batch File
BLG	Performance Monitor File
BMP	Bitmap Image	image/bmp
BZ	WinRAR archive
BZ2	WinRAR archive
CAB	WinRAR archive
CAMP	WCS Viewing Condition Profile
CAT	Security Catalog	application/vnd.ms-pki.seccat
CDA	CD Audio Track
CDMP	WCS Device Profile
CDX	CDX File
CDXML	CDXML File
CER	Security Certificate	application/x-x509-ca-cert
CMD	Windows Command Script
COM	MS-DOS Application
COMPOSITEFONT	Composite Font File
CONTACT	Contact File	text/x-ms-contact
CPL	Control Panel Item
CRL	Certificate Revocation List	application/pkix-crl
CRT	Security Certificate	application/x-x509-ca-cert
CRTX	Microsoft Office Chart Template
CSS	Cascading Style Sheet Document	text/css
CSV	Microsoft Excel Comma Separated Values File	application/vnd.ms-excel
CUR	Cursor
CHK	Recovered File Fragments
CHM	Compiled HTML Help file
DB	Data Base File
DCTX	Open Extended Dictionary
DCTXC	Open Extended Dictionary
DDS	DDS Image	image/vnd.ms-dds
DER	Security Certificate	application/x-x509-ca-cert
DESKLINK	Desktop Shortcut
DESKTHEMEPACK	Windows Desktop Theme Pack
DET	Office Data File
DIAGCAB	Diagnostic Cabinet
DIAGCFG	Diagnostic Configuration
DIAGPKG	Diagnostic Document
DIB	Bitmap Image	image/bmp
DIC	Text Document
DLL	Application Extension	application/x-msdownload
DMG	Mac Disk Image File
DOC	Microsoft Word 97 - 2003 Document	application/msword
DOCM	Microsoft Word Macro-Enabled Document	application/vnd.ms-word.document.macroEnabled.12
DOCMHTML	DOCMHTML File
DOCX	Microsoft Word Document	application/vnd.openxmlformats-officedocument.wordprocessingml.document
DOCXML	Microsoft Word XML Document
DOCHTML	Microsoft Word HTML Document
DOT	Microsoft Word 97 - 2003 Template	application/msword
DOTM	Microsoft Word Macro-Enabled Template	application/vnd.ms-word.template.macroEnabled.12
DOTX	Microsoft Word Template	application/vnd.openxmlformats-officedocument.wordprocessingml.template
DOTHTML	Microsoft Word HTML Template
DQY	Microsoft Excel ODBC Query File
DRV	Device Driver
DSN	Microsoft OLE DB Provider for ODBC Drivers
DWFX	XPS Document	model/vnd.dwfx+xps
EASMX	XPS Document	model/vnd.easmx+xps
EDRWX	XPS Document	model/vnd.edrwx+xps
ELM	Microsoft Office Themes File
EMF	EMF File	image/x-emf
EML	E-mail Message
EPRTX	XPS Document	model/vnd.eprtx+xps
EVT	EVT File
EVTX	EVTX File
EXC	Text Document
EXE	Application	application/x-msdownload
FDM	Outlook Form Definition
FLAC	FLAC Audio	audio/x-flac
FON	Font file
GCSX	Microsoft Office SmartArt Graphic Color Variation
GLOX	Microsoft Office SmartArt Graphic Layout
GMMP	WCS Gamut Mapping Profile
GQSX	Microsoft Office SmartArt Graphic Quick Style
GRA	Microsoft Graph Chart
GROUP	Contact Group File	text/x-ms-group
GRP	Microsoft Program Group
GZ	WinRAR archive
GIF	GIF Image	image/gif
HLP	Help File
HOL	Outlook Holidays
HTA	HTML Application	application/hta
HTM	HTML Document	text/html
HTML	HTML Document	text/html
HXA	Microsoft Help Attribute Definition File	application/xml
HXC	Microsoft Help Collection Definition File	application/xml
HXD	Microsoft Help Validator File	application/octet-stream
HXE	Microsoft Help Samples Definition File	application/xml
HXF	Microsoft Help Include File	application/xml
HXH	Microsoft Help Merged Hierarchy File	application/octet-stream
HXI	Microsoft Help Compiled Index File	application/octet-stream
HXK	Microsoft Help Index File	application/xml
HXQ	Microsoft Help Merged Query Index File	application/octet-stream
HXR	Microsoft Help Merged Attribute Index File	application/octet-stream
HXS	Microsoft Help Compiled Storage File	application/octet-stream
HXT	Microsoft Help Table of Contents File	application/xml
HXV	Microsoft Help Virtual Topic Definition File	application/xml
HXW	Microsoft Help Attribute Definition File	application/octet-stream
ICC	ICC Profile
ICL	Icon Library
ICM	ICC Profile
ICO	Icon	image/x-icon
ICS	iCalendar File	text/calendar
IMESX	IME Search provider definition
IMG	Disc Image File
INF	Setup Information
INFOPATHXML	Microsoft InfoPath Form	application/ms-infopath.xml
INI	Configuration Settings
IQY	Microsoft Excel Web Query File	text/x-ms-iqy
ISO	WinRAR archive
JAR	WinRAR archive
JFIF	JPEG Image	image/jpeg
JNT	Journal Document
JOB	Task Scheduler Task Object
JOD	Microsoft.Jet.OLEDB.4.0
JPE	JPEG Image	image/jpeg
JPEG	JPEG Image	image/jpeg
JPG	JPEG Image	image/jpeg
JS	JavaScript File
JSE	JScript Encoded File
JTP	Journal Template
JTX	XPS Document	application/x-jtx+xps
JXR	Windows Media Photo	image/vnd.ms-photo
LABEL	Property List
LACCDB	Microsoft Access Record-Locking Information
LDB	Microsoft Access Record-Locking Information
LEX	Dictionary File
LHA	WinRAR archive
LIBRARY-MS	Library Folder	application/windows-library+xml
LNK	Shortcut
LOG	Text Document
LZH	WinRAR archive
M1V	Movie Clip	video/mpeg
M2T	AVCHD Video	video/vnd.dlna.mpeg-tts
M2TS	AVCHD Video	video/vnd.dlna.mpeg-tts
M2V	Movie Clip	video/mpeg
M3U	M3U file	audio/x-mpegurl
M4A	MPEG-4 Audio	audio/mp4
M4V	MP4 Video	video/mp4
MAD	Microsoft Access Module Shortcut
MAF	Microsoft Access Form Shortcut
MAG	Microsoft Access Diagram Shortcut
MAM	Microsoft Access Macro Shortcut
MAPIMAIL	Mail Service
MAQ	Microsoft Access Query Shortcut
MAR	Microsoft Access Report Shortcut
MAS	Microsoft Access Stored Procedure Shortcut
MAT	Microsoft Access Table Shortcut
MAU	MAU File
MAV	Microsoft Access View Shortcut
MAW	Microsoft Access Data Access Page Shortcut
MDA	Microsoft Access Add-in	application/msaccess
MDB	Microsoft Access Database	application/msaccess
MDBHTML	Microsoft Access HTML Document
MDE	Microsoft Access MDE Database	application/msaccess
MDN	Microsoft Access Blank Database Template
MDT	Microsoft Access Add-in Data
MDW	Microsoft Access Workgroup Information
MHT	MHTML Document	message/rfc822
MHTML	MHTML Document	message/rfc822
MID	MIDI Sequence	audio/mid
MIDI	MIDI Sequence	audio/mid
MK3D	MK3D Video
MKA	MKA Audio	audio/x-matroska
MKV	MKV Video	video/x-matroska
MLC	Language Pack File_
MOD	Movie Clip	video/mpeg
MOV	QuickTime Movie	video/quicktime
MP2	MP3 Format Sound	audio/mpeg
MP2V	Movie Clip	video/mpeg
MP3	MP3 Format Sound	audio/mpeg
MP4	MP4 Video	video/mp4
MP4V	MP4 Video	video/mp4
MPA	Movie Clip	audio/mpeg
MPE	Movie Clip	video/mpeg
MPEG	Movie Clip	video/mpeg
MPG	Movie Clip	video/mpeg
MPV2	Movie Clip	video/mpeg
MSC	Microsoft Common Console Document
MSG	Outlook Item
MSI	Windows Installer Package
MS-ONE-STUB	Microsoft OneNote Stub
MSP	Windows Installer Patch
MSRCINCIDENT	Windows Remote Assistance Invitation
MSSTYLES	Windows Visual Style File
MSU	Microsoft Update Standalone Package
MTS	AVCHD Video	video/vnd.dlna.mpeg-tts
MYDOCS	MyDocs Drop Target
NFO	MSInfo Configuration File
NK2	Outlook Nickname File
OCX	ActiveX control
ODC	Microsoft Office Data Connection	text/x-ms-odc
ODCCUBEFILE	ODCCUBEFILE File
ODCDATABASEFILE	ODCDATABASEFILE File
ODCNEWFILE	ODCNEWFILE File
ODCTABLECOLLECTIONFILE	ODCTABLECOLLECTIONFILE File
ODCTABLEFILE	ODCTABLEFILE File
ODP	OpenDocument Presentation	application/vnd.oasis.opendocument.presentation
ODS	OpenDocument Spreadsheet	application/vnd.oasis.opendocument.spreadsheet
ODT	OpenDocument Text	application/vnd.oasis.opendocument.text
OFS	Outlook Form Regions
OFT	Outlook Item Template
OLS	Office List Shortcut	application/vnd.ms-publisher
ONE	Microsoft OneNote Section	application/msonenote
ONEPKG	Microsoft OneNote Single File Package	application/msonenote
ONETOC	Microsoft OneNote 2003 Table Of Contents
ONETOC2	Microsoft OneNote Table Of Contents
OPC	Microsoft Clean-up Wizard File
OQY	Microsoft Excel OLAP Query File
OSDX	OpenSearch Description File	application/opensearchdescription+xml
OST	Outlook Data File
OTF	OpenType Font file
OTM	Outlook VBA Project File
OXPS	XPS Document
P10	Certificate Request	application/pkcs10
P12	Personal Information Exchange	application/x-pkcs12
P7B	PKCS #7 Certificates	application/x-pkcs7-certificates
P7C	Digital ID File	application/pkcs7-mime
P7M	PKCS #7 MIME Message	application/pkcs7-mime
P7R	Certificate Request Response	application/x-pkcs7-certreqresp
P7S	PKCS #7 Signature	application/pkcs7-signature
PAB	Outlook Personal Address Book
PANO	PANO File	application/vnd.ms-pano
PARTIAL	Partial Download
PBK	Dial-Up Phonebook
PCB	PCB File
PERFMONCFG	Performance Monitor Configuration
PFM	Type 1 Font file
PFX	Personal Information Exchange	application/x-pkcs12
PIF	Shortcut to MS-DOS Program
PKO	Public Key Security Object	application/vnd.ms-pki.pko
PNF	Precompiled Setup Information
PNG	PNG Image	image/png
POT	Microsoft PowerPoint 97-2003 Template	application/vnd.ms-powerpoint
POTM	Microsoft PowerPoint Macro-Enabled Design Template	application/vnd.ms-powerpoint.template.macroEnabled.12
POTX	Microsoft PowerPoint Template	application/vnd.openxmlformats-officedocument.presentationml.template
POTHTML	Microsoft PowerPoint HTML Template
PPA	Microsoft PowerPoint 97-2003 Addin	application/vnd.ms-powerpoint
PPAM	Microsoft PowerPoint Addin	application/vnd.ms-powerpoint.addin.macroEnabled.12
PPKG	RunTime Provisioning Tool
PPS	Microsoft PowerPoint 97-2003 Slide Show	application/vnd.ms-powerpoint
PPSM	Microsoft PowerPoint Macro-Enabled Slide Show	application/vnd.ms-powerpoint.slideshow.macroEnabled.12
PPSX	Microsoft PowerPoint Slide Show	application/vnd.openxmlformats-officedocument.presentationml.slideshow
PPT	Microsoft PowerPoint 97-2003 Presentation	application/vnd.ms-powerpoint
PPTM	Microsoft PowerPoint Macro-Enabled Presentation	application/vnd.ms-powerpoint.presentation.macroEnabled.12
PPTMHTML	PPTMHTML File
PPTX	Microsoft PowerPoint Presentation	application/vnd.openxmlformats-officedocument.presentationml.presentation
PPTXML	Microsoft PowerPoint XML Presentation
PPTHTML	Microsoft PowerPoint HTML Document
PRF	PICS Rules File	application/pics-rules
PRINTEREXPORT	Printer Migration File
PS1	PS1 File
PS1XML	PS1XML File
PSC1	PSC1 File	application/PowerShell
PSD1	PSD1 File
PSM1	PSM1 File
PSSC	PSSC File
PST	Outlook Data File
PUB	Microsoft Publisher Document	application/vnd.ms-publisher
PUBHTML	PUBHTML File
PUBMHTML	PUBMHTML File
PWZ	Microsoft PowerPoint Wizard	application/vnd.ms-powerpoint
PX	Photodex Presenter Show
QDS	Directory Query
R00	WinRAR archive
R01	WinRAR archive
R02	WinRAR archive
R03	WinRAR archive
R04	WinRAR archive
R05	WinRAR archive
R06	WinRAR archive
R07	WinRAR archive
R08	WinRAR archive
R09	WinRAR archive
R10	WinRAR archive
R11	WinRAR archive
R12	WinRAR archive
R13	WinRAR archive
R14	WinRAR archive
R15	WinRAR archive
R16	WinRAR archive
R17	WinRAR archive
R18	WinRAR archive
R19	WinRAR archive
R20	WinRAR archive
R21	WinRAR archive
R22	WinRAR archive
R23	WinRAR archive
R24	WinRAR archive
R25	WinRAR archive
R26	WinRAR archive
R27	WinRAR archive
R28	WinRAR archive
R29	WinRAR archive
RAR	WinRAR archive
RAT	Rating System File	application/rat-file
RDP	Remote Desktop Connection
REG	Registration Entries
RELS	XML Document
RESMONCFG	Resource Monitor Configuration
REV	RAR recovery volume
RLE	RLE File
RLL	Application Extension
RMI	MIDI Sequence	audio/mid
RQY	Microsoft Excel OLE DB Query File	text/x-ms-rqy
RTF	Rich Text Format	application/msword
SCF	File Explorer Command
SCP	Text Document
SCR	Screen saver
SCT	Windows Script Component	text/scriptlet
SEARCHCONNECTOR-MS	Search Connector Folder	application/windows-search-connector+xml
SEARCH-MS	Saved Search
SETTINGCONTENT-MS	Setting Content
SFCACHE	ReadyBoost Cache File
SLDM	Microsoft PowerPoint Macro-Enabled Slide	application/vnd.ms-powerpoint.slide.macroEnabled.12
SLDX	Microsoft PowerPoint Slide	application/vnd.openxmlformats-officedocument.presentationml.slide
SLK	Microsoft Excel SLK Data Import Format	application/vnd.ms-excel
SND	AU Format Sound	audio/basic
SPARSEIMAGE	Mac Disk Image File
SPC	PKCS #7 Certificates	application/x-pkcs7-certificates
SPL	Shockwave Flash Object	application/futuresplash
SST	Microsoft Serialized Certificate Store	application/vnd.ms-pki.certstore
SVG	SVG Document	image/svg+xml
SWF	Shockwave Flash Object	application/x-shockwave-flash
SYMLINK	.symlink
SYS	System file
TAR	WinRAR archive
TAZ	WinRAR archive
TBZ	WinRAR archive
TBZ2	WinRAR archive
TGZ	WinRAR archive
TIF	TIF File	image/tiff
TIFF	TIFF File	image/tiff
TS	MPEG-2 TS Video	video/vnd.dlna.mpeg-tts
TTC	TrueType Collection Font file
TTF	TrueType Font file
TTS	MPEG-2 TS Video	video/vnd.dlna.mpeg-tts
TXT	Text Document	text/plain
TXZ	WinRAR archive
THEME	Windows Theme File
THEMEPACK	Windows Theme Pack
THMX	Microsoft Office Theme	application/vnd.ms-officetheme
UDL	Microsoft Data Link
URL	URL File
UU	WinRAR archive
UUE	WinRAR archive
UXDC	UXDC File
VBE	VBScript Encoded File
VBS	VBScript Script File
VCF	vCard File	text/x-vcard
VCS	vCalendar File
VDW	Microsoft Visio Document	application/vnd.ms-visio.viewer
VDX	Microsoft Visio Document	application/vnd.ms-visio.viewer
VHD	Disc Image File
VHDX	Disc Image File
VSD	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSDM	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSDX	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSS	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSSM	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSSX	Microsoft Visio Document	application/vnd.ms-visio.viewer
VST	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSTM	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSTO	VSTO Deployment Manifest	application/x-ms-vsto
VSTX	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSX	Microsoft Visio Document	application/vnd.ms-visio.viewer
VTX	Microsoft Visio Document	application/vnd.ms-visio.viewer
VXD	Virtual Device Driver
WAB	Address Book File
WAV	Wave Sound	audio/wav
WAX	Windows Media Audio shortcut	audio/x-ms-wax
WBK	Microsoft Word Backup Document	application/msword
WCX	Workspace Configuration File
WDP	Windows Media Photo	image/vnd.ms-photo
WEBPNP	Web Point And Print File
WEBSITE	Pinned Site Shortcut	application/x-mswebsite
WIZ	Microsoft Word Wizard	application/msword
WIZHTML	Microsoft Access HTML Template
WLL	WLL File
WM	Windows Media Audio/Video file	video/x-ms-wm
WMA	Windows Media Audio file	audio/x-ms-wma
WMD	Windows Media Player Download Package	application/x-ms-wmd
WMDB	Windows Media Library
WMF	WMF File	image/x-wmf
WMS	Windows Media Player Skin File
WMV	Windows Media Audio/Video file	video/x-ms-wmv
WMX	Windows Media Audio/Video playlist	video/x-ms-wmx
WMZ	Windows Media Player Skin Package	application/x-ms-wmz
WPL	Windows Media playlist	application/vnd.ms-wpl
WSC	Windows Script Component	text/scriptlet
WSF	Windows Script File
WSH	Windows Script Host Settings File
WTX	Text Document
WVX	Windows Media Audio/Video playlist	video/x-ms-wvx
XAML	Windows Markup File	application/xaml+xml
XBAP	XAML Browser Application	application/x-ms-xbap
XEVGENXML	XEVGENXML File
XHT	XHTML Document	application/xhtml+xml
XHTML	XHTML Document	application/xhtml+xml
XLA	Microsoft Excel Add-In	application/vnd.ms-excel
XLAM	Microsoft Excel Add-In	application/vnd.ms-excel.addin.macroEnabled.12
XLD	Microsoft Excel 5.0 DialogSheet	application/vnd.ms-excel
XLK	Microsoft Excel Backup File	application/vnd.ms-excel
XLL	Microsoft Excel XLL Add-In	application/vnd.ms-excel
XLM	Microsoft Excel 4.0 Macro	application/vnd.ms-excel
XLS	Microsoft Excel 97-2003 Worksheet	application/vnd.ms-excel
XLSB	Microsoft Excel Binary Worksheet	application/vnd.ms-excel.sheet.binary.macroEnabled.12
XLSHTML	Microsoft Excel HTML Document
XLSM	Microsoft Excel Macro-Enabled Worksheet	application/vnd.ms-excel.sheet.macroEnabled.12
XLSMHTML	XLSMHTML File
XLSX	Microsoft Excel Worksheet	application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
XLT	Microsoft Excel Template	application/vnd.ms-excel
XLTM	Microsoft Excel Macro-Enabled Template	application/vnd.ms-excel.template.macroEnabled.12
XLTX	Microsoft Excel Template	application/vnd.openxmlformats-officedocument.spreadsheetml.template
XLTHTML	Microsoft Excel HTML Template
XLW	Microsoft Excel Workspace	application/vnd.ms-excel
XLXML	Microsoft Excel XML Worksheet
XML	XML Document	text/xml
XPS	XPS Document	application/vnd.ms-xpsdocument
XRM-MS	XrML Digital License	text/xml
XSF	Microsoft InfoPath Form Definition File
XSL	XSL Stylesheet	text/xml
XSN	Microsoft InfoPath Form Template
XTP	Microsoft InfoPath Template Part File
XTP2	Microsoft InfoPath Template Part File
XXE	WinRAR archive
XZ	WinRAR archive
Z	WinRAR archive
ZFSENDTOTARGET	Compressed (zipped) Folder SendTo Target
ZIP	WinRAR ZIP archive

Windows Security


Operating System Properties:
	OS Name	Microsoft Windows 8.1 Professional
	OS Service Pack	-
	Winlogon Shell	explorer.exe
	User Account Control (UAC)	Enabled
	System Restore	Enabled

Data Execution Prevention (DEP, NX, EDB):
	Supported by Operating System	Yes
	Supported by CPU	Yes
	Active (To Protect Applications)	Yes
	Active (To Protect Drivers)	Yes

Windows Update


Update Description	Update Type	Inst. Date
(Automatic Update)	Download:Automatic, Install:Scheduled	Every Day 0:00
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition	Update	04/04/2015
Definition Update for Microsoft Office 2013 (KB2956172) 64-Bit Edition	Update	04/04/2015
Definition Update for Windows Defender - KB2267602 (Definition 1.195.1077.0)	Update	31/03/2015
Definition Update for Windows Defender - KB2267602 (Definition 1.195.1084.0)	Update	31/03/2015
Definition Update for Windows Defender - KB2267602 (Definition 1.195.1314.0)	Update	02/04/2015
Definition Update for Windows Defender - KB2267602 (Definition 1.195.1574.0)	Update	03/04/2015
Definition Update for Windows Defender - KB2267602 (Definition 1.195.1632.0)	Update	03/04/2015
Definition Update for Windows Defender - KB2267602 (Definition 1.195.2064.0)	Update	06/04/2015
Definition Update for Windows Defender - KB2267602 (Definition 1.195.2233.0)	Update	07/04/2015
Definition Update for Windows Defender - KB2267602 (Definition 1.195.2370.0)	Update	08/04/2015
Security Update for Microsoft Excel 2013 (KB2920753) 64-Bit Edition	Update	04/04/2015
Security Update for Microsoft Lync 2013 (KB2881013) 64-Bit Edition	Update	04/04/2015
Security Update for Microsoft Office 2013 (KB2768005) 64-Bit Edition	Update	04/04/2015
Security Update for Microsoft Office 2013 (KB2880463) 64-Bit Edition	Update	04/04/2015
Security Update for Microsoft Office 2013 (KB2910941) 64-Bit Edition	Update	04/04/2015
Security Update for Microsoft Office 2013 (KB2956151) 64-Bit Edition	Update	04/04/2015
Security Update for Microsoft Word 2013 (KB2956163) 64-Bit Edition	Update	04/04/2015
Security Update for Windows Technical Preview March Update for x64-based systems (KB3046049)	Update	04/04/2015
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Access 2013 (KB2956176) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Excel 2013 (KB2956145) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Lync 2013 (KB2956174) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2837654) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2880977) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2899522) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2920754) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2920769) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2956148) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2956154) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2956160) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2956167) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2956168) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2956169) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2956171) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Office 2013 (KB2956177) 64-Bit Edition	Update	04/04/2015
Update for Microsoft OneDrive for Business (KB2920746) 64-Bit Edition	Update	04/04/2015
Update for Microsoft OneNote 2013 (KB2956165) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Outlook 2013 (KB2956170) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Outlook Social Connector 2013 (KB2737996) 64-Bit Edition	Update	04/04/2015
Update for Microsoft PowerPoint 2013 (KB2965206) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Project 2013 (KB2956187) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Publisher 2013 (KB2883048) 64-Bit Edition	Update	04/04/2015
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition	Update	04/04/2015
Update for Microsoft Visual Studio 2010 Tools for Office Runtime (KB3001652)	Update	04/04/2015
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition	Update	04/04/2015
Update for Windows Technical Preview March Update for x64-based systems (KB3050653)	Update	04/04/2015
Vietnamese Language Interface Pack - Windows Technical Preview for x64-based Systems - (KB3049583) [vi-VN_LIP]	Update	31/03/2015
Windows Technical Preview March Update for x64-based systems (KB3050284)	Update	04/04/2015

Anti-Virus


Software Description	Software Version	Virus Database Date	Known Viruses
Windows Defender	4.8.10041.0(fbl_impressive.150313-1821)	08/04/2015	?

Firewall


Software Description	Software Version	Status
Windows Firewall	10.0.10041.0	Enabled

Regional


Time Zone:
	Current Time Zone	Giờ Chuẩn Đông Nam Á
	Current Time Zone Description
	Change To Standard Time
	Change To Daylight Saving Time

Language:
	Language Name (Native)	Tiếng Vi?t
	Language Name (English)	Vietnamese
	Language Name (ISO 639)	vi

Country/Region:
	Country Name (Native)	Vi?t Nam
	Country Name (English)	Vietnam
	Country Name (ISO 3166)	VN
	Country Code	84

Currency:
	Currency Name (Native)	Đồng
	Currency Name (English)	Vietnamese Dong
	Currency Symbol (Native)	₫
	Currency Symbol (ISO 4217)	VND
	Currency Format	123.456.789,00 ₫
	Negative Currency Format	-123.456.789,00 ₫

Formatting:
	Time Format	h:mm:ss tt
	Short Date Format	dd/MM/yyyy
	Long Date Format	dd MMMM yyyy
	Number Format	123.456.789,00
	Negative Number Format	-123.456.789,00
	List Format	first, second, third
	Native Digits	0123456789

Days of Week:
	Native Name for Monday	Thứ Hai / T2
	Native Name for Tuesday	Thứ Ba / T3
	Native Name for Wednesday	Thứ Tư / T4
	Native Name for Thursday	Thứ Năm / T5
	Native Name for Friday	Thứ Sáu / T6
	Native Name for Saturday	Thứ Bảy / T7
	Native Name for Sunday	Chủ Nhật / CN

Months:
	Native Name for January	Tháng Giêng / Thg1
	Native Name for February	Tháng Hai / Thg2
	Native Name for March	Tháng Ba / Thg3
	Native Name for April	Tháng Tư / Thg4
	Native Name for May	Tháng Năm / Thg5
	Native Name for June	Tháng Sáu / Thg6
	Native Name for July	Tháng Bảy / Thg7
	Native Name for August	Tháng Tám / Thg8
	Native Name for September	Tháng Chín / Thg9
	Native Name for October	Tháng Mười / Thg10
	Native Name for November	Tháng Mười Một / Thg11
	Native Name for December	Tháng Mười Hai / Thg12

Miscellaneous:
	Calendar Type	Gregorian (localized)
	Default Paper Size	A4
	Measurement System	Metric

Display Languages:
	LCID 0409h	Tie?ng Anh (My?)
	LCID 042Ah (Active)	Tie?ng Vie?t (Vie?t Nam)

Environment


		Variable	Value
		__COMPAT_LAYER	Installer
		ALLUSERSPROFILE	C:\ProgramData
		APPDATA	C:\Users\Quanravita\AppData\Roaming
		CommonProgramFiles(x86)	C:\Program Files (x86)\Common Files
		CommonProgramFiles	C:\Program Files (x86)\Common Files
		CommonProgramW6432	C:\Program Files\Common Files
		COMPUTERNAME	WIN-8FFL85VFQP9
		ComSpec	C:\Windows\system32\cmd.exe
		FPS_BROWSER_APP_PROFILE_STRING	Internet Explorer
		FPS_BROWSER_USER_PROFILE_STRING	Default
		HOMEDRIVE	C:
		HOMEPATH	\Users\Quanravita
		LOCALAPPDATA	C:\Users\Quanravita\AppData\Local
		LOGONSERVER	\\MicrosoftAccount
		NUMBER_OF_PROCESSORS	4
		OS	Windows_NT
		Path	C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
		PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
		PROCESSOR_ARCHITECTURE	x86
		PROCESSOR_ARCHITEW6432	AMD64
		PROCESSOR_IDENTIFIER	Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
		PROCESSOR_LEVEL	6
		PROCESSOR_REVISION	2a07
		ProgramData	C:\ProgramData
		ProgramFiles(x86)	C:\Program Files (x86)
		ProgramFiles	C:\Program Files (x86)
		ProgramW6432	C:\Program Files
		PSModulePath	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
		PUBLIC	C:\Users\Public
		SystemDrive	C:
		SystemRoot	C:\Windows
		TEMP	C:\Users\QUANRA~1\AppData\Local\Temp
		TMP	C:\Users\QUANRA~1\AppData\Local\Temp
		USERDOMAIN_ROAMINGPROFILE	WIN-8FFL85VFQP9
		USERDOMAIN	WIN-8FFL85VFQP9
		USERNAME	Quanravita
		USERPROFILE	C:\Users\Quanravita
		windir	C:\Windows

Control Panel


		Name	Comment
		Flash Player	Manage Flash Player Settings

Recycle Bin


Drive	Items Size	Items Count	Space %	Recycle Bin
C:	0	0	?	?
E:	0	0	?	?

System Files


	[ system.ini ]

		; for 16-bit app support
		[386Enh]
		woafont=dosapp.fon
		EGA80WOA.FON=EGA80WOA.FON
		EGA40WOA.FON=EGA40WOA.FON
		CGA80WOA.FON=CGA80WOA.FON
		CGA40WOA.FON=CGA40WOA.FON

		[drivers]
		wave=mmdrv.dll
		timer=timer.drv

		[mci]

	[ win.ini ]

		; for 16-bit app support
		[fonts]
		[extensions]
		[mci extensions]
		[files]
		[Mail]
		MAPI=1
		CMCDLLNAME32=mapi32.dll
		CMC=1
		MAPIX=1
		MAPIXVER=1.0.0.1
		OLEMessaging=1

	[ hosts ]



	[ lmhosts.sam ]

System Folders


		System Folder	Path
		Administrative Tools	C:\Users\Quanravita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
		AppData	C:\Users\Quanravita\AppData\Roaming
		Cache	C:\Users\Quanravita\AppData\Local\Microsoft\Windows\INetCache
		CD Burning	C:\Users\Quanravita\AppData\Local\Microsoft\Windows\Burn\Burn
		Common Administrative Tools	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
		Common AppData	C:\ProgramData
		Common Desktop	C:\Users\Public\Desktop
		Common Documents	C:\Users\Public\Documents
		Common Favorites	C:\Users\Quanravita\Favorites
		Common Files (x86)	C:\Program Files (x86)\Common Files
		Common Files	C:\Program Files (x86)\Common Files
		Common Music	C:\Users\Public\Music
		Common Pictures	C:\Users\Public\Pictures
		Common Programs	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
		Common Start Menu	C:\ProgramData\Microsoft\Windows\Start Menu
		Common Startup	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
		Common Templates	C:\ProgramData\Microsoft\Windows\Templates
		Common Video	C:\Users\Public\Videos
		Cookies	C:\Users\Quanravita\AppData\Local\Microsoft\Windows\INetCookies
		Desktop	C:\Users\Quanravita\Desktop
		Device	C:\Windows\inf
		Favorites	C:\Users\Quanravita\Favorites
		Fonts	C:\Windows\Fonts
		History	C:\Users\Quanravita\AppData\Local\Microsoft\Windows\History
		Local AppData	C:\Users\Quanravita\AppData\Local
		My Documents	C:\Users\Quanravita\Documents
		My Music	C:\Users\Quanravita\Music
		My Pictures	C:\Users\Quanravita\Pictures
		My Video	C:\Users\Quanravita\Videos
		NetHood	C:\Users\Quanravita\AppData\Roaming\Microsoft\Windows\Network Shortcuts
		PrintHood	C:\Users\Quanravita\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
		Profile	C:\Users\Quanravita
		Program Files (x86)	C:\Program Files (x86)
		Program Files	C:\Program Files (x86)
		Programs	C:\Users\Quanravita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
		Recent	C:\Users\Quanravita\AppData\Roaming\Microsoft\Windows\Recent
		Resources	C:\Windows\resources
		SendTo	C:\Users\Quanravita\AppData\Roaming\Microsoft\Windows\SendTo
		Start Menu	C:\Users\Quanravita\AppData\Roaming\Microsoft\Windows\Start Menu
		Startup	C:\Users\Quanravita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
		System (x86)	C:\Windows\SysWOW64
		System	C:\Windows\system32
		Temp	C:\Users\QUANRA~1\AppData\Local\Temp\
		Templates	C:\Users\Quanravita\AppData\Roaming\Microsoft\Windows\Templates
		Windows	C:\Windows

Event Logs


Log Name	Event Type	Category	Generated On	User	Source	Description
Application	Error	100	2015-04-02 07:01:56		Application Error	1000: Faulting application name: wmplayer.exe, version: 12.0.10041.0, time stamp: 0x5503ab1a Faulting module name: combase.dll, version: 10.0.10041.0, time stamp: 0x5503ada7 Exception code: 0xc0000005 Fault offset: 0x00040d58 Faulting process id: 0x208 Faulting application start time: 0x01d06c87e36db9e0 Faulting application path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Faulting module path: C:\Windows\SYSTEM32\combase.dll Report Id: 7968f5fd-d8cb-11e4-b62d-74d02b454fd6 Faulting package full name: Faulting package-relative application ID:
Application	Warning	None	2015-04-02 08:19:00		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Application	Warning	None	2015-04-02 10:19:01		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Application	Warning	None	2015-04-02 12:19:02		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Application	Warning	None	2015-04-02 14:19:03		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Application	Error	1	2015-04-02 14:26:41		ESENT	490: SettingSyncHost (2680) {6A720D79-6DFE-45D3-969C-1E23846B446C}: An attempt to open the file "C:\Users\Quanravita\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-04-02 14:26:41		ESENT	455: SettingSyncHost (2680) {6A720D79-6DFE-45D3-969C-1E23846B446C}: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Quanravita\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log.
Application	Warning	None	2015-04-02 16:19:04		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Application	Error	1	2015-04-02 17:04:55		ESENT	489: SettingSyncHost (2680) {C488E449-B76C-47B8-A3BA-ABF92F76D25B}: An attempt to open the file "C:\Users\Quanravita\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-04-02 17:04:56		ESENT	455: SettingSyncHost (2680) {C488E449-B76C-47B8-A3BA-ABF92F76D25B}: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Quanravita\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log.
Application	Error	1	2015-04-02 17:05:10		ESENT	489: SettingSyncHost (2680) {C488E449-B76C-47B8-A3BA-ABF92F76D25B}: An attempt to open the file "C:\Users\Quanravita\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-04-02 17:05:10		ESENT	455: SettingSyncHost (2680) {C488E449-B76C-47B8-A3BA-ABF92F76D25B}: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Quanravita\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log.
Application	Warning	None	2015-04-02 18:58:01		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	3	2015-04-02 18:58:25		Windows Search Service	3036: Crawl could not be completed on content source <winrt://{S-1-5-21-2416274865-2761320319-549713895-1001}/>. Context: Application, SystemIndex Catalog Details: The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)
Application	Warning	None	2015-04-02 20:58:04		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Application	Warning	None	2015-04-03 05:58:49		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-03 05:58:53		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-03 06:22:47		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-03 08:22:48		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Application	Warning	None	2015-04-03 10:22:48		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Application	Error	5973	2015-04-03 12:02:45	Quanravita	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Warning	None	2015-04-03 12:45:23		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-03 19:06:57		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	3	2015-04-03 19:08:32		Windows Search Service	3036: Crawl could not be completed on content source <winrt://{S-1-5-21-2416274865-2761320319-549713895-1001}/>. Context: Application, SystemIndex Catalog Details: The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)
Application	Warning	None	2015-04-03 21:06:56		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Application	Error	None	2015-04-03 21:28:48		Microsoft-Windows-CAPI2	513: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. .
Application	Error	None	2015-04-04 06:11:59		System Restore	8193: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).
Application	Warning	None	2015-04-04 06:12:09		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007267C AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Application	Warning	None	2015-04-04 06:12:32		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-04 06:12:37		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Error	None	2015-04-04 06:12:39		Microsoft-Windows-CAPI2	513: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. .
Application	Warning	None	2015-04-04 06:17:03	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe' (pid 4548) cannot be restarted - 1.
Application	Warning	None	2015-04-04 06:17:03	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe' (pid 4548) cannot be restarted - 1.
Application	Warning	None	2015-04-04 06:17:09	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'C:\Windows\explorer.exe' (pid 2724) cannot be restarted - 1.
Application	Warning	None	2015-04-04 06:17:09	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'C:\Windows\System32\SnippingTool.exe' (pid 6136) cannot be restarted - 1.
Application	Warning	None	2015-04-04 06:17:09	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'C:\Windows\explorer.exe' (pid 2724) cannot be restarted - 1.
Application	Warning	None	2015-04-04 06:17:09	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'C:\Windows\System32\SnippingTool.exe' (pid 6136) cannot be restarted - 1.
Application	Warning	None	2015-04-04 17:11:30	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'C:\Windows\explorer.exe' (pid 2724) cannot be restarted - 1.
Application	Warning	None	2015-04-04 17:11:30	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'C:\Windows\System32\SettingSyncHost.exe' (pid 2680) cannot be restarted - 1.
Application	Warning	None	2015-04-04 17:11:30	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'C:\Windows\WinStore\WSHost.exe' (pid 4252) cannot be restarted - 1.
Application	Warning	None	2015-04-04 17:11:30	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'C:\Windows\System32\InstallAgent.exe' (pid 2152) cannot be restarted - 1.
Application	Warning	None	2015-04-04 17:11:30	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\searchui.exe' (pid 3272) cannot be restarted - 1.
Application	Warning	None	2015-04-04 17:11:30	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'C:\Windows\System32\wbem\WmiPrvSE.exe' (pid 6820) cannot be restarted - 1.
Application	Warning	None	2015-04-04 17:11:37		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Error	1	2015-04-04 17:11:44		ESENT	490: SettingSyncHost (2680) {34FC7967-448E-414F-B16D-9E2C5CF11AB2}: An attempt to open the file "C:\Users\Quanravita\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-04-04 17:11:44		ESENT	455: SettingSyncHost (2680) {34FC7967-448E-414F-B16D-9E2C5CF11AB2}: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Quanravita\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log.
Application	Warning	None	2015-04-04 17:16:03	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'C:\Windows\System32\dwm.exe' (pid 960) cannot be restarted - 1.
Application	Warning	None	2015-04-05 05:54:36		Wlclntfy	6004: The winlogon notification subscriber <TrustedInstaller> failed a critical notification event.
Application	Warning	None	2015-04-05 05:54:47		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Application	Error	101	2015-04-05 05:58:58		Application Hang	1002: The program searchui.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: db4 Start Time: 01d06f2a981f98c6 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\searchui.exe Report Id: dedfbd78-db1d-11e4-b62f-74d02b454fd6 Faulting package full name: Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe Faulting package-relative application ID: CortanaUI
Application	Error	100	2015-04-05 06:06:43		Application Error	1000: Faulting application name: TRANSMAC.EXE, version: 11.2.0.0, time stamp: 0x548efdec Faulting module name: TRANSMAC.EXE, version: 11.2.0.0, time stamp: 0x548efdec Exception code: 0xc0000005 Fault offset: 0x002c4741 Faulting process id: 0x1514 Faulting application start time: 0x01d06f2c03cda05a Faulting application path: C:\Program Files (x86)\TransMac\TRANSMAC.EXE Faulting module path: C:\Program Files (x86)\TransMac\TRANSMAC.EXE Report Id: 41eac29f-db1f-11e4-b62f-74d02b454fd6 Faulting package full name: Faulting package-relative application ID:
Application	Error	100	2015-04-05 06:06:57		Application Error	1000: Faulting application name: transmac.exe, version: 11.2.0.0, time stamp: 0x548efdec Faulting module name: transmac.exe, version: 11.2.0.0, time stamp: 0x548efdec Exception code: 0xc0000005 Fault offset: 0x002c4741 Faulting process id: 0xddc Faulting application start time: 0x01d06f2bfba4fa60 Faulting application path: C:\Program Files (x86)\TransMac\transmac.exe Faulting module path: C:\Program Files (x86)\TransMac\transmac.exe Report Id: 4a27d632-db1f-11e4-b62f-74d02b454fd6 Faulting package full name: Faulting package-relative application ID:
Application	Error	100	2015-04-05 06:07:04		Application Error	1000: Faulting application name: TransMac.exe, version: 11.2.0.0, time stamp: 0x548efdec Faulting module name: TransMac.exe, version: 11.2.0.0, time stamp: 0x548efdec Exception code: 0xc0000005 Fault offset: 0x002c4741 Faulting process id: 0x8 Faulting application start time: 0x01d06f2c0e6b3486 Faulting application path: C:\Program Files (x86)\TransMac\TransMac.exe Faulting module path: C:\Program Files (x86)\TransMac\TransMac.exe Report Id: 4e47eecd-db1f-11e4-b62f-74d02b454fd6 Faulting package full name: Faulting package-relative application ID:
Application	Warning	None	2015-04-05 06:25:03		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=UserLogon(1)
Application	Error	1	2015-04-05 06:25:07		ESENT	490: SettingSyncHost (3976) {84A153E7-BABC-489A-A4CB-B2DC6C190DE2}: An attempt to open the file "C:\Users\Quanravita\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-04-05 06:25:07		ESENT	455: SettingSyncHost (3976) {84A153E7-BABC-489A-A4CB-B2DC6C190DE2}: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Quanravita\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log.
Application	Warning	None	2015-04-05 06:25:07		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Error	5973	2015-04-05 12:30:37	Quanravita	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.WindowsDefaultLockScreen_8wekyb3d8bbwe!LockApp failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Warning	None	2015-04-05 12:30:45		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-05 12:30:49		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Error	1	2015-04-05 12:30:50		ESENT	489: SettingSyncHost (3976) {710C1297-0FC6-476E-8AED-9EE42C8AA939}: An attempt to open the file "C:\Users\Quanravita\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-04-05 12:30:50		ESENT	455: SettingSyncHost (3976) {710C1297-0FC6-476E-8AED-9EE42C8AA939}: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Quanravita\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log.
Application	Error	1	2015-04-05 12:31:00		ESENT	489: SettingSyncHost (3976) {710C1297-0FC6-476E-8AED-9EE42C8AA939}: An attempt to open the file "C:\Users\Quanravita\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-04-05 12:31:00		ESENT	455: SettingSyncHost (3976) {710C1297-0FC6-476E-8AED-9EE42C8AA939}: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Quanravita\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log.
Application	Warning	None	2015-04-05 12:31:47		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-05 12:31:54		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	3	2015-04-05 12:32:03		Windows Search Service	3036: Crawl could not be completed on content source <winrt://{S-1-5-21-2416274865-2761320319-549713895-1001}/>. Context: Application, SystemIndex Catalog Details: The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)
Application	Warning	None	2015-04-05 12:32:18		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-05 12:32:35		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-05 12:32:40		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-05 12:35:08		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-05 12:35:13		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-05 14:35:15		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007267C AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Application	Warning	None	2015-04-05 18:08:09		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007267C AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Application	Warning	None	2015-04-05 18:08:41		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-05 18:08:47		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-05 20:09:00		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x800705B4 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Application	Error	5973	2015-04-06 05:57:20	Quanravita	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.WindowsDefaultLockScreen_8wekyb3d8bbwe!LockApp failed with error: -2147023496 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Warning	None	2015-04-06 05:57:26		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-06 05:57:33		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-06 11:40:37		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-06 11:40:41		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Error	100	2015-04-06 12:23:19		Application Error	1000: Faulting application name: Microsoft.Photos.exe, version: 15.307.21020.0, time stamp: 0x54fbf3d3 Faulting module name: PhotosApp.Windows.dll, version: 15.307.21020.0, time stamp: 0x54fbe1c8 Exception code: 0xc0000005 Fault offset: 0x0000000000294b5f Faulting process id: 0x10c0 Faulting application start time: 0x01d07029c9a2e06c Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.307.21020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe Faulting module path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.307.21020.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll Report Id: 086ec543-dc1d-11e4-b62f-74d02b454fd6 Faulting package full name: Microsoft.Windows.Photos_15.307.21020.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App
Application	Warning	None	2015-04-06 19:23:05		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-06 21:23:05		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Application	Error	5973	2015-04-07 06:07:52	Quanravita	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.WindowsDefaultLockScreen_8wekyb3d8bbwe!LockApp failed with error: -2147023496 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Warning	None	2015-04-07 06:08:00		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 07:13:52		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 07:13:57		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 07:26:07		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 07:26:12		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 10:07:11		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 10:36:20		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007232B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 12:36:19		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007267C AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Application	Warning	None	2015-04-07 13:23:24		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 13:23:29		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 13:23:51		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 13:23:57		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 15:06:41		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 15:06:45		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 15:08:17		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 15:08:21		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 15:10:10		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 15:10:13		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 15:11:39		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 15:11:43		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-07 21:10:53		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Error	5973	2015-04-08 20:42:17	Quanravita	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.WindowsDefaultLockScreen_8wekyb3d8bbwe!LockApp failed with error: -2147023496 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Warning	None	2015-04-08 20:42:26		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
Application	Warning	None	2015-04-09 06:27:14		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Security	Audit Success	12544	2015-04-02 06:44:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 06:44:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-02 07:01:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 07:01:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-02 07:17:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 07:17:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-02 07:18:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 07:18:06		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-02 07:26:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 07:26:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-02 07:26:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 07:26:47		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-02 07:32:08		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 07:32:08		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-02 07:49:33		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 07:49:33		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-02 08:02:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 08:02:06		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-02 08:19:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 08:19:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-02 08:19:33		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	13824	2015-04-02 08:27:48		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x65da4 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0x1628 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Success	12544	2015-04-02 10:19:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 10:19:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-02 10:19:32		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-02 11:03:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 11:03:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-02 11:18:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 11:18:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-02 11:23:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x65da4 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xbc4 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Success	12544	2015-04-02 12:19:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 12:19:32		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-02 12:19:33		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-02 14:19:33		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 14:19:33		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-02 14:19:36		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-02 16:19:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 16:19:34		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-02 16:19:38		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-02 17:03:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 17:03:47		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12290	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 17:05:13		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12290	2015-04-02 18:57:58		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {3CD8D937-6E43-464E-B5BB-8559AB91DED8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 18:57:58		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {3CD8D937-6E43-464E-B5BB-8559AB91DED8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\f03ae3e3fa4d5d9607a57d839ec76c16_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-02 18:58:06		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-02 18:58:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x40211d9 Linked Logon ID: 0x4021241 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-02 18:58:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x4021241 Linked Logon ID: 0x40211d9 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-02 18:58:06		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-02 18:58:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x4021996 Linked Logon ID: 0x4021a13 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-02 18:58:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x4021a13 Linked Logon ID: 0x4021996 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-02 18:58:06		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x4021a13 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-02 18:58:06		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x4021996 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-02 18:58:06		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x40211d9 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-02 18:58:06		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x4021996 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-02 18:58:06		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-04-02 18:58:06		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-04-02 18:58:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 18:58:32		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-02 18:58:44		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-02 19:38:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 19:38:47		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-02 20:58:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-02 20:58:34		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-02 20:58:41		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12290	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-02 21:01:35		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-03 05:59:17		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-03 05:59:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x471cce8 Linked Logon ID: 0x471cd3f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-03 05:59:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x471cd3f Linked Logon ID: 0x471cce8 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-03 05:59:17		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-03 05:59:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x471d074 Linked Logon ID: 0x471d0c6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-03 05:59:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x471d0c6 Linked Logon ID: 0x471d074 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-03 05:59:17		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x471d0c6 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-03 05:59:17		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x471d074 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-03 05:59:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x471cce8 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-03 05:59:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x471d074 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-03 05:59:17		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-04-03 05:59:17		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Failure	12290	2015-04-03 05:59:24		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-03 05:59:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 05:59:24		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12290	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 06:22:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-03 06:22:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 06:22:39		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-03 06:22:49		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-03 06:22:49		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x4943fe5 Linked Logon ID: 0x4944037 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-03 06:22:49		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x4944037 Linked Logon ID: 0x4943fe5 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-03 06:22:49		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-03 06:22:49		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x494465e Linked Logon ID: 0x4944744 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-03 06:22:49		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x4944744 Linked Logon ID: 0x494465e Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-03 06:22:49		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x4944744 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-03 06:22:49		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x494465e Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-03 06:22:49		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x4943fe5 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-03 06:22:49		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x494465e Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-03 06:22:49		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-04-03 06:22:49		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-04-03 06:23:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 06:23:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-03 06:23:18		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-03 06:33:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 06:33:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-03 06:33:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 06:33:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-03 08:02:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 08:02:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-03 08:23:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 08:23:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-03 08:23:25		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-03 10:23:19		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 10:23:19		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-03 10:23:26		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	13824	2015-04-03 12:04:07		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x65da4 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0x11c4 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Success	12290	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 12:15:05		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-03 12:45:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 12:45:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-03 12:46:02		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-03 12:50:14		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-03 12:50:14		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x5219048 Linked Logon ID: 0x521909f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-03 12:50:14		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x521909f Linked Logon ID: 0x5219048 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-03 12:50:14		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-03 12:50:14		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x52196c6 Linked Logon ID: 0x5219737 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-03 12:50:14		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x5219737 Linked Logon ID: 0x52196c6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 12:50:14		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x5219048 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-03 12:50:14		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x52196c6 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-03 12:50:14		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-04-03 12:50:14		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12545	2015-04-03 12:50:15		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x5219737 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-03 12:50:15		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x52196c6 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12290	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-03 13:49:44		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-03 19:06:54		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-03 19:06:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x561e048 Linked Logon ID: 0x561e09a Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-03 19:06:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x561e09a Linked Logon ID: 0x561e048 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-03 19:06:54		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-03 19:06:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x561e6ec Linked Logon ID: 0x561e747 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-03 19:06:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x561e747 Linked Logon ID: 0x561e6ec Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-03 19:06:54		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x561e747 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-03 19:06:54		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x561e6ec Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-03 19:06:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x561e048 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-03 19:06:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x561e6ec Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-03 19:06:54		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-04-03 19:06:54		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-04-03 19:07:27		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 19:07:27		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-03 19:07:28		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-03 19:09:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 19:09:47		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-03 19:34:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 19:34:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-03 19:42:42		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 19:42:42		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-03 19:49:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 19:49:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-03 19:50:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 19:50:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-03 21:07:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 21:07:26		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-03 21:07:27		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-03 21:28:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 21:28:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-03 21:28:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-03 21:28:38		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-04-03 21:28:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:41		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:41		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:41		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:41		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:41		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:41		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:41		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:41		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:41		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:41		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:41		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:41		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:41		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:41		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:42		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:42		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:49		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:49		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-03 21:28:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	12290	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:12:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-04 06:12:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 06:12:06		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-04 06:12:16		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-04 06:12:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x65b3f5f Linked Logon ID: 0x65b3fb1 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-04 06:12:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x65b3fb1 Linked Logon ID: 0x65b3f5f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-04 06:12:16		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-04 06:12:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x65b458e Linked Logon ID: 0x65b4602 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-04 06:12:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x65b4602 Linked Logon ID: 0x65b458e Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-04 06:12:16		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x65b4602 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-04 06:12:16		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x65b458e Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-04 06:12:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x65b3f5f Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-04 06:12:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x65b458e Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-04 06:12:16		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-04-04 06:12:16		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-04-04 06:12:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 06:12:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-04-04 06:12:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:39		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:39		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 06:12:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13568	2015-04-04 06:13:01		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x6616ce0
Security	Audit Success	13568	2015-04-04 06:13:02		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xfac Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x6616ce0
Security	Audit Success	12544	2015-04-04 06:13:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 06:13:09		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-04 06:13:10		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-04 06:14:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 06:14:21		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-04-04 06:14:22		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x5c4 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2015-04-04 06:14:22		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x5c4 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	12544	2015-04-04 06:17:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 06:17:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-04 06:19:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 06:19:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-04-04 06:19:17		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xdcc Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2015-04-04 06:19:17		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xdcc Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	12544	2015-04-04 06:22:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 06:22:06		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-04 06:22:42		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 06:22:42		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-04-04 06:22:42		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1120 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2015-04-04 06:22:42		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1120 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	12544	2015-04-04 06:23:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 06:23:13		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-04-04 06:23:14		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfd4 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2015-04-04 06:23:14		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfd4 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	12290	2015-04-04 06:23:19		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:23:19		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12290	2015-04-04 06:23:20		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-04 06:23:20		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-04 06:23:20		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-04 06:23:20		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-04 06:23:20		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-04 06:23:20		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-04 06:23:20		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-04 06:23:20		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:23:20		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:23:20		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:23:20		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:23:20		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:23:20		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:23:20		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:23:20		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-04 06:23:20		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-04 17:10:46		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-04 17:10:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x6947acc Linked Logon ID: 0x6947b26 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-04 17:10:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x6947b26 Linked Logon ID: 0x6947acc Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x168 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-04 17:10:46		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-04 17:10:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x6947ce3 Linked Logon ID: 0x6947d38 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-04 17:10:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x6947d38 Linked Logon ID: 0x6947ce3 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-04 17:10:46		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x6947d38 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-04 17:10:46		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x6947ce3 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-04 17:10:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x6947acc Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-04 17:10:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x6947ce3 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-04 17:10:46		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-04-04 17:10:46		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-04-04 17:11:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 17:11:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-04-04 17:11:30		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x4cc Process Information: Process ID: 0x11e0 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-04 17:11:30		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x438 Process Information: Process ID: 0x11e0 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-04 17:11:30		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x440 Process Information: Process ID: 0x11e0 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-04 17:11:30		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x41c Process Information: Process ID: 0x11e0 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	12544	2015-04-04 17:12:08		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 17:12:08		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-04 17:12:42		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	13568	2015-04-04 17:13:03		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x468 Process Information: Process ID: 0x11e0 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-04 17:13:03		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x590 Process Information: Process ID: 0x11e0 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-04 17:13:03		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x5b4 Process Information: Process ID: 0x11e0 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-04 17:13:03		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x4e4 Process Information: Process ID: 0x11e0 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-04 17:13:03		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CredProvDataModel.dll Handle ID: 0x440 Process Information: Process ID: 0x11e0 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-04-04 17:13:03		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CredProvDataModel.dll Handle ID: 0x44c Process Information: Process ID: 0x11e0 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	12544	2015-04-04 17:15:28		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 17:15:28		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-04-04 17:15:28		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xb9c Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2015-04-04 17:15:28		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xb9c Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	12544	2015-04-04 17:15:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 17:15:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-04-04 17:16:03		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x634 Process Information: Process ID: 0x564 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-04 17:16:03		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x66c Process Information: Process ID: 0x564 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-04 17:16:03		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x628 Process Information: Process ID: 0x564 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-04 17:16:03		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x628 Process Information: Process ID: 0x564 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	12544	2015-04-04 17:21:49		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 17:21:49		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-04-04 17:21:50		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x19dc Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2015-04-04 17:21:50		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x19dc Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	12544	2015-04-04 17:23:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-04 17:23:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 17:23:09		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-04 17:23:09		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-04-04 17:23:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x11a0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 17:23:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x11a0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 17:23:10		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x11a0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 17:23:10		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x11a0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 17:23:10		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x11a0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 17:23:10		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x11a0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 17:23:10		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x11a0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-04 17:23:10		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x11a0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	12544	2015-04-04 17:24:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 17:24:21		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-04-04 17:24:21		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x5f8 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2015-04-04 17:24:21		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x5f8 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	12544	2015-04-04 17:25:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 17:25:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-04 17:26:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 17:26:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-04 17:41:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-04 17:41:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13312	2015-04-05 05:53:35		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x15c New Process Name: ??????????????-??6?4???????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ???????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-04-05 05:53:35		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x168 New Process Name: ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x15c Creator Process Name: ????????????????????4 Process Command Line: ??????????????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-04-05 05:53:45		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1f0 New Process Name: ??????????????-??6??c??????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x15c Creator Process Name: ????????????????????4 Process Command Line: ??????????????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-04-05 05:53:45		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1fc New Process Name: ??????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1f0 Creator Process Name: ????????????????????4? Process Command Line: ??????????????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-04-05 05:53:50		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x244 New Process Name: ??????????????-??6??c??????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x15c Creator Process Name: ????????????????????4 Process Command Line: ??????????????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-04-05 05:53:50		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x24c New Process Name: ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1f0 Creator Process Name: ????????????????????4 Process Command Line: ??????????????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-04-05 05:53:50		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x254 New Process Name: ??????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x244 Creator Process Name: ????????????????????4? Process Command Line: ??????????????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-04-05 05:53:50		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x298 New Process Name: ????????????????-??6??4??????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x244 Creator Process Name: ????????????????????4 Process Command Line: ??????????????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	12288	2015-04-05 05:53:55		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2015-04-05 05:53:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	13312	2015-04-05 05:53:55		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2cc New Process Name: ????????????????-??6??c??????????????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x24c Creator Process Name: ???????????????e?????? Process Command Line: ??????????????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-04-05 05:53:55		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2d4 New Process Name: ??????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x24c Creator Process Name: ???????????????e?????? Process Command Line: ??????????????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13568	2015-04-05 05:53:55		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x77ff
Security	Audit Success	12544	2015-04-05 05:54:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 05:54:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 05:54:02		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x298 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-05 05:54:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0xd2b6 Linked Logon ID: 0xd2f3 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x298 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 05:54:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0xd2f3 Linked Logon ID: 0xd2b6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x298 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 05:54:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 05:54:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 05:54:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 05:54:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 05:54:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 05:54:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0xd2b6 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 05:54:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0xd2f3 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12548	2015-04-05 05:54:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 05:54:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 05:54:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-05 05:54:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 05:54:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	101	2015-04-05 05:54:05		Microsoft-Windows-Eventlog	1101: Audit events have been dropped by the transport. 0
Security	Audit Success	12544	2015-04-05 05:54:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 05:54:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12292	2015-04-05 05:54:06		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12544	2015-04-05 05:54:08		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 05:54:08		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-04-05 05:54:08		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x510 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-05 05:54:08		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x510 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2015-04-05 05:54:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 05:54:10		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-05 05:54:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1b424 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	13826	2015-04-05 05:54:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x188 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-05 05:54:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x188 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12292	2015-04-05 05:54:14		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	13568	2015-04-05 05:54:29		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x51c Process Information: Process ID: 0x4e8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-05 05:54:29		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x538 Process Information: Process ID: 0x4e8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-05 05:54:29		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x3b4 Process Information: Process ID: 0x4e8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-05 05:54:29		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x51c Process Information: Process ID: 0x4e8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_8c8ae1dd7fc64021\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	12544	2015-04-05 05:54:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 05:54:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 05:54:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 05:54:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-04-05 05:54:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xac4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-05 05:54:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xac4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-05 05:54:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xac4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-05 05:54:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xac4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-05 05:54:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xac4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-05 05:54:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xac4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-05 05:54:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xac4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-05 05:54:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xac4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-05 05:54:42		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x188 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-05 05:54:42		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x188 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13568	2015-04-05 05:54:48		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x38 Process Information: Process ID: 0xa70 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-05 05:54:48		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x38 Process Information: Process ID: 0xa70 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-05 05:54:48		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xa70 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-05 05:54:48		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xa70 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-05 05:54:48		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\schannel.dll Handle ID: 0x30 Process Information: Process ID: 0xa70 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-04-05 05:54:48		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\schannel.dll Handle ID: 0x48 Process Information: Process ID: 0xa70 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-04-05 05:54:49		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x48 Process Information: Process ID: 0xa70 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-05 05:54:49		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xa70 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-05 05:54:49		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xa70 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-05 05:54:49		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x48 Process Information: Process ID: 0xa70 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-04-05 05:54:49		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dwmcore.dll Handle ID: 0x48 Process Information: Process ID: 0xa70 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-04-05 05:54:49		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BioCredProv.dll Handle ID: 0x48 Process Information: Process ID: 0xa70 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-04-05 05:54:49		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dwmcore.dll Handle ID: 0x48 Process Information: Process ID: 0xa70 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-04-05 05:54:49		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BioCredProv.dll Handle ID: 0x48 Process Information: Process ID: 0xa70 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	103	2015-04-05 05:54:57		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	13312	2015-04-05 05:55:15		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x160 New Process Name: ??????????????-??6?4???????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ???????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-04-05 05:55:15		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x16c New Process Name: ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x160 Creator Process Name: ????????????????????4 Process Command Line: ??????????????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-04-05 05:55:19		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1ac New Process Name: ??????????????-??6??0??????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x160 Creator Process Name: ????????????????????4 Process Command Line: ??????????????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-04-05 05:55:23		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x200 New Process Name: ??????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1ac Creator Process Name: ????????????????????4? Process Command Line: ??????????????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-04-05 05:55:23		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x244 New Process Name: ??????????????-??6??0??????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x160 Creator Process Name: ????????????????????4 Process Command Line: ??????????????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-04-05 05:55:23		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x24c New Process Name: ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1ac Creator Process Name: ????????????????????4 Process Command Line: ??????????????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-04-05 05:55:23		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x258 New Process Name: ??????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x244 Creator Process Name: ????????????????????4? Process Command Line: ??????????????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-04-05 05:55:23		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2a8 New Process Name: ????????????????-??6??4??????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x244 Creator Process Name: ????????????????????4 Process Command Line: ??????????????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	12288	2015-04-05 05:55:24		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2015-04-05 05:55:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	13312	2015-04-05 05:55:24		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2dc New Process Name: ????????????????-??6??c??????????????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x24c Creator Process Name: ???????????????e?????? Process Command Line: ??????????????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-04-05 05:55:24		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2e4 New Process Name: ??????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x24c Creator Process Name: ???????????????e?????? Process Command Line: ??????????????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13568	2015-04-05 05:55:24		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x7529
Security	Audit Success	12544	2015-04-05 05:55:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 05:55:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 05:55:25		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-05 05:55:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0xcf2f Linked Logon ID: 0xcf45 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 05:55:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0xcf45 Linked Logon ID: 0xcf2f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 05:55:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 05:55:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 05:55:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 05:55:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0xcf2f Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 05:55:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0xcf45 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12548	2015-04-05 05:55:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-05 05:55:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 05:55:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 05:55:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 05:55:26		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 05:55:26		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 05:55:26		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-05 05:55:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 05:55:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12292	2015-04-05 05:55:31		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12544	2015-04-05 05:55:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 05:55:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 05:55:32		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 05:55:32		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-04-05 05:55:32		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x52c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-05 05:55:32		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x52c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2015-04-05 05:55:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1af45 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	13826	2015-04-05 05:55:39		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-05 05:55:39		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12292	2015-04-05 05:55:42		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	13824	2015-04-05 05:55:53		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0x3fc Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	12290	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 05:55:55		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-05 05:56:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 05:56:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-05 05:56:08		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-04-05 05:56:09		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-05 05:56:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x34ca1 Linked Logon ID: 0x34ce6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 05:56:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x34ce6 Linked Logon ID: 0x34ca1 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 05:56:09		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-05 05:56:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x34bd5 Linked Logon ID: 0x34c38 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 05:56:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x34c38 Linked Logon ID: 0x34bd5 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-05 05:56:09		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34ce6 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-05 05:56:09		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34ca1 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-05 05:56:09		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x34ca1 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 05:56:09		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x34bd5 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-05 05:56:09		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-04-05 05:56:11		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-05 05:56:26		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-04-05 05:56:26		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2015-04-05 05:56:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 05:56:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-05 05:56:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 05:56:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-05 05:56:43		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 05:56:43		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-04-05 05:56:50		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xa4c Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2015-04-05 05:56:50		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xa4c Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13824	2015-04-05 05:57:39		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34c38 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0x558 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Success	12544	2015-04-05 06:06:43		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 06:06:43		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-05 06:24:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 06:24:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-05 06:25:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 06:25:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-05 06:25:44		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-05 12:30:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 12:30:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 12:30:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 12:30:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12290	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:30:38		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-05 12:30:57		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-05 12:30:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x6f5962 Linked Logon ID: 0x6f59b4 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 12:30:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x6f59b4 Linked Logon ID: 0x6f5962 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 12:30:57		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-05 12:30:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x6f5e6b Linked Logon ID: 0x6f5ebe Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 12:30:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x6f5ebe Linked Logon ID: 0x6f5e6b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-05 12:30:57		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x6f5ebe Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-05 12:30:57		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x6f5e6b Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-05 12:30:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x6f5962 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 12:30:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x6f5e6b Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-05 12:30:57		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-04-05 12:30:57		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12290	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 12:31:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-05 12:32:37		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-05 12:32:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x76e181 Linked Logon ID: 0x76e1d3 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 12:32:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x76e1d3 Linked Logon ID: 0x76e181 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 12:32:37		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-05 12:32:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x76e5fd Linked Logon ID: 0x76e64f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 12:32:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x76e64f Linked Logon ID: 0x76e5fd Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-05 12:32:37		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x76e64f Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-05 12:32:37		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x76e5fd Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-05 12:32:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x76e181 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 12:32:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x76e5fd Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-05 12:32:37		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-04-05 12:32:37		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-04-05 12:33:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 12:33:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-05 12:33:12		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	13824	2015-04-05 12:35:37		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34c38 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0x10a4 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Success	12544	2015-04-05 12:35:43		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 12:35:43		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-05 12:35:45		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-05 14:35:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 14:35:47		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-05 14:35:48		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12290	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 18:07:54		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-05 18:08:35		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-05 18:08:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x97521b Linked Logon ID: 0x97526c Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 18:08:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x97526c Linked Logon ID: 0x97521b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 18:08:35		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-05 18:08:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x975651 Linked Logon ID: 0x9756a7 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 18:08:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x9756a7 Linked Logon ID: 0x975651 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-05 18:08:35		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x9756a7 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-05 18:08:35		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x975651 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-05 18:08:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x97521b Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 18:08:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x975651 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-05 18:08:35		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-04-05 18:08:35		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-04-05 18:08:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 18:08:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-05 18:09:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 18:09:21		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-05 18:09:27		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34c38 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0x868 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Failure	12290	2015-04-05 18:09:54		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-05 18:18:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 18:18:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-05 20:06:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 20:06:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-05 20:09:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 20:09:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-05 20:09:31		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-05 20:11:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 20:11:50		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-05 20:12:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 20:12:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-05 20:14:49		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 20:14:49		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-05 20:26:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 20:26:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-05 20:31:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 20:31:45		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-05 20:37:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-05 20:37:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-05 20:37:39		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-05 20:37:39		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-04-05 20:37:39		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x5f0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-05 20:37:39		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x5f0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-05 20:37:39		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x5f0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-05 20:37:39		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x5f0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-05 20:37:39		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x5f0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-05 20:37:39		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x5f0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-05 20:37:39		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x5f0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-04-05 20:37:39		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x5f0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	12290	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-05 21:04:30		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-06 05:57:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-06 05:57:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-06 05:57:25		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-06 05:57:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x169ef01 Linked Logon ID: 0x169ef53 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-06 05:57:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x169ef53 Linked Logon ID: 0x169ef01 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-06 05:57:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x169ef01 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-06 05:57:25		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-04-06 05:57:26		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-06 05:57:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x169f5dd Linked Logon ID: 0x169f62f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-06 05:57:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x169f62f Linked Logon ID: 0x169f5dd Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-06 05:57:26		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x169f62f Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-06 05:57:26		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x169f5dd Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-06 05:57:26		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x169f5dd Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-06 05:57:26		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-04-06 05:58:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-06 05:58:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-06 05:58:10		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12290	2015-04-06 06:19:41		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-06 06:19:41		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-06 06:19:41		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-06 06:19:41		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-06 06:19:41		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 06:19:41		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 06:19:41		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 06:19:41		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 06:19:41		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 06:19:41		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12290	2015-04-06 06:19:42		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-06 06:19:42		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-06 06:19:42		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-06 06:19:42		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 06:19:42		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 06:19:42		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 06:19:42		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 06:19:42		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-06 11:40:45		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-06 11:40:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x188ec8e Linked Logon ID: 0x188ece0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-06 11:40:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x188ece0 Linked Logon ID: 0x188ec8e Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-06 11:40:45		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-06 11:40:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x188f0b7 Linked Logon ID: 0x188f115 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-06 11:40:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x188f115 Linked Logon ID: 0x188f0b7 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-06 11:40:45		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x188f115 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-06 11:40:45		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x188f0b7 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-06 11:40:45		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x188ec8e Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-06 11:40:45		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x188f0b7 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-06 11:40:45		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-04-06 11:40:45		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-04-06 11:41:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-06 11:41:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-06 11:41:13		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-06 11:43:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-06 11:43:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-06 12:23:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-06 12:23:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12290	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-06 14:23:45		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-06 19:22:57		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-06 19:22:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x229f163 Linked Logon ID: 0x229f1b5 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-06 19:22:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x229f1b5 Linked Logon ID: 0x229f163 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-06 19:22:57		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-06 19:22:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x229f937 Linked Logon ID: 0x229f9a5 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-06 19:22:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x229f9a5 Linked Logon ID: 0x229f937 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-06 19:22:57		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x229f9a5 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-06 19:22:57		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x229f937 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-06 19:22:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x229f163 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-06 19:22:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x229f937 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-06 19:22:57		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-04-06 19:22:57		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-04-06 19:23:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-06 19:23:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-06 19:23:48		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-06 19:25:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-06 19:25:00		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12290	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 06:07:52		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-07 06:08:01		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-07 06:08:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x30ee560 Linked Logon ID: 0x30ee5b2 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-07 06:08:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x30ee5b2 Linked Logon ID: 0x30ee560 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-07 06:08:01		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-07 06:08:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x30ee9c0 Linked Logon ID: 0x30eea20 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-07 06:08:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x30eea20 Linked Logon ID: 0x30ee9c0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-07 06:08:01		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x30eea20 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-07 06:08:01		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x30ee9c0 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-07 06:08:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x30ee560 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-07 06:08:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x30ee9c0 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-07 06:08:01		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-04-07 06:08:01		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-04-07 06:08:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-07 06:08:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-07 06:08:32		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-07 06:10:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-07 06:10:50		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-07 06:23:43		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-07 06:23:43		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-07 07:14:27		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-07 07:14:27		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-07 07:14:28		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-07 07:26:42		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-07 07:26:42		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-07 07:26:43		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12290	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 07:47:59		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-07 10:07:05		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-07 10:07:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x3dc6653 Linked Logon ID: 0x3dc66a5 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-07 10:07:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x3dc66a5 Linked Logon ID: 0x3dc6653 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-07 10:07:05		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-07 10:07:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x3dc6b44 Linked Logon ID: 0x3dc6ba9 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-07 10:07:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x3dc6ba9 Linked Logon ID: 0x3dc6b44 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-07 10:07:05		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x3dc6ba9 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-07 10:07:05		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x3dc6b44 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-07 10:07:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x3dc6653 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-07 10:07:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x3dc6b44 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-07 10:07:05		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-04-07 10:07:05		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-04-07 10:07:41		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-07 10:07:41		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-07 10:07:42		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-07 10:36:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-07 10:36:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-07 10:36:52		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-07 11:40:29		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-07 11:40:29		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-07 11:49:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-07 11:49:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-07 12:36:50		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-07 12:36:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-07 12:36:50		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-07 13:23:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-07 13:23:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-07 13:24:27		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-07 13:24:27		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-07 13:24:29		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	13824	2015-04-07 15:02:39		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34c38 Additional Information: Caller Workstation: WIN-8FFL85VFQP9 Target Account Name: Guest Target Account Domain: WIN-8FFL85VFQP9
Security	Audit Success	12544	2015-04-07 15:07:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-07 15:07:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-07 15:07:16		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Failure	12290	2015-04-07 15:08:51		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Failure	12290	2015-04-07 15:10:45		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Failure	12290	2015-04-07 15:12:13		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12290	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-07 15:16:04		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-07 21:11:17		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-07 21:11:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x503877e Linked Logon ID: 0x50387d0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-07 21:11:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x50387d0 Linked Logon ID: 0x503877e Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-07 21:11:17		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-07 21:11:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x5038b88 Linked Logon ID: 0x5038bdd Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-07 21:11:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x5038bdd Linked Logon ID: 0x5038b88 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-07 21:11:17		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x5038bdd Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-07 21:11:17		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x5038b88 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-07 21:11:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x503877e Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-07 21:11:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x5038b88 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-07 21:11:17		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-04-07 21:11:17		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-04-07 21:11:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-07 21:11:24		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-07 21:11:25		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-07 21:13:41		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-07 21:13:41		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-04-07 21:51:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-07 21:51:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12290	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 20:42:18		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-08 20:42:35		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-08 20:42:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x5349c57 Linked Logon ID: 0x5349ca9 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-08 20:42:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x5349ca9 Linked Logon ID: 0x5349c57 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-08 20:42:35		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-08 20:42:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x534a041 Linked Logon ID: 0x534a097 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-08 20:42:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x534a097 Linked Logon ID: 0x534a041 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-08 20:42:35		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x534a097 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-08 20:42:35		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x534a041 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-08 20:42:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x5349c57 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-08 20:42:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x534a041 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-08 20:42:35		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-04-08 20:42:35		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-04-08 20:42:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-08 20:42:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-08 20:42:58		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	12544	2015-04-08 21:39:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-08 21:39:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12290	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {5B4DB2CC-EB1F-458D-A423-44F461018F38} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\8b711d6520f7f86e78c1f3f7b59f7fd0_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {DA4F3D04-6785-4C03-84B4-25805135E372} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\4a3e143eddf8107863ceaf4ffa0a29aa_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-04-08 21:39:16		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {E30B8337-6B72-45BD-A6B0-921F77FC4236} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\65987e1b454f4da1ae63eae5c5735314_1b3dae85-6ba0-446c-bbcb-d68797095aee Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-04-09 06:24:14		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-09 06:24:14		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x5a83ceb Linked Logon ID: 0x5a83d3d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-09 06:24:14		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x5a83d3d Linked Logon ID: 0x5a83ceb Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x144 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-09 06:24:14		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-04-09 06:24:14		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x5a84162 Linked Logon ID: 0x5a841b5 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-04-09 06:24:14		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x5a841b5 Linked Logon ID: 0x5a84162 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: WIN-8FFL85VFQP9 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-04-09 06:24:14		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x5a841b5 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-04-09 06:24:14		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x5a84162 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-04-09 06:24:14		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x5a83ceb Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-04-09 06:24:14		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: quanravita@outlook.com.vn Account Domain: MicrosoftAccount Logon ID: 0x5a84162 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-04-09 06:24:14		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-04-09 06:24:14		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Changed Attributes: SAM Account Name: - Display Name: Nguy?n Quang Anh Quan User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-04-09 06:27:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8FFL85VFQP9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-04-09 06:27:45		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-04-09 06:27:47		Microsoft-Windows-Security-Auditing	6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume4\Windows\System32\WerFaultSecure.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-500 Account Name: Administrator Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-503 Account Name: DefaultAccount Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-501 Account Name: Guest Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-500 Account Name: Administrator Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-503 Account Name: DefaultAccount Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-501 Account Name: Guest Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-500 Account Name: Administrator Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-500 Account Name: Administrator Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-503 Account Name: DefaultAccount Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-503 Account Name: DefaultAccount Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-501 Account Name: Guest Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-501 Account Name: Guest Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-500 Account Name: Administrator Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-500 Account Name: Administrator Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-501 Account Name: Guest Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-501 Account Name: Guest Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-503 Account Name: DefaultAccount Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-503 Account Name: DefaultAccount Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-500 Account Name: Administrator Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-500 Account Name: Administrator Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-501 Account Name: Guest Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-501 Account Name: Guest Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-503 Account Name: DefaultAccount Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-503 Account Name: DefaultAccount Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13824	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 User: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-579 Group Name: Access Control Assistance Operators Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-569 Group Name: Cryptographic Operators Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-578 Group Name: Hyper-V Administrators Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-556 Group Name: Network Configuration Operators Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-547 Group Name: Power Users Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-555 Group Name: Remote Desktop Users Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-552 Group Name: Replicator Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
Security	Audit Success	13826	2015-04-09 06:41:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2416274865-2761320319-549713895-1001 Account Name: Quanravita Account Domain: WIN-8FFL85VFQP9 Logon ID: 0x34bd5 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0xe08 Process Name: C:\Users\QUANRA~1\AppData\Local\Temp\Rar$EXa0.862\AIDA64.Extreme.5.00.3335.Beta\Setup _ Softnew.net\aida64.exe
System	Warning	1014	2015-04-02 18:58:02	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-02 18:58:02	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name 3-edge-chat.facebook.com timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-02 18:58:05	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name isatap timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-03 05:58:51	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-03 05:58:53	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name isatap.domain.name timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-03 06:22:50	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-03 12:45:26	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name isatap.domain.name timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-03 19:07:01	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-04 06:12:05	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name wpad timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-04 17:10:48	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
System	Error	None	2015-04-05 05:54:03		EventLog	6008: The previous system shutdown at 5:59:45 PM on ?4/?4/?2015 was unexpected.
System	Warning	1014	2015-04-05 05:54:26	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name isatap.domain.name timed out after none of the configured DNS servers responded.
System	Error	None	2015-04-05 12:30:37	Quanravita	DCOM	10010: The server LockApp did not register with DCOM within the required timeout.
System	Warning	1014	2015-04-05 12:30:47	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name lbhculpxvda timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-05 12:31:58	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name isatap.domain.name timed out after none of the configured DNS servers responded.
System	Warning	None	2015-04-05 12:32:20		storahci	129: Reset to device, \Device\RaidPort0, was issued.
System	Warning	1014	2015-04-05 12:32:29	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-05 12:35:11	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name isatap.domain.name timed out after none of the configured DNS servers responded.
System	Warning	None	2015-04-05 18:07:48		i8042prt	17: The device sent an incorrect response(s) following a keyboard reset.
System	Warning	1014	2015-04-05 18:08:53	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-05 19:54:02	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name www.googleadservices.com timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-05 19:55:29	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name vortex-win.data.microsoft.com timed out after none of the configured DNS servers responded.
System	Error	None	2015-04-05 20:07:06		Service Control Manager	7024: The Delivery Optimization service terminated with the following service-specific error: %%2147954407
System	Error	None	2015-04-05 20:09:04	Quanravita	DCOM	10010: The server {5B99FA76-721C-423C-ADAC-56D03C8A8007} did not register with DCOM within the required timeout.
System	Error	None	2015-04-05 20:11:45		Service Control Manager	7024: The Delivery Optimization service terminated with the following service-specific error: %%2147954407
System	Error	None	2015-04-05 20:13:45	Quanravita	DCOM	10010: The server {5B99FA76-721C-423C-ADAC-56D03C8A8007} did not register with DCOM within the required timeout.
System	Error	None	2015-04-05 20:26:01		Service Control Manager	7024: The Delivery Optimization service terminated with the following service-specific error: %%2147954407
System	Error	None	2015-04-05 20:28:01	Quanravita	DCOM	10010: The server {5B99FA76-721C-423C-ADAC-56D03C8A8007} did not register with DCOM within the required timeout.
System	Warning	1014	2015-04-06 11:40:33	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name wpad timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-06 17:59:17	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
System	Warning	None	2015-04-06 19:22:19		i8042prt	17: The device sent an incorrect response(s) following a keyboard reset.
System	Warning	1014	2015-04-06 19:22:20	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name wpad timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-06 19:33:55	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name apis.google.com timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-07 06:08:03	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name www.facebook.com timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-07 06:08:03	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name accounts.google.com timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-07 07:13:55	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name isatap.domain.name timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-07 07:25:43	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-07 07:25:53	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name www.msftncsi.com timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-07 07:26:07	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-07 10:07:12	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-07 10:07:13	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name isatap.domain.name timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-07 10:59:17	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name www.facebook.com timed out after none of the configured DNS servers responded.
System	Error	None	2015-04-07 11:39:12		Service Control Manager	7024: The Delivery Optimization service terminated with the following service-specific error: %%2147954407
System	Error	None	2015-04-07 11:41:09	Quanravita	DCOM	10010: The server {5B99FA76-721C-423C-ADAC-56D03C8A8007} did not register with DCOM within the required timeout.
System	Warning	1014	2015-04-07 13:23:48	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name displaycatalog-df.md.mp.microsoft.com timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-07 13:23:51	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name ieonlinews.microsoft.com timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-07 15:07:54	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name ssl.gstatic.com timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-07 15:09:06	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name www.msftncsi.com timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-04-07 15:11:29	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name www.google.com timed out after none of the configured DNS servers responded.
System	Error	None	2015-04-08 20:46:11		Service Control Manager	7024: The Delivery Optimization service terminated with the following service-specific error: %%2147943860
System	Error	None	2015-04-08 20:48:03	SYSTEM	DCOM	10010: The server {5B99FA76-721C-423C-ADAC-56D03C8A8007} did not register with DCOM within the required timeout.
System	Warning	1014	2015-04-08 20:50:31	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name apis.google.com timed out after none of the configured DNS servers responded.
System	Warning	None	2015-04-08 21:39:25		storahci	129: Reset to device, \Device\RaidPort0, was issued.

Database Software


Database Drivers:
	Borland Database Engine	-
	Borland InterBase Client	-
	Easysoft ODBC-InterBase 6	-
	Easysoft ODBC-InterBase 7	-
	Firebird Client	-
	Jet Engine	4.00.9765.0
	MDAC	10.0.10041.0 (fbl_impressive.150313-1821)
	ODBC	10.0.10041.0 (fbl_impressive.150313-1821)
	MySQL Connector/ODBC	-
	Oracle Client	-
	PsqlODBC	-
	Sybase ASE ODBC	-

Database Servers:
	Borland InterBase Server	-
	Firebird Server	-
	Microsoft SQL Server	-
	Microsoft SQL Server Compact Edition	-
	Microsoft SQL Server Express Edition	-
	MySQL Server	-
	Oracle Server	-
	PostgreSQL Server	-
	Sybase SQL Server	-

ODBC Drivers


Driver Description	File Name	Version	File Extensions Supported
Driver da Microsoft para arquivos texto (.txt; .csv)	odbcjt32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	.,.asc,.csv,.tab,.txt,.csv
Driver do Microsoft Access (*.mdb)	odbcjt32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	*.mdb
Driver do Microsoft dBase (*.dbf)	odbcjt32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	.dbf,.ndx,*.mdx
Driver do Microsoft Excel(*.xls)	odbcjt32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	*.xls
Driver do Microsoft Paradox (*.db )	odbcjt32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	*.db
Microsoft Access Driver (*.mdb)	odbcjt32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	*.mdb
Microsoft Access Driver (.mdb, .accdb)	aceodbc.dll	15.0.4695.1000	.mdb,.accdb
Microsoft Access Text Driver (.txt, .csv)	aceodbc.dll	15.0.4695.1000	.txt, .csv
Microsoft Access-Treiber (*.mdb)	odbcjt32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	*.mdb
Microsoft dBase Driver (*.dbf)	odbcjt32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	.dbf,.ndx,*.mdx
Microsoft dBase-Treiber (*.dbf)	odbcjt32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	.dbf,.ndx,*.mdx
Microsoft Excel Driver (*.xls)	odbcjt32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	*.xls
Microsoft Excel Driver (.xls, .xlsx, .xlsm, .xlsb)	aceodbc.dll	15.0.4695.1000	.xls,.xlsx, *.xlsb
Microsoft Excel-Treiber (*.xls)	odbcjt32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	*.xls
Microsoft ODBC for Oracle	msorcl32.dll	10.0.10041.0 (fbl_impressive.150313-1821)
Microsoft Paradox Driver (*.db )	odbcjt32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	*.db
Microsoft Paradox-Treiber (*.db )	odbcjt32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	*.db
Microsoft Text Driver (.txt; .csv)	odbcjt32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	.,.asc,.csv,.tab,.txt,.csv
Microsoft Text-Treiber (.txt; .csv)	odbcjt32.dll	10.0.10041.0 (fbl_impressive.150313-1821)	.,.asc,.csv,.tab,.txt,.csv
SQL Server	sqlsrv32.dll	10.0.10041.0 (fbl_impressive.150313-1821)

ODBC Data Sources


Data Source Name	Data Source Description	Type	Driver File Name
Excel Files	Microsoft Excel Driver (.xls, .xlsx, .xlsm, .xlsb)	User	aceodbc.dll
MS Access Database	Microsoft Access Driver (.mdb, .accdb)	User	aceodbc.dll

Memory Read


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Read Speed
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Quad DDR3-1333	9-9-9-24	77243 MB/s
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Dual DDR3-1600R	11-11-11-28 CR1	67619 MB/s
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	52396 MB/s
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	45162 MB/s
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	42431 MB/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	37831 MB/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	26428 MB/s
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	26020 MB/s
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	23559 MB/s
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	23218 MB/s
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	23157 MB/s
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	21726 MB/s
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	21404 MB/s
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	21284 MB/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	21210 MB/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	21110 MB/s
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	21006 MB/s
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	19763 MB/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	19552 MB/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	18834 MB/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	17639 MB/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	16638 MB/s
2x Core i3-2370M HT	2400 MHz	Asus X45C Series Notebook	HM76 Int.	Dual DDR3-1333	9-9-9-24 CR1	14739 MB/s
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	14730 MB/s
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	13453 MB/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	13118 MB/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	11534 MB/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	11178 MB/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	10112 MB/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	9714 MB/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	9037 MB/s
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	8716 MB/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	8709 MB/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	8366 MB/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	8096 MB/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	7965 MB/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	7646 MB/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	7627 MB/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	7616 MB/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	6989 MB/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	6593 MB/s
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	6414 MB/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	6206 MB/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	6104 MB/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	6082 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	6009 MB/s
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	5353 MB/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	4539 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	3967 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	3907 MB/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	3672 MB/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	3593 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	3362 MB/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	3323 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	2919 MB/s

Memory Write


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Write Speed
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Quad DDR3-1333	9-9-9-24	77060 MB/s
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Dual DDR3-1600R	11-11-11-28 CR1	57844 MB/s
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	52243 MB/s
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	45588 MB/s
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	45249 MB/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	27392 MB/s
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	24093 MB/s
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	23672 MB/s
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	23649 MB/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	19528 MB/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	18063 MB/s
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	17607 MB/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	17088 MB/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	16673 MB/s
2x Core i3-2370M HT	2400 MHz	Asus X45C Series Notebook	HM76 Int.	Dual DDR3-1333	9-9-9-24 CR1	14965 MB/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	14866 MB/s
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	14492 MB/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	13215 MB/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	12776 MB/s
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	12328 MB/s
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	11995 MB/s
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	10777 MB/s
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	10154 MB/s
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	9970 MB/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	9937 MB/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	8869 MB/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	8662 MB/s
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	7913 MB/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	7779 MB/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	7115 MB/s
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	7091 MB/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	7083 MB/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	6733 MB/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	5762 MB/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	5654 MB/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	5639 MB/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	5504 MB/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	5461 MB/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	4869 MB/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	4856 MB/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	4712 MB/s
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	4694 MB/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	4260 MB/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	4220 MB/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	4117 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	4093 MB/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	4029 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	3800 MB/s
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	3568 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	3159 MB/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	2831 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	2796 MB/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	2474 MB/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	2348 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	2337 MB/s

Memory Copy


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Copy Speed
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Dual DDR3-1600R	11-11-11-28 CR1	69009 MB/s
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Quad DDR3-1333	9-9-9-24	67052 MB/s
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	50043 MB/s
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	44987 MB/s
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	42150 MB/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	34882 MB/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	24509 MB/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	23799 MB/s
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	22896 MB/s
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	22772 MB/s
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	21695 MB/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	21530 MB/s
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	21283 MB/s
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	20802 MB/s
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	17897 MB/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	17836 MB/s
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	17735 MB/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	17362 MB/s
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	17174 MB/s
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	16882 MB/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	15347 MB/s
2x Core i3-2370M HT	2400 MHz	Asus X45C Series Notebook	HM76 Int.	Dual DDR3-1333	9-9-9-24 CR1	14111 MB/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	13993 MB/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	13993 MB/s
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	12444 MB/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	11945 MB/s
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	11370 MB/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	9671 MB/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	9468 MB/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	9054 MB/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	8216 MB/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	7792 MB/s
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	7740 MB/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	7403 MB/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	6881 MB/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	6774 MB/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	6282 MB/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	6139 MB/s
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	5921 MB/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	5551 MB/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	5396 MB/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	5284 MB/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	4951 MB/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	4891 MB/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	4764 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	4572 MB/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	4213 MB/s
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	4195 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	3673 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	3270 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	3147 MB/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	3051 MB/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	3009 MB/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	2987 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	2578 MB/s

Memory Latency


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Latency
Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	55.2 ns
Core i7-3770K	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	57.5 ns
Xeon E3-1245 v3	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	57.9 ns
Core i7-4770	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	58.3 ns
A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	59.6 ns
FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	60.3 ns
FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	61.4 ns
A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	62.0 ns
Core i7-4930K	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	62.1 ns
Core i7-965 Extreme	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	62.9 ns
Core i7-2600	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	66.7 ns
Core i7-990X Extreme	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	67.1 ns
Core i7-3960X Extreme	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	67.5 ns
Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	69.6 ns
Xeon X5550	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	70.3 ns
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	72.4 ns
Core i3-2370M	2400 MHz	Asus X45C Series Notebook	HM76 Int.	Dual DDR3-1333	9-9-9-24 CR1	74.1 ns
Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	74.1 ns
Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	74.2 ns
Core i7-5820K	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	74.4 ns
A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	75.9 ns
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	77.0 ns
Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	77.9 ns
Pentium EE 955	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	78.0 ns
Xeon E5-2670	2600 MHz	Supermicro X9DR6-F	C600	Quad DDR3-1333	9-9-9-24	79.6 ns
A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	79.6 ns
Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	79.9 ns
Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	81.2 ns
P4EE	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	82.4 ns
Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Dual DDR3-1600R	11-11-11-28 CR1	87.0 ns
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	88.2 ns
Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	88.6 ns
Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	89.9 ns
Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	91.3 ns
Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	93.2 ns
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	93.7 ns
Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	99.1 ns
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	99.5 ns
Core i5-650	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	100.3 ns
Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	101.4 ns
Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	103.9 ns
Atom 230	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	105.7 ns
E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	107.0 ns
Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	111.9 ns
Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	113.3 ns
Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	114.8 ns
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	120.0 ns
Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	124.4 ns
Xeon	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	124.7 ns
Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	127.8 ns
Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	128.3 ns
Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	129.7 ns
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	138.4 ns
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	153.7 ns
Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	159.0 ns

CPU Queen


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Quad DDR3-1333	9-9-9-24	100531
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	62643
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	62484
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	59940
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	56836
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Dual DDR3-1600R	11-11-11-28 CR1	53879
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	53544
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	47291
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	46747
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	45915
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	43907
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	42550
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	41740
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	37778
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	36089
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	34010
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	32366
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	31680
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	30784
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	26997
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	25523
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	22162
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	22013
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	21945
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	21896
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	21655
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	21434
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	21225
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	20154
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	19397
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	19226
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	18012
2x Core i3-2370M HT	2400 MHz	Asus X45C Series Notebook	HM76 Int.	Dual DDR3-1333	9-9-9-24 CR1	16298
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	16094
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	14695
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	12584
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	12140
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	11236
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	9614
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	7485
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	7304
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	7300
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	5904
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	5452
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	5164
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	4879
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	4086
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	4021
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	3855
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	3791
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	3514
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	3301
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	2814
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	2586
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	1839

CPU PhotoWorxx


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Quad DDR3-1333	9-9-9-24	38725 MPixel/s
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Dual DDR3-1600R	11-11-11-28 CR1	35478 MPixel/s
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	25266 MPixel/s
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	23599 MPixel/s
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	22806 MPixel/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	20428 MPixel/s
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	14178 MPixel/s
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	14090 MPixel/s
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	14001 MPixel/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	12962 MPixel/s
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	12477 MPixel/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	12457 MPixel/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	11872 MPixel/s
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	11495 MPixel/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	11115 MPixel/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	10673 MPixel/s
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	9603 MPixel/s
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	9078 MPixel/s
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	8913 MPixel/s
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	8886 MPixel/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	8581 MPixel/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	8064 MPixel/s
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	6975 MPixel/s
2x Core i3-2370M HT	2400 MHz	Asus X45C Series Notebook	HM76 Int.	Dual DDR3-1333	9-9-9-24 CR1	6901 MPixel/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	6862 MPixel/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	6131 MPixel/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	5627 MPixel/s
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	5276 MPixel/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	4730 MPixel/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	4183 MPixel/s
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	4179 MPixel/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	3840 MPixel/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	3707 MPixel/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	3462 MPixel/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	3041 MPixel/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	3025 MPixel/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	2926 MPixel/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	2793 MPixel/s
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	2536 MPixel/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	2390 MPixel/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	2147 MPixel/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	1936 MPixel/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	1904 MPixel/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	1895 MPixel/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	1864 MPixel/s
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	1852 MPixel/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	1850 MPixel/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	1844 MPixel/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	1676 MPixel/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	1224 MPixel/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	1167 MPixel/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	1100 MPixel/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	1099 MPixel/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	879 MPixel/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	826 MPixel/s

CPU ZLib


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Quad DDR3-1333	9-9-9-24	975.4 MB/s
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Dual DDR3-1600R	11-11-11-28 CR1	672.7 MB/s
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	455.0 MB/s
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	444.5 MB/s
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	436.1 MB/s
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	366.5 MB/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	358.7 MB/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	358.1 MB/s
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	346.1 MB/s
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	320.0 MB/s
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	317.2 MB/s
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	308.6 MB/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	289.2 MB/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	281.4 MB/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	276.3 MB/s
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	256.7 MB/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	244.3 MB/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	222.7 MB/s
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	209.2 MB/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	189.4 MB/s
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	183.0 MB/s
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	174.8 MB/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	174.3 MB/s
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	167.7 MB/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	154.7 MB/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	153.2 MB/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	152.5 MB/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	136.2 MB/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	117.7 MB/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	112.5 MB/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	108.3 MB/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	105.8 MB/s
2x Core i3-2370M HT	2400 MHz	Asus X45C Series Notebook	HM76 Int.	Dual DDR3-1333	9-9-9-24 CR1	98.8 MB/s
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	97.1 MB/s
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	95.6 MB/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	82.8 MB/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	75.0 MB/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	73.7 MB/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	59.6 MB/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	57.8 MB/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	57.5 MB/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	47.3 MB/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	41.5 MB/s
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	33.3 MB/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	32.9 MB/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	32.2 MB/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	31.6 MB/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	30.8 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	24.3 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	22.8 MB/s
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	20.3 MB/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	18.5 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	17.4 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	16.3 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	15.2 MB/s

CPU AES


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Quad DDR3-1333	9-9-9-24	46884 MB/s
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Dual DDR3-1600R	11-11-11-28 CR1	38007 MB/s
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	23204 MB/s
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	21097 MB/s
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	21094 MB/s
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	17312 MB/s
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	16800 MB/s
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	16333 MB/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	15406 MB/s
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	14455 MB/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	13681 MB/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	12247 MB/s
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	9124 MB/s
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	8465 MB/s
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	8460 MB/s
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	6532 MB/s
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	4053 MB/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	3782 MB/s
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	2908 MB/s
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	1930 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	1447 MB/s
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	1332 MB/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	1286 MB/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	1212 MB/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	1153 MB/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	913 MB/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	802 MB/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	790 MB/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	789 MB/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	721 MB/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	651 MB/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	587 MB/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	566 MB/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	524 MB/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	493 MB/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	473 MB/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	421 MB/s
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	387 MB/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	311 MB/s
2x Core i3-2370M HT	2400 MHz	Asus X45C Series Notebook	HM76 Int.	Dual DDR3-1333	9-9-9-24 CR1	310 MB/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	277 MB/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	274 MB/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	269 MB/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	245 MB/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	242 MB/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	184 MB/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	153 MB/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	148 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	144 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	131 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	109 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	105 MB/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	98 MB/s
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	84 MB/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	44 MB/s

CPU Hash


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Dual DDR3-1600R	11-11-11-28 CR1	9056 MB/s
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Quad DDR3-1333	9-9-9-24	8724 MB/s
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	5231 MB/s
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	4783 MB/s
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	4368 MB/s
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	4104 MB/s
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	3924 MB/s
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	3786 MB/s
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	3679 MB/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	3674 MB/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	3604 MB/s
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	3304 MB/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	3188 MB/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	3137 MB/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	3094 MB/s
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	2995 MB/s
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	2621 MB/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	2544 MB/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	2345 MB/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	2242 MB/s
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	2159 MB/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	1989 MB/s
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	1986 MB/s
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	1965 MB/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	1942 MB/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	1936 MB/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	1914 MB/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	1680 MB/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	1677 MB/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	1464 MB/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	1441 MB/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	1101 MB/s
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	998 MB/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	980 MB/s
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	976 MB/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	969 MB/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	925 MB/s
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	911 MB/s
2x Core i3-2370M HT	2400 MHz	Asus X45C Series Notebook	HM76 Int.	Dual DDR3-1333	9-9-9-24 CR1	855 MB/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	828 MB/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	809 MB/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	730 MB/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	641 MB/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	548 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	489 MB/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	443 MB/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	427 MB/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	350 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	336 MB/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	326 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	306 MB/s
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	251 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	246 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	245 MB/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	162 MB/s

FPU VP8


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	6751
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	6539
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	6391
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	6381
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	6367
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Quad DDR3-1333	9-9-9-24	6350
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	6307
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	5592
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	5279
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	4981
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	4943
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	4777
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	4589
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	4583
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	3973
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	3920
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	3864
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	3766
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	3654
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	3623
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	3304
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	3294
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	3238
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	3166
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	3145
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	3141
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Dual DDR3-1600R	11-11-11-28 CR1	3070
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	2707
2x Core i3-2370M HT	2400 MHz	Asus X45C Series Notebook	HM76 Int.	Dual DDR3-1333	9-9-9-24 CR1	2549
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	2499
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	2448
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	2402
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	2382
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	2369
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	2112
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	1816
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	1786
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	1779
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	1687
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	1352
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	1215
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	1189
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	1108
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	1057
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	954
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	850
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	803
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	796
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	689
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	685
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	661
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	613
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	586
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	511
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	487

FPU Julia


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Quad DDR3-1333	9-9-9-24	62590
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	40502
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Dual DDR3-1600R	11-11-11-28 CR1	30193
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	28480
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	26953
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	26917
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	26898
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	19516
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	18457
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	18309
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	17993
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	17671
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	15300
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	13504
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	12634
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	12208
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	11912
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	11125
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	8956
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	8747
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	8681
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	8201
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	8070
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	7608
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	7438
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	6999
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	6474
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	6411
2x Core i3-2370M HT	2400 MHz	Asus X45C Series Notebook	HM76 Int.	Dual DDR3-1333	9-9-9-24 CR1	6220
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	6207
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	5587
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	5579
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	5551
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	5235
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	4059
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	3534
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	3079
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	2440
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	2393
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	2309
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	2053
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	1988
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	1865
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	1342
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	1308
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	1117
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	958
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	911
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	896
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	893
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	792
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	702
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	641
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	589
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	513

FPU Mandel


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Quad DDR3-1333	9-9-9-24	33143
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	21649
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Dual DDR3-1600R	11-11-11-28 CR1	15402
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	15100
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	14429
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	14418
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	14253
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	10344
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	9777
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	9318
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	8672
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	8614
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	8066
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	6901
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	6434
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	6211
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	6094
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	5395
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	4626
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	4418
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	4333
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	4179
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	3973
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	3874
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	3474
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	3308
2x Core i3-2370M HT	2400 MHz	Asus X45C Series Notebook	HM76 Int.	Dual DDR3-1333	9-9-9-24 CR1	3291
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	3228
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	3176
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	2982
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	2889
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	2840
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	2676
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	2335
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	1823
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	1626
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	1482
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	1449
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	1383
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	1182
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	1062
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	1051
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	856
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	795
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	688
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	494
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	476
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	458
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	427
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	404
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	402
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	359
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	328
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	263
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	193

FPU SinJulia


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Quad DDR3-1333	9-9-9-24	16035
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	7471
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	7274
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	7214
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	6993
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Dual DDR3-1600R	11-11-11-28 CR1	6822
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	6513
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	4984
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	4716
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	4679
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	4658
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	4587
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	4583
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	4132
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	3213
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	3101
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	2833
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	2645
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	2590
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	2306
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	2268
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	2219
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	2210
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	2042
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	1934
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	1872
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	1856
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	1618
2x Core i3-2370M HT	2400 MHz	Asus X45C Series Notebook	HM76 Int.	Dual DDR3-1333	9-9-9-24 CR1	1560
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	1481
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	1480
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	1421
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	1377
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	1260
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	1178
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	1049
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	1021
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	960
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	948
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	942
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	835
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	685
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	516
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	505
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	457
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	452
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	359
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	327
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	284
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	277
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	262
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	262
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	205
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	203
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	131

Debug - PCI


		B00 D00 F00:	Intel Sandy Bridge-MB - Host Bridge/DRAM Controller

		Offset 000:	86 80 04 01 06 00 90 20 09 00 00 06 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 67 15
		Offset 030:	00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	01 90 D1 FE 00 00 00 00 01 00 D1 FE 00 00 00 00
		Offset 050:	81 02 00 00 11 00 00 00 0F 00 D0 DF 01 00 00 BF
		Offset 060:	05 00 00 F8 00 00 00 00 01 80 D1 FE 00 00 00 00
		Offset 070:	00 00 00 7F 01 00 00 00 00 0C 00 FF 7F 00 00 00
		Offset 080:	10 11 11 00 00 10 11 00 1A 00 00 00 00 00 00 00
		Offset 090:	01 00 00 7F 01 00 00 00 01 00 10 9F 01 00 00 00
		Offset 0A0:	01 00 00 80 01 00 00 00 01 00 20 9F 01 00 00 00
		Offset 0B0:	01 00 E0 BF 01 00 C0 BF 01 00 00 BF 01 00 E0 DF
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	09 00 0C 01 96 61 80 E2 90 00 08 14 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 B8 0F 06 00 00 00 00 00

		B00 D02 F00:	Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2)

		Offset 000:	86 80 16 01 07 04 90 00 09 00 00 03 00 00 00 00
		Offset 010:	04 00 80 F7 00 00 00 00 0C 00 00 E0 00 00 00 00
		Offset 020:	01 F0 00 00 00 00 00 00 00 00 00 00 43 10 67 15
		Offset 030:	00 00 00 00 90 00 00 00 00 00 00 00 00 01 00 00
		Offset 040:	09 00 0C 01 96 61 80 E2 90 00 08 14 00 00 00 00
		Offset 050:	81 02 00 00 11 00 00 00 00 00 00 00 01 00 E0 BF
		Offset 060:	00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	05 D0 01 00 0C F0 E0 FE 91 49 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 13 00 06 03 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	01 A4 22 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 80 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 06 00 18 B0 8A BE

		B00 D14 F00:	Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1]

		Offset 000:	86 80 31 1E 06 04 90 02 04 30 03 0C 00 00 00 00
		Offset 010:	04 00 E0 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 67 15
		Offset 030:	00 00 00 00 70 00 00 00 00 00 00 00 00 01 00 00
		Offset 040:	FD 07 0E 80 39 C2 03 80 00 00 00 00 00 00 00 00
		Offset 050:	17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	30 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	01 80 C2 C1 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 00 87 00 0C F0 E0 FE 00 00 00 00 81 49 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	8F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	03 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	01 00 00 00 0F 00 00 00 01 00 00 00 0F 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 04 08 00 00 00 00

		B00 D16 F00:	Intel Panther Point PCH - Host Embedded Controller Interface 1 (HECI1) [C-1]

		Offset 000:	86 80 3A 1E 06 00 10 00 04 00 80 07 00 00 80 00
		Offset 010:	04 A0 E1 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 67 15
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 10 01 00 00
		Offset 040:	55 02 00 1E 10 00 01 80 06 01 00 60 F0 17 00 10
		Offset 050:	01 8C 03 C8 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 05 00 80 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 C0
		Offset 0C0:	6D 08 C5 89 D6 68 5C 98 B4 25 77 81 1C 6D E9 6C
		Offset 0D0:	AE 8B 96 2F B5 7E D7 63 92 9A 9B BD 04 FD 0F 92
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B00 D1A F00:	Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1]

		Offset 000:	86 80 2D 1E 06 00 90 02 04 20 03 0C 00 00 00 00
		Offset 010:	00 80 E1 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 67 15
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 10 01 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	01 58 C2 C9 00 00 00 00 0A 98 A0 20 00 00 00 00
		Offset 060:	20 20 FF 07 00 00 00 00 01 00 00 00 00 00 00 C0
		Offset 070:	00 00 DE 3F 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 80 00 11 88 0C 93 30 0D 00 24 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 13 00 06 03 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 AA FF 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 20 80 01 02 40 00 24 2C 20 3A
		Offset 0F0:	00 00 00 00 88 85 80 00 87 0F 04 08 08 17 5B 20

		B00 D1B F00:	Intel Panther Point PCH - High Definition Audio Controller [C-1]

		Offset 000:	86 80 20 1E 06 00 10 00 04 00 03 04 10 00 00 00
		Offset 010:	04 00 E1 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 67 15
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 16 01 00 00
		Offset 040:	01 00 00 45 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	01 60 42 C8 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	05 70 80 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	10 00 91 00 00 00 00 10 00 08 10 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 04 02 01 02 24 00 40 00 0C A3 82 10 00 33 02
		Offset 0D0:	00 0C A3 02 10 00 33 02 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 04 08 00 00 00 00

		B00 D1C F00:	Intel Panther Point PCH - PCI Express Port 1

		Offset 000:	86 80 10 1E 04 04 10 00 C4 00 04 06 10 00 81 00
		Offset 010:	00 00 00 00 00 00 00 00 00 01 01 00 F0 00 00 20
		Offset 020:	F0 FF 00 00 F1 FF 01 00 00 00 00 00 00 00 00 00
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 0B 01 00 00
		Offset 040:	10 80 42 01 00 80 00 00 00 00 10 00 12 4C 12 01
		Offset 050:	03 00 01 10 00 B2 04 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	0D A0 00 00 43 10 67 15 00 00 00 00 00 00 00 00
		Offset 0A0:	01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 01 02 0B 00 00 80 80 11 81 00 00 00 00
		Offset 0E0:	00 3F 00 00 00 00 00 00 03 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 04 08 00 00 00 00

		B00 D1C F01:	Intel Panther Point PCH - PCI Express Port 2

		Offset 000:	86 80 12 1E 06 04 10 00 C4 00 04 06 10 00 81 00
		Offset 010:	00 00 00 00 00 00 00 00 00 02 02 00 F0 00 00 00
		Offset 020:	D0 F7 D0 F7 F1 FF 01 00 00 00 00 00 00 00 00 00
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 03 02 00 00
		Offset 040:	10 80 42 01 00 80 00 00 00 00 10 00 12 3C 12 02
		Offset 050:	42 00 11 70 00 B2 0C 00 00 00 40 01 00 00 00 00
		Offset 060:	00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	0D A0 00 00 43 10 67 15 00 00 00 00 00 00 00 00
		Offset 0A0:	01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 01 02 0B 00 00 80 80 11 81 00 00 00 00
		Offset 0E0:	00 03 00 00 00 00 00 00 01 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 04 08 00 00 00 00

		B00 D1C F03:	Intel Panther Point PCH - PCI Express Port 4

		Offset 000:	86 80 16 1E 07 04 10 00 C4 00 04 06 10 00 81 00
		Offset 010:	00 00 00 00 00 00 00 00 00 03 03 00 E0 E0 00 20
		Offset 020:	C0 F7 C0 F7 01 F0 01 F0 00 00 00 00 00 00 00 00
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 0A 04 00 00
		Offset 040:	10 80 42 01 00 80 00 00 00 00 10 00 12 3C 12 04
		Offset 050:	43 00 11 70 00 B2 1C 00 00 00 40 01 00 00 00 00
		Offset 060:	00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	0D A0 00 00 43 10 67 15 00 00 00 00 00 00 00 00
		Offset 0A0:	01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 01 02 0B 00 00 80 80 11 81 00 00 00 00
		Offset 0E0:	00 03 00 00 00 00 00 00 01 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 04 08 00 00 00 00

		B00 D1D F00:	Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1]

		Offset 000:	86 80 26 1E 06 00 90 02 04 20 03 0C 00 00 00 00
		Offset 010:	00 70 E1 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 67 15
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 17 01 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	01 58 C2 C9 00 00 00 00 0A 98 A0 20 00 00 00 00
		Offset 060:	20 20 FF 07 00 00 00 00 01 00 00 00 00 00 00 C0
		Offset 070:	00 00 DE 3F 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 80 00 11 88 0C 93 30 0D 00 24 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 13 00 06 03 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 AA FF 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 40 00 01 00 00 10 00 00 04 B0 17 BB
		Offset 0F0:	00 00 00 00 88 85 80 00 87 0F 04 08 08 17 5B 20

		B00 D1F F00:	Intel HM76 Chipset - LPC Interface Controller [C-1]

		Offset 000:	86 80 59 1E 07 00 10 02 04 00 01 06 00 00 80 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 67 15
		Offset 030:	00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	01 04 00 00 80 00 00 00 01 05 00 00 10 00 00 00
		Offset 050:	F8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	8B 83 8A 8A D0 00 00 00 80 80 85 84 F8 F0 00 00
		Offset 070:	78 F0 78 F0 78 F0 78 F0 78 F0 78 F0 78 F0 78 F0
		Offset 080:	10 00 0F 3C 41 02 3C 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 0F 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	14 0E 80 00 41 39 06 00 00 47 00 00 00 00 01 00
		Offset 0B0:	00 00 00 00 00 00 00 00 84 00 08 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	33 22 11 00 67 45 00 00 CF FF 00 00 08 00 00 00
		Offset 0E0:	09 00 0C 10 00 00 00 00 13 06 64 06 00 00 00 00
		Offset 0F0:	01 C0 D1 FE 00 00 00 00 87 0F 04 08 00 00 00 00

		B00 D1F F02:	Intel Panther Point-M PCH - SATA AHCI Controller [C-1]

		Offset 000:	86 80 03 1E 06 04 B0 02 04 01 06 01 00 00 00 00
		Offset 010:	01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00
		Offset 020:	01 00 00 00 00 60 E1 F7 00 00 00 00 43 10 67 15
		Offset 030:	00 00 00 00 80 00 00 00 00 00 00 00 00 02 00 00
		Offset 040:	00 80 00 80 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	01 A8 03 40 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 70 01 00 0C F0 E0 FE 50 49 00 00 00 00 00 00
		Offset 090:	60 3A 05 81 83 01 00 3A 08 42 5C 01 00 00 00 00
		Offset 0A0:	E0 00 00 00 39 00 00 00 12 B0 10 00 48 00 00 00
		Offset 0B0:	13 00 06 03 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 04 08 00 00 00 00

		B00 D1F F03:	Intel Panther Point PCH - SMBus Controller [C-1]

		Offset 000:	86 80 22 1E 03 00 80 02 04 00 05 0C 00 00 00 00
		Offset 010:	04 50 E1 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	41 F0 00 00 00 00 00 00 00 00 00 00 43 10 67 15
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 0A 03 00 00
		Offset 040:	01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	03 04 04 00 00 00 08 08 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 04 08 00 00 00 00

		B00 D1F F06:	Intel Panther Point PCH - Thermal Management Controller [C-1]

		Offset 000:	86 80 24 1E 00 00 10 00 04 00 80 11 00 00 00 00
		Offset 010:	04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 67 15
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 00 03 00 00
		Offset 040:	05 00 E0 DF 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	01 00 23 00 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 04 08 00 00 00 00

		B02 D00 F00:	Atheros AR9485 Wireless Network Adapter

		Offset 000:	8C 16 32 00 46 01 10 00 01 00 80 02 10 00 00 00
		Offset 010:	04 00 D0 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 3B 1A 86 11
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 11 01 00 00
		Offset 040:	01 50 C2 FF 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	05 70 84 01 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	10 00 02 00 C0 8D 90 05 10 20 10 00 11 6C 03 00
		Offset 080:	42 00 11 10 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 10 00 00 00 00 00 00 00 02 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B03 D00 F00:	Realtek RTS5289 PCI-E Card Reader

		Offset 000:	EC 10 89 52 06 04 10 00 01 00 00 FF 10 00 80 00
		Offset 010:	00 00 C0 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 67 15
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 00 02 00 00
		Offset 040:	01 50 C3 F7 00 01 00 00 00 00 00 00 00 00 00 00
		Offset 050:	05 70 81 00 0C F0 E0 FE 00 00 00 00 B2 49 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	10 B0 02 00 C0 8C 90 05 10 20 19 00 11 7C 07 00
		Offset 080:	03 01 11 10 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 1F 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	11 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B03 D00 F02:	Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter

		Offset 000:	EC 10 68 81 07 04 10 00 0A 00 00 02 10 00 80 00
		Offset 010:	01 E0 00 00 00 00 00 00 0C 40 00 F0 00 00 00 00
		Offset 020:	0C 00 00 F0 00 00 00 00 00 00 00 00 43 10 67 15
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 00 01 00 00
		Offset 040:	01 50 C3 FF 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	05 70 80 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	10 B0 02 02 C0 8C 90 05 10 50 19 00 11 7C 07 00
		Offset 080:	40 00 11 10 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 1F 00 00 00 10 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	11 D0 03 80 04 00 00 00 04 08 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	03 00 FC 80 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW MCHBAR

		Offset 4000:	99 79 18 00 54 54 14 0A 20 22 02 0A 90 56 00 00
		Offset 4010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4020:	05 00 10 00 21 21 20 20 11 00 0E 00 00 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW MCHBAR

		Offset 4280:	00 00 00 00 00 00 04 00 00 00 00 00 44 00 00 00
		Offset 4290:	80 40 00 00 0F 98 00 00 50 14 6B 5A 50 02 00 00
		Offset 42A0:	03 10 00 00 00 72 F9 41 00 00 00 00 00 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW MCHBAR

		Offset 4400:	99 79 18 00 54 54 14 0A 20 32 02 0A 90 56 00 00
		Offset 4410:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4420:	05 00 10 00 20 20 20 20 00 00 0E 00 00 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW MCHBAR

		Offset 4680:	00 00 00 00 00 00 04 00 00 00 00 00 44 00 00 00
		Offset 4690:	80 40 00 00 0F 98 00 00 50 14 6B 5A 10 02 00 00
		Offset 46A0:	01 10 00 00 00 72 F9 41 00 00 00 00 00 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW MCHBAR

		Offset 4800:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4810:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW MCHBAR

		Offset 4A80:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4A90:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW MCHBAR

		Offset 5000:	24 00 00 00 10 00 62 00 08 00 60 00 00 00 60 00
		Offset 5010:	00 00 00 00 00 00 10 08 00 00 00 00 00 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW MCHBAR

		Offset 5880:	E7 71 91 CA 00 00 00 00 D0 DA E4 00 00 00 00 00
		Offset 5890:	E0 ED 3C 05 49 9B 8C 02 00 00 00 00 00 00 00 00
		Offset 58A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 5900:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 5910:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 5920:	00 00 00 00 18 00 00 00 BF 33 1E 19 91 61 FA 01
		Offset 5930:	18 01 C0 00 60 01 0F 00 03 10 0A 00 F5 A1 EA 29
		Offset 5940:	1F 32 60 08 7E 90 48 00 0B 0D 00 00 00 00 00 00
		Offset 5950:	00 00 00 00 00 00 10 00 00 18 01 60 00 08 00 00
		Offset 5960:	D4 E6 C0 61 FA 99 7D ED 5A 17 17 EE 8B 7F 7A 94
		Offset 5970:	C2 39 FF D8 C0 39 FF D8 48 00 00 00 48 00 00 00
		Offset 5980:	47 00 00 00 9C 45 2B 5C 00 00 00 00 00 00 00 00
		Offset 5990:	FF 00 00 00 FF 00 00 00 17 0D 0D 00 00 0E 64 00
		Offset 59A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 59B0:	80 03 00 80 94 14 14 18 70 01 00 80 94 14 14 18
		Offset 59C0:	08 00 1D 88 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW MCHBAR

		Offset 5E00:	05 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00
		Offset 5E10:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-1E24:	Intel 5/6/7/8/9-series PCH TBARB

		Offset 00:	01 BA 00 E5 2B 3A 37 29 82 00 2D 00 00 99 40 00
		Offset 10:	00 00 00 19 87 DE 8C 80 00 00 00 00 00 00 00 00
		Offset 20:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 30:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80
		Offset 40:	01 02 00 FF 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 50:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 60:	00 00 00 00 00 00 00 00 00 00 00 00 1F 1A 15 05
		Offset 70:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 80:	01 01 00 00 66 66 00 FF 00 00 00 00 00 00 00 00
		Offset 90:	FC 22 E1 10 00 00 00 00 00 00 00 00 00 00 00 00
		Offset A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset C0:	01 01 00 00 00 00 00 FF 00 00 00 00 00 00 00 00
		Offset D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Debug - Video BIOS


		C000:0000	U.x...000000000000.$..#W@...00IBM VGA Compatible BIOS. .n.~.....
		C000:0040	PCIR............................&.V.f.v.....n...................
		C000:0080	..........7............................................DH.....DH
		C000:00C0	.....DH....0DH.....DI.....DI.....DJ.....DJ....0DJ.....DI....0DI.
		C000:0100	....DJ.....DK.....DK.....DK....0.L......L......L....0.L......M..
		C000:0140	....M.....0.D..2.h..4....8....:....<....A.D..C.h..E....I....K...
		C000:0180	.M....P D..R h..T ...X ...Z ...\ ...`.T..a.T..b T..c.n..d.n..e n
		C000:01C0	..f....g....h ...i....j....k ...l....m....n ...o....p....q ...}.
		C000:0200	...~.... ........ .-..`............ .1..l...........rQ.. n(U...
		C000:0240	!....... ....`"........... ....@.......... .1X. (.........V. .1X
		C000:0280	. .P........d..@A.&0..6.......... A. 0.`........0..Q.@0p......
		C000:02C0	...4..Q.*@..........H?@0b.2@@.........h[..r.<P..................
		C000:0300	..E............................................E................
		C000:0340	...................For Evaluation Use Only....(........c-'(.+...
		C000:0380	..............................................(........c-'(.+...
		C000:03C0	..............................................P........c_OP.U...

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.