Report of <samsung-home>

AIDA64 Extreme


		Version	AIDA64 v5.60.3700
		Benchmark Module	4.1.643-x64
		Homepage	http://www.aida64.com/
		Report Type	Report Wizard [ TRIAL VERSION ]
		Computer	samsung-home
		Generator	home
		Operating System	Microsoft Windows 8 6.2.9200.16581 (Win8 RTM)
		Date	2016-02-28
		Time	14:40

Summary


Computer:
	Computer Type	ACPI x64-based PC (Mobile)
	Operating System	Microsoft Windows 8
	OS Service Pack	[ TRIAL VERSION ]
	Internet Explorer	10.0.9200.16599 (IE 10.0.6)
	DirectX	DirectX 11.1
	Computer Name	samsung-home
	User Name	home
	Logon Domain	[ TRIAL VERSION ]
	Date / Time	2016-02-28 / 14:40

Motherboard:
	CPU Type	Mobile DualCore Intel Core i5-3230M, 2600 MHz (26 x 100)
	Motherboard Name	Samsung 3570R/370R/470R/450R/510R/4450RV
	Motherboard Chipset	Intel Panther Point HM76, Intel Ivy Bridge
	System Memory	[ TRIAL VERSION ]
	DIMM1: Samsung M471B5173BH0-CK0	4 GB DDR3-1600 DDR3 SDRAM (11-11-11-28 @ 800 MHz) (10-10-10-27 @ 761 MHz) (9-9-9-24 @ 685 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-19 @ 533 MHz) (6-6-6-16 @ 457 MHz) (5-5-5-14 @ 380 MHz)
	DIMM3: Samsung M471B5773DH0-CK0	[ TRIAL VERSION ]
	BIOS Type	AMI (04/29/2014)

Display:
	Video Adapter	Intel(R) HD Graphics 4000 (2112 MB)
	Video Adapter	Intel(R) HD Graphics 4000 (2112 MB)
	Video Adapter	Intel(R) HD Graphics 4000 (2112 MB)
	3D Accelerator	Intel HD Graphics 4000
	Monitor	AU Optronics B156XW04 V6 [15.6" LCD]

Multimedia:
	Audio Adapter	Intel Panther Point HDMI @ Intel Panther Point PCH - High Definition Audio Controller [C-1]
	Audio Adapter	Realtek ALC269 @ Intel Panther Point PCH - High Definition Audio Controller [C-1]

Storage:
	IDE Controller	Intel(R) 7 Series Chipset Family SATA AHCI Controller
	Storage Controller	Microsoft Storage Spaces Controller
	Storage Controller	Microsoft VHD Loopback Controller
	Disk Drive	ST750LM022 HN-M750MBB (750 GB, 5400 RPM, SATA-II)
	Disk Drive	Kingston DataTraveler 3.0 USB Device (14 GB, USB)
	Optical Drive	Microsoft Virtual DVD-ROM
	SMART Hard Disks Status	OK

Partitions:
	C: (NTFS)	[ TRIAL VERSION ]
	Total Size	[ TRIAL VERSION ]

Input:
	Keyboard	Standard PS/2 Keyboard
	Mouse	HID-compliant mouse
	Mouse	Samsung PS/2 Port Input Device

Network:
	Primary IP Address	[ TRIAL VERSION ]
	Primary MAC Address	B4-B6-76-F5-04-B5
	Network Adapter	Bluetooth Device (Personal Area Network)
	Network Adapter	Intel(R) Centrino(R) Advanced-N 6235 (192. [ TRIAL VERSION ])
	Network Adapter	Microsoft Wi-Fi Direct Virtual Adapter
	Network Adapter	Realtek PCIe GBE Family Controller

Peripherals:
	Printer	Fax
	Printer	Microsoft XPS Document Writer
	USB2 Controller	Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1]
	USB2 Controller	Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1]
	USB3 Controller	Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1]
	USB Device	Generic USB Hub
	USB Device	Generic USB Hub
	USB Device	Intel(R) Centrino(R) Wireless Bluetooth(R) 4.0 + High Speed Adapter
	USB Device	USB Composite Device
	USB Device	USB Input Device
	USB Device	USB Mass Storage Device
	USB Device	USB-IF USB 3.0 Hub
	USB Device	Webcam SC-10HDD12636P
	Battery	Microsoft AC Adapter
	Battery	Microsoft ACPI-Compliant Control Method Battery

DMI:
	DMI BIOS Vendor	American Megatrends Inc.
	DMI BIOS Version	P15RAN.208.140429.ZW
	DMI System Manufacturer	SAMSUNG ELECTRONICS CO., LTD.
	DMI System Product	3570R/370R/470R/450R/510R/4450RV
	DMI System Version	P15RAN
	DMI System Serial Number	[ TRIAL VERSION ]
	DMI System UUID	[ TRIAL VERSION ]
	DMI Motherboard Manufacturer	SAMSUNG ELECTRONICS CO., LTD.
	DMI Motherboard Product	NP470R5E-K01UB
	DMI Motherboard Version	SEC_SW_REVISION_1234567890ABCD
	DMI Motherboard Serial Number	[ TRIAL VERSION ]
	DMI Chassis Manufacturer	SAMSUNG ELECTRONICS CO., LTD.
	DMI Chassis Version	N/A
	DMI Chassis Serial Number	[ TRIAL VERSION ]
	DMI Chassis Asset Tag	[ TRIAL VERSION ]
	DMI Chassis Type	LapTop

Computer Name


Type	Class	Computer Name
Computer Comment	Logical
NetBIOS Name	Logical	samsung-home
DNS Host Name	Logical	samsung-home
DNS Domain Name	Logical
Fully Qualified DNS Name	Logical	samsung-home
NetBIOS Name	Physical	samsung-home
DNS Host Name	Physical	samsung-home
DNS Domain Name	Physical
Fully Qualified DNS Name	Physical	samsung-home

Operating System


Operating System Properties:
	OS Name	Microsoft Windows 8
	OS Language	English (United States)
	OS Installer Language	English (United States)
	OS Kernel Type	Multiprocessor Free (64-bit)
	OS Version	6.2.9200.16581 (Win8 RTM)
	OS Service Pack	[ TRIAL VERSION ]
	OS Installation Date	2/26/2016
	OS Root	C:\windows

License Information:
	Registered Owner	home
	Registered Organization
	Product ID	00179-60917-03025-AAOEM
	Product Key	DJHRX- [ TRIAL VERSION ]
	Product Activation (WPA)	Not Required

Current Session:
	Computer Name	samsung-home
	User Name	home
	Logon Domain	[ TRIAL VERSION ]
	UpTime	87479 sec (1 days, 0 hours, 17 min, 59 sec)

Components Version:
	Common Controls	6.16
	Internet Explorer Updates	[ TRIAL VERSION ]
	Windows Mail	6.2.9200.16384 (win8_rtm.120725-1247)
	Windows Media Player	12.0.9200.16384 (win8_rtm.120725-1247)
	Windows Messenger	-
	MSN Messenger	-
	Internet Information Services (IIS)	[ TRIAL VERSION ]
	.NET Framework	4.0.30319.18010 built by: FX45RTMGDR
	Novell Client	-
	DirectX	DirectX 11.1
	OpenGL	6.2.9200.16384 (win8_rtm.120725-1247)
	ASPI	-

Operating System Features:
	Debug Version	No
	DBCS Version	No
	Domain Controller	No
	Security Present	No
	Network Present	Yes
	Remote Session	No
	Safe Mode	No
	Slow Processor	No
	Terminal Services	Yes

Processes


Process Name	Process File Name	Type	Used Memory	Used Swap
aida64.exe	C:\Users\home\Documents\aida64extreme560\aida64.exe	32-bit	89 MB	88 KB
armsvc.exe	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe	32-bit	3928 KB	1 KB
audiodg.exe		64-bit	11056 KB	9 KB
ccSvcHst.exe	C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe	32-bit	51520 KB	30 KB
ccSvcHst.exe	C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe	32-bit	41168 KB	20 KB
CommonAgent.exe	C:\Program Files\Samsung\S Agent\CommonAgent.exe	64-bit	1056 KB	4 KB
conhost.exe	C:\windows\system32\conhost.exe	64-bit	2500 KB	0 KB
csrss.exe	C:\windows\system32\csrss.exe	64-bit	20976 KB	2 KB
csrss.exe	C:\windows\system32\csrss.exe	64-bit	4588 KB	1 KB
devmonsrv.exe	C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe	32-bit	7440 KB	3 KB
dllhost.exe	C:\windows\system32\DllHost.exe	64-bit	7464 KB	1 KB
dwm.exe	C:\windows\System32\dwm.exe	64-bit	27416 KB	19 KB
EasyLauncher.exe	C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe	32-bit	5828 KB	3 KB
EasySettingsCmdServer.exe	C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe	32-bit	17080 KB	8 KB
ETDCtrl.exe	C:\Program Files\Elantech\ETDCtrl.exe	64-bit	9248 KB	2 KB
EvtEng.exe	C:\Program Files\Intel\WiFi\bin\EvtEng.exe	64-bit	11248 KB	4 KB
explorer.exe	C:\windows\Explorer.EXE	64-bit	110 MB	51 KB
GuaranaAgent.exe	C:\Program Files\Samsung\Support Center\GuaranaAgent.exe	64-bit	976 KB	5 KB
HeciServer.exe	C:\Program Files\Intel\iCLS Client\HeciServer.exe	64-bit	5072 KB	1 KB
hkcmd.exe	C:\Windows\System32\hkcmd.exe	64-bit	5684 KB	1 KB
ICCProxy.exe	C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe	32-bit	5040 KB	1 KB
igfxext.exe	C:\windows\system32\igfxext.exe	64-bit	4876 KB	1 KB
igfxpers.exe	C:\Windows\System32\igfxpers.exe	64-bit	6716 KB	1 KB
IntelMeFWService.exe	C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe	32-bit	3568 KB	0 KB
ismagent.exe	C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe	32-bit	808 KB	15 KB
Jhi_service.exe	C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe	32-bit	3924 KB	1 KB
KiesTrayAgent.exe	C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe	32-bit	8560 KB	2 KB
LMS.exe	C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe	32-bit	4532 KB	1 KB
lsass.exe	C:\windows\system32\lsass.exe	64-bit	11276 KB	4 KB
mmaMain.exe	C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.0.0.114_x86__v68kp9n051hdp\mmamain.exe	32-bit	48220 KB	36 KB
obexsrv.exe	C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe	32-bit	7120 KB	2 KB
PDVD10Serv.exe	C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe	32-bit	6248 KB	1 KB
PhotoshopElementsFileAgent.exe	C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe	32-bit	1188 KB	1 KB
RAVBg64.exe	C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe	64-bit	10248 KB	5 KB
RAVCpl64.exe	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	64-bit	9512 KB	3 KB
RegSrvc.exe	C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe	64-bit	6704 KB	1 KB
rundll32.exe	C:\Windows\System32\rundll32.exe	64-bit	10520 KB	2 KB
RuntimeBroker.exe	C:\Windows\System32\RuntimeBroker.exe	64-bit	16388 KB	5 KB
SearchFilterHost.exe	C:\windows\system32\SearchFilterHost.exe	64-bit	3988 KB	1 KB
SearchIndexer.exe	C:\windows\system32\SearchIndexer.exe	64-bit	26320 KB	23 KB
SearchProtocolHost.exe	C:\windows\system32\SearchProtocolHost.exe	64-bit	6820 KB	1 KB
services.exe	C:\windows\system32\services.exe	64-bit	9740 KB	5 KB
smss.exe		64-bit	940 KB	0 KB
splwow64.exe	C:\windows\splwow64.exe	64-bit	4660 KB	1 KB
spoolsv.exe	C:\windows\System32\spoolsv.exe	64-bit	9544 KB	3 KB
sppsvc.exe		64-bit	10316 KB	3 KB
sSettings.exe	C:\Program Files (x86)\Samsung\Settings\sSettings.exe	32-bit	1172 KB	3 KB
svchost.exe	C:\windows\system32\svchost.exe	64-bit	20452 KB	16 KB
svchost.exe	C:\windows\System32\svchost.exe	64-bit	12216 KB	7 KB
svchost.exe	C:\windows\system32\svchost.exe	64-bit	18176 KB	10 KB
svchost.exe	C:\windows\system32\svchost.exe	64-bit	23792 KB	18 KB
svchost.exe	C:\windows\System32\svchost.exe	64-bit	94 MB	89 KB
svchost.exe	C:\windows\system32\svchost.exe	64-bit	4524 KB	1 KB
svchost.exe	C:\windows\System32\svchost.exe	64-bit	7016 KB	2 KB
svchost.exe	C:\windows\system32\svchost.exe	64-bit	345 MB	326 KB
svchost.exe	C:\windows\system32\svchost.exe	64-bit	10228 KB	3 KB
svchost.exe	C:\windows\System32\svchost.exe	64-bit	38064 KB	28 KB
svchost.exe	C:\windows\system32\svchost.exe	64-bit	9520 KB	5 KB
SWMAgent.exe	C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe	32-bit	15180 KB	5 KB
System Idle Process			20 KB	0 KB
System		64-bit	244 KB	0 KB
taskhost.exe	C:\windows\system32\taskhost.exe	64-bit	8212 KB	4 KB
taskhost.exe	C:\windows\system32\taskhost.exe	32-bit	21412 KB	9 KB
taskhostex.exe	C:\windows\system32\taskhostex.exe	64-bit	14020 KB	7 KB
TiWorker.exe	C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16613_none_6273bd8950d6cae2\TiWorker.exe	64-bit	33360 KB	29 KB
TrustedInstaller.exe	C:\windows\servicing\TrustedInstaller.exe	64-bit	5728 KB	3 KB
UNS.exe	C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe	32-bit	10592 KB	3 KB
unsecapp.exe	C:\windows\system32\wbem\unsecapp.exe	32-bit	4516 KB	1 KB
wininit.exe	C:\windows\system32\wininit.exe	64-bit	4024 KB	1 KB
winlogon.exe	C:\windows\System32\WinLogon.exe	64-bit	4796 KB	1 KB
wlanext.exe	C:\windows\system32\WLANExt.exe	64-bit	13324 KB	4 KB
WmiPrvSE.exe	C:\windows\system32\wbem\wmiprvse.exe	32-bit	12760 KB	6 KB
WmiPrvSE.exe	C:\windows\sysWOW64\wbem\wmiprvse.exe	64-bit	6336 KB	2 KB
WmiPrvSE.exe	C:\windows\system32\wbem\wmiprvse.exe	64-bit	12968 KB	6 KB
WUDFHost.exe	C:\Windows\System32\WUDFHost.exe	64-bit	5552 KB	1 KB
ZeroConfigService.exe	C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe	64-bit	13292 KB	3 KB

System Drivers


Driver Name	Driver Description	File Name	Version	Type	State
1394ohci	1394 OHCI Compliant Host Controller	1394ohci.sys	6.2.9200.16384	Kernel Driver	Stopped
3ware	3ware	3ware.sys	5.1.0.47	Kernel Driver	Running
ACPI	Microsoft ACPI Driver	ACPI.sys	6.2.9200.16420	Kernel Driver	Running
acpiex	Microsoft ACPIEx Driver	acpiex.sys	6.2.9200.16384	Kernel Driver	Running
acpipagr	ACPI Processor Aggregator Driver	acpipagr.sys	6.2.9200.16384	Kernel Driver	Stopped
AcpiPmi	ACPI Power Meter Driver	acpipmi.sys	6.2.9200.16384	Kernel Driver	Stopped
acpitime	ACPI Wake Alarm Driver	acpitime.sys	6.2.9200.16384	Kernel Driver	Stopped
adp94xx	adp94xx	adp94xx.sys	1.6.6.4	Kernel Driver	Running
adpahci	adpahci	adpahci.sys	1.6.6.1	Kernel Driver	Running
adpu320	adpu320	adpu320.sys	7.2.0.0	Kernel Driver	Running
AFD	Ancillary Function Driver for Winsock	afd.sys	6.2.9200.16451	Kernel Driver	Running
agp440	Intel AGP Bus Filter	agp440.sys	6.2.9200.16384	Kernel Driver	Running
AIDA64Driver	FinalWire AIDA64 Kernel Driver	kerneld.x64		Kernel Driver	Running
AmdK8	AMD K8 Processor Driver	amdk8.sys	6.2.9200.16451	Kernel Driver	Stopped
AmdPPM	AMD Processor Driver	amdppm.sys	6.2.9200.16451	Kernel Driver	Stopped
amdsata	amdsata	amdsata.sys	1.1.4.6	Kernel Driver	Running
amdsbs	amdsbs	amdsbs.sys	3.7.1540.30	Kernel Driver	Running
amdxata	amdxata	amdxata.sys	1.1.4.6	Kernel Driver	Running
AMPPAL	Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter	AMPPAL.sys	16.0.0.7	Kernel Driver	Stopped
AppID	AppID Driver	appid.sys	6.2.9200.16384	Kernel Driver	Stopped
arc	arc	arc.sys	5.2.0.18702	Kernel Driver	Running
arcsas	Adaptec SAS/SATA-II RAID Windows Inbox Miniport Driver	arcsas.sys	5.2.0.18702	Kernel Driver	Running
AsyncMac	RAS Asynchronous Media Driver	asyncmac.sys	6.2.9200.16384	Kernel Driver	Stopped
atapi	IDE Channel	atapi.sys	6.2.9200.16384	Kernel Driver	Running
b06bdrv	Broadcom NetXtreme II VBD	bxvbda.sys	7.0.1.36	Kernel Driver	Running
BasicDisplay	BasicDisplay	BasicDisplay.sys	6.2.9200.16384	Kernel Driver	Running
BasicRender	BasicRender	BasicRender.sys	6.2.9200.16384	Kernel Driver	Running
Beep	Beep			Kernel Driver	Running
BHDrvx64	BHDrvx64	BHDrvx64.sys	9.3.0.69	Kernel Driver	Running
bowser	Browser Support Driver	bowser.sys	6.2.9200.16384	File System Driver	Running
BthAvrcpTg	Bluetooth Audio/Video Remote Control HID	BthAvrcpTg.sys	6.2.9200.16518	Kernel Driver	Stopped
BthEnum	Bluetooth Enumerator Service	BthEnum.sys	6.2.9200.16496	Kernel Driver	Running
BthHFEnum	Bluetooth Hands-Free Audio and Call Control HID Enumerator	bthhfenum.sys	6.2.9200.16384	Kernel Driver	Stopped
bthhfhid	Bluetooth Hands-Free Call Control HID	BthHFHid.sys	6.2.9200.16465	Kernel Driver	Stopped
BthLEEnum	Bluetooth Low Energy Driver	BthLEEnum.sys	6.2.9200.16384	Kernel Driver	Running
BTHMODEM	Bluetooth Serial Communications Driver	bthmodem.sys	6.2.9200.16384	Kernel Driver	Stopped
BthPan	Bluetooth Device (Personal Area Network)	bthpan.sys	6.2.9200.16384	Kernel Driver	Running
BTHPORT	Bluetooth Port Driver	BTHport.sys	6.2.9200.16496	Kernel Driver	Stopped
BTHUSB	Bluetooth Radio USB Driver	BTHUSB.sys	6.2.9200.16496	Kernel Driver	Running
btmaux	Intel Bluetooth Auxiliary Service	btmaux.sys	2.6.1211.286	Kernel Driver	Running
btmhsf	btmhsf	btmhsf.sys	2.6.1212.296	Kernel Driver	Running
cbfs3	cbfs3	cbfs3.sys	3.2.114.291	Kernel Driver	Running
ccSet_NIS	Norton Internet Security Settings Manager	ccSetx64.sys	12.3.2.3	Kernel Driver	Running
cdfs	CD/DVD File System Reader	cdfs.sys	6.2.9200.16384	File System Driver	Stopped
cdrom	CD-ROM Driver	cdrom.sys	6.2.9200.16384	Kernel Driver	Running
circlass	Consumer IR Devices	circlass.sys	6.2.9200.16384	Kernel Driver	Stopped
CLFS	Common Log (CLFS)	CLFS.sys	6.2.9200.16384	Kernel Driver	Running
CmBatt	Microsoft ACPI Control Method Battery Driver	CmBatt.sys	6.2.9200.16384	Kernel Driver	Running
CNG	CNG	cng.sys	6.2.9200.16433	Kernel Driver	Running
CompositeBus	Composite Bus Enumerator Driver	CompositeBus.sys	6.2.9200.16384	Kernel Driver	Running
condrv	Console Driver	condrv.sys	6.2.9200.16384	Kernel Driver	Running
dam	Desktop Activity Moderator Driver	dam.sys	6.2.9200.16433	Kernel Driver	Stopped
Dfsc	DFS Namespace Client Driver	dfsc.sys	6.2.9200.16384	File System Driver	Running
DIRECTIO	DIRECTIO	DirectIo64.sys		Kernel Driver	Running
discache	System Attribute Cache	discache.sys	6.2.9200.16384	Kernel Driver	Running
disk	Disk Driver	disk.sys	6.2.9200.16384	Kernel Driver	Running
dmvsc	dmvsc	dmvsc.sys	6.2.9200.16384	Kernel Driver	Stopped
drmkaud	Microsoft Trusted Audio Drivers	drmkaud.sys	6.2.9200.16433	Kernel Driver	Stopped
DXGKrnl	LDDM Graphics Subsystem	dxgkrnl.sys	6.2.9200.16583	Kernel Driver	Running
ebdrv	Broadcom NetXtreme II 10 GigE VBD	evbda.sys	7.0.35.95	Kernel Driver	Running
eeCtrl	Symantec Eraser Control driver	eeCtrl64.sys	112.2.0.13	Kernel Driver	Running
EhStorClass	Enhanced Storage Filter Driver	EhStorClass.sys	6.2.9200.16384	Kernel Driver	Stopped
EhStorTcgDrv	Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols	EhStorTcgDrv.sys	6.2.9200.16384	Kernel Driver	Running
ErrDev	Microsoft Hardware Error Device Driver	errdev.sys	6.2.9200.16384	Kernel Driver	Stopped
ETD	Samsung PS/2 Port Input Device	ETD.sys	10.0.0.197	Kernel Driver	Stopped
exfat	exFAT File System Driver			File System Driver	Stopped
fastfat	FAT12/16/32 File System Driver			File System Driver	Running
fdc	Floppy Disk Controller Driver	fdc.sys	6.2.9200.16384	Kernel Driver	Stopped
FileInfo	File Information FS MiniFilter	fileinfo.sys	6.2.9200.16384	File System Driver	Running
Filetrace	Filetrace	filetrace.sys	6.2.9200.16384	File System Driver	Stopped
flpydisk	Floppy Disk Driver	flpydisk.sys	6.2.9200.16384	Kernel Driver	Stopped
FltMgr	FltMgr	fltmgr.sys	6.2.9200.16384	File System Driver	Running
FsDepends	File System Dependency Minifilter	FsDepends.sys	6.2.9200.16384	File System Driver	Running
fvevol	BitLocker Drive Encryption Filter Driver	fvevol.sys	6.2.9200.16420	Kernel Driver	Running
FxPPM	Power Framework Processor Driver	fxppm.sys	6.2.9200.16451	Kernel Driver	Stopped
gagp30kx	Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms	gagp30kx.sys	6.2.9200.16384	Kernel Driver	Running
gencounter	Microsoft Hyper-V Generation Counter	vmgencounter.sys	6.2.9200.16384	Kernel Driver	Stopped
GPIOClx0101	Microsoft GPIO Class Extension Driver	msgpioclx.sys	6.2.9200.16420	Kernel Driver	Stopped
HdAudAddService	Microsoft 1.1 UAA Function Driver for High Definition Audio Service	HdAudio.sys	6.2.9200.16496	Kernel Driver	Stopped
HDAudBus	Microsoft UAA Bus Driver for High Definition Audio	HDAudBus.sys	6.2.9200.16420	Kernel Driver	Running
HidBatt	HID UPS Battery Driver	HidBatt.sys	6.2.9200.16384	Kernel Driver	Stopped
HidBth	Microsoft Bluetooth HID Miniport	hidbth.sys	6.2.9200.16579	Kernel Driver	Stopped
hidi2c	Microsoft I2C HID Miniport Driver	hidi2c.sys	6.2.9200.16461	Kernel Driver	Stopped
HidIr	Microsoft Infrared HID Driver	hidir.sys	6.2.9200.16384	Kernel Driver	Stopped
HidUsb	Microsoft HID Class Driver	hidusb.sys	6.2.9200.16604	Kernel Driver	Running
HpSAMD	HpSAMD	HpSAMD.sys	7.0.12.0	Kernel Driver	Running
HTTP	HTTP Service	HTTP.sys	6.2.9200.16556	Kernel Driver	Running
hwpolicy	Hardware Policy Driver	hwpolicy.sys	6.2.9200.16384	Kernel Driver	Stopped
hyperkbd	hyperkbd	hyperkbd.sys	6.2.9200.16384	Kernel Driver	Stopped
HyperVideo	HyperVideo	HyperVideo.sys	6.2.9200.16384	Kernel Driver	Stopped
i8042prt	PS/2 Keyboard and Mouse Port Driver	i8042prt.sys	6.2.9200.16384	Kernel Driver	Running
iaStorA	iaStorA	iaStorA.sys	11.7.0.1013	Kernel Driver	Running
iaStorV	Intel RAID Controller Windows 7	iaStorV.sys	8.6.2.1019	Kernel Driver	Running
ibtfltcoex	ibtfltcoex	iBtFltCoex.sys	2.6.23.40059	Kernel Driver	Running
IDSVia64	IDSVia64	IDSvia64.sys	15.0.2.19	Kernel Driver	Running
igfx	igfx	igdkmd64.sys	9.17.10.2963	Kernel Driver	Running
iirsp	iirsp	iirsp.sys	5.4.22.0	Kernel Driver	Running
intaud_WaveExtensible	Intel WiDi Audio Device	intelaud.sys	3.5.32.0	Kernel Driver	Stopped
IntcAzAudAddService	Service for Realtek HD Audio (WDM)	RTKVHD64.sys	6.0.1.6818	Kernel Driver	Running
IntcDAud	Intel(R) Display Audio	IntcDAud.sys	6.14.0.3097	Kernel Driver	Running
intelide	intelide	intelide.sys	6.2.9200.16384	Kernel Driver	Running
intelppm	Intel Processor Driver	intelppm.sys	6.2.9200.16451	Kernel Driver	Running
IpFilterDriver	IP Traffic Filter Driver	ipfltdrv.sys	6.2.9200.16384	Kernel Driver	Stopped
IPMIDRV	IPMIDRV	IPMIDrv.sys	6.2.9200.16384	Kernel Driver	Stopped
IPNAT	IP Network Address Translator	ipnat.sys	6.2.9200.16384	Kernel Driver	Stopped
IRENUM	IR Bus Enumerator	irenum.sys	6.2.9200.16384	Kernel Driver	Stopped
isapnp	isapnp	isapnp.sys	6.2.9200.16384	Kernel Driver	Running
iScsiPrt	iScsiPort Driver	msiscsi.sys	6.2.9200.16451	Kernel Driver	Stopped
iwdbus	IWD Bus Enumerator	iwdbus.sys	3.5.32.0	Kernel Driver	Running
kbdclass	Keyboard Class Driver	kbdclass.sys	6.2.9200.16384	Kernel Driver	Running
kbdhid	Keyboard HID Driver	kbdhid.sys	6.2.9200.16384	Kernel Driver	Stopped
kdnic	Microsoft Kernel Debug Network Miniport (NDIS 6.20)	kdnic.sys	6.1.0.0	Kernel Driver	Running
KSecDD	KSecDD	ksecdd.sys	6.2.9200.16420	Kernel Driver	Running
KSecPkg	KSecPkg	ksecpkg.sys	6.2.9200.16433	Kernel Driver	Running
ksthunk	Kernel Streaming Thunks	ksthunk.sys	6.2.9200.16384	Kernel Driver	Running
lltdio	Link-Layer Topology Discovery Mapper I/O Driver	lltdio.sys	6.2.9200.16384	Kernel Driver	Running
LSI_SAS	LSI_SAS	lsi_sas.sys	1.34.2.6	Kernel Driver	Running
LSI_SAS2	LSI_SAS2	lsi_sas2.sys	2.0.55.84	Kernel Driver	Running
LSI_SCSI	LSI_SCSI	lsi_scsi.sys	1.34.2.5	Kernel Driver	Running
LSI_SSS	LSI_SSS	lsi_sss.sys	2.10.55.81	Kernel Driver	Running
luafv	UAC File Virtualization	luafv.sys	6.2.9200.16384	File System Driver	Running
megasas	megasas	megasas.sys	6.2.8313.0	Kernel Driver	Running
MegaSR	MegaSR	MegaSR.sys	14.6.1007.2012	Kernel Driver	Running
MEIx64	Intel(R) Management Engine Interface	HECIx64.sys	8.1.10.1275	Kernel Driver	Running
Modem	Modem	modem.sys	6.2.9200.16384	Kernel Driver	Stopped
monitor	Microsoft Monitor Class Function Driver Service	monitor.sys	6.2.9200.16384	Kernel Driver	Running
mouclass	Mouse Class Driver	mouclass.sys	6.2.9200.16384	Kernel Driver	Running
mouhid	Mouse HID Driver	mouhid.sys	6.2.9200.16384	Kernel Driver	Running
mountmgr	Mount Point Manager	mountmgr.sys	6.2.9200.16384	Kernel Driver	Running
mpsdrv	Windows Firewall Authorization Driver	mpsdrv.sys	6.2.9200.16433	Kernel Driver	Running
MRxDAV	WebDav Client Redirector Driver	mrxdav.sys	6.2.9200.16384	File System Driver	Stopped
mrxsmb	SMB MiniRedirector Wrapper and Engine	mrxsmb.sys	6.2.9200.16451	File System Driver	Running
mrxsmb10	SMB 1.x MiniRedirector	mrxsmb10.sys	6.2.9200.16384	File System Driver	Running
mrxsmb20	SMB 2.0 MiniRedirector	mrxsmb20.sys	6.2.9200.16451	File System Driver	Running
MsBridge	Microsoft MAC Bridge	bridge.sys	6.2.9200.16384	Kernel Driver	Stopped
Msfs	Msfs			File System Driver	Running
msgpiowin32	GPIO Buttons Driver	msgpiowin32.sys	6.2.9200.16496	Kernel Driver	Stopped
mshidkmdf	Pass-through HID to KMDF Filter Driver	mshidkmdf.sys	6.2.9200.16384	Kernel Driver	Running
mshidumdf	Pass-through HID to UMDF Driver	mshidumdf.sys	6.2.9200.16384	Kernel Driver	Stopped
msisadrv	msisadrv	msisadrv.sys	6.2.9200.16384	Kernel Driver	Running
MSKSSRV	Microsoft Streaming Service Proxy	MSKSSRV.sys	6.2.9200.16384	Kernel Driver	Stopped
MsLldp	Microsoft Link-Layer Discovery Protocol	mslldp.sys	6.2.9200.16384	Kernel Driver	Stopped
MSPCLOCK	Microsoft Streaming Clock Proxy	MSPCLOCK.sys	6.2.9200.16384	Kernel Driver	Stopped
MSPQM	Microsoft Streaming Quality Manager Proxy	MSPQM.sys	6.2.9200.16384	Kernel Driver	Stopped
MsRPC	MsRPC			Kernel Driver	Stopped
mssmbios	Microsoft System Management BIOS Driver	mssmbios.sys	6.2.9200.16384	Kernel Driver	Running
MSTEE	Microsoft Streaming Tee/Sink-to-Sink Converter	MSTEE.sys	6.2.9200.16384	Kernel Driver	Stopped
MTConfig	Microsoft Input Configuration Driver	MTConfig.sys	6.2.9200.16384	Kernel Driver	Stopped
Mup	Mup	mup.sys	6.2.9200.16384	File System Driver	Running
mvumis	mvumis	mvumis.sys	1.0.5.7	Kernel Driver	Running
NativeWifiP	NativeWiFi Filter	nwifi.sys	6.2.9200.16384	Kernel Driver	Running
NAVENG	NAVENG	ENG64.SYS	20131.1.0.101	Kernel Driver	Running
NAVEX15	NAVEX15	EX64.SYS	20131.1.0.101	Kernel Driver	Running
NDIS	NDIS System Driver	ndis.sys	6.2.9200.16518	Kernel Driver	Running
NdisCap	Microsoft NDIS Capture	ndiscap.sys	6.2.9200.16384	Kernel Driver	Stopped
NdisImPlatform	Microsoft Network Adapter Multiplexor Protocol	NdisImPlatform.sys	6.2.9200.16384	Kernel Driver	Stopped
NdisTapi	Remote Access NDIS TAPI Driver	ndistapi.sys	6.2.9200.16420	Kernel Driver	Running
Ndisuio	NDIS Usermode I/O Protocol	ndisuio.sys	6.2.9200.16384	Kernel Driver	Running
NdisWan	Remote Access NDIS WAN Driver	ndiswan.sys	6.2.9200.16384	Kernel Driver	Running
NDISWANLEGACY	Remote Access LEGACY NDIS WAN Driver	ndiswan.sys	6.2.9200.16384	Kernel Driver	Stopped
NDProxy	NDIS Proxy			Kernel Driver	Running
Ndu	Windows Network Data Usage Monitoring Driver	Ndu.sys	6.2.9200.16384	Kernel Driver	Running
NetBIOS	NetBIOS Interface	netbios.sys	6.2.9200.16384	File System Driver	Running
NetBT	NetBT	netbt.sys	6.2.9200.16384	Kernel Driver	Running
NETwNe64	Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit	NETwew00.sys	15.10.3.2	Kernel Driver	Running
nfrd960	nfrd960	nfrd960.sys	7.10.0.0	Kernel Driver	Running
Npfs	Npfs			File System Driver	Running
npsvctrig	Named pipe service trigger provider	npsvctrig.sys	6.2.9200.16384	Kernel Driver	Running
nsiproxy	NSI Proxy Service Driver	nsiproxy.sys	6.2.9200.16384	Kernel Driver	Running
Ntfs	Ntfs			File System Driver	Running
Null	Null			Kernel Driver	Running
nv_agp	NVIDIA nForce AGP Bus Filter	nv_agp.sys	6.2.9200.16384	Kernel Driver	Running
nvlddmkm	nvlddmkm	nvlddmkm.sys	9.18.13.286	Kernel Driver	Stopped
nvraid	nvraid	nvraid.sys	10.6.0.22	Kernel Driver	Running
nvstor	nvstor	nvstor.sys	10.6.0.22	Kernel Driver	Running
Parport	Parallel port driver	parport.sys	6.2.9200.16384	Kernel Driver	Stopped
partmgr	Partition Manager	partmgr.sys	6.2.9200.16496	Kernel Driver	Running
pci	PCI Bus Driver	pci.sys	6.2.9200.16384	Kernel Driver	Running
pciide	pciide	pciide.sys	6.2.9200.16384	Kernel Driver	Running
pcmcia	pcmcia	pcmcia.sys	6.2.9200.16384	Kernel Driver	Running
pcw	Performance Counters for Windows Driver	pcw.sys	6.2.9200.16384	Kernel Driver	Running
pdc	pdc	pdc.sys	6.2.9200.16547	Kernel Driver	Running
PEAUTH	PEAUTH	peauth.sys	6.2.9200.16579	Kernel Driver	Running
PptpMiniport	WAN Miniport (PPTP)	raspptp.sys	6.2.9200.16384	Kernel Driver	Running
Processor	Processor Driver	processr.sys	6.2.9200.16451	Kernel Driver	Stopped
Psched	QoS Packet Scheduler	pacer.sys	6.2.9200.16384	Kernel Driver	Running
PxHlpa64	PxHlpa64	PxHlpa64.sys	3.1.1.0	Kernel Driver	Running
QWAVEdrv	QWAVE driver	qwavedrv.sys	6.2.9200.16384	Kernel Driver	Stopped
RadioHIDMini	Radio HID Mini-driver	RadioHIDMini.sys	6.2.8400.4218	Kernel Driver	Running
RasAcd	Remote Access Auto Connection Driver	rasacd.sys	6.2.9200.16384	Kernel Driver	Stopped
RasAgileVpn	WAN Miniport (IKEv2)	AgileVpn.sys	6.2.9200.16384	Kernel Driver	Running
Rasl2tp	WAN Miniport (L2TP)	rasl2tp.sys	6.2.9200.16384	Kernel Driver	Running
RasPppoe	Remote Access PPPOE Driver	raspppoe.sys	6.2.9200.16384	Kernel Driver	Running
RasSstp	WAN Miniport (SSTP)	rassstp.sys	6.2.9200.16384	Kernel Driver	Running
rdbss	Redirected Buffering Sub System	rdbss.sys	6.2.9200.16604	File System Driver	Running
rdpbus	Remote Desktop Device Redirector Bus Driver	rdpbus.sys	6.2.9200.16384	Kernel Driver	Running
RDPDR	Remote Desktop Device Redirector Driver	rdpdr.sys	6.2.9200.16384	Kernel Driver	Stopped
RdpVideoMiniport	Remote Desktop Video Miniport Driver	rdpvideominiport.sys	6.2.9200.16434	Kernel Driver	Running
RDPWD	RDP Winstation Driver			Kernel Driver	Stopped
rdyboost	ReadyBoost	rdyboost.sys	6.2.9200.16384	Kernel Driver	Running
RFCOMM	Bluetooth Device (RFCOMM Protocol TDI)	rfcomm.sys	6.2.9200.16384	Kernel Driver	Running
rspndr	Link-Layer Topology Discovery Responder	rspndr.sys	6.2.9200.16384	Kernel Driver	Running
RTL8168	Realtek 8168 NT Driver	Rt630x64.sys	8.4.907.2012	Kernel Driver	Running
s3cap	s3cap	vms3cap.sys	6.2.9200.16384	Kernel Driver	Stopped
sbp2port	SBP-2 Transport/Protocol Bus Driver	sbp2port.sys	6.2.9200.16384	Kernel Driver	Running
scfilter	Smart card PnP Class Filter Driver	scfilter.sys	6.2.9200.16384	Kernel Driver	Stopped
sdbus	sdbus	sdbus.sys	6.2.9200.16496	Kernel Driver	Stopped
sdstor	SD Storage Port Driver	sdstor.sys	6.2.9200.16433	Kernel Driver	Stopped
secdrv	Security Driver			Kernel Driver	Running
SerCx	Serial UART Support Library	SerCx.sys	6.2.9200.16384	Kernel Driver	Stopped
Serenum	Serenum Filter Driver	serenum.sys	6.2.9200.16384	Kernel Driver	Stopped
Serial	Serial port driver	serial.sys	6.2.9200.16384	Kernel Driver	Stopped
sermouse	Serial Mouse Driver	sermouse.sys	6.2.9200.16384	Kernel Driver	Stopped
sfloppy	High-Capacity Floppy Disk Drive	sfloppy.sys	6.2.9200.16384	Kernel Driver	Stopped
SiSRaid2	SiSRaid2	SiSRaid2.sys	5.1.1039.2600	Kernel Driver	Running
SiSRaid4	SiSRaid4	sisraid4.sys	5.1.1039.3600	Kernel Driver	Running
spaceport	Storage Spaces Driver	spaceport.sys	6.2.9200.16604	Kernel Driver	Running
SpbCx	Simple Peripheral Bus Support Library	SpbCx.sys	6.2.9200.16384	Kernel Driver	Stopped
SRTSP	Symantec Real Time Storage Protection x64	SRTSP64.SYS	14.4.1.1	File System Driver	Running
SRTSPX	Symantec Real Time Storage Protection (PEL) x64	SRTSPX64.SYS	14.3.0.31	Kernel Driver	Running
srv	Server SMB 1.xxx Driver	srv.sys	6.2.9200.16384	File System Driver	Running
srv2	Server SMB 2.xxx Driver	srv2.sys	6.2.9200.16579	File System Driver	Running
srvnet	srvnet	srvnet.sys	6.2.9200.16579	File System Driver	Running
stexstor	stexstor	stexstor.sys	5.1.0.9	Kernel Driver	Running
storahci	Microsoft Standard SATA AHCI Driver	storahci.sys	6.2.9200.16384	Kernel Driver	Running
storflt	Hyper-V Storage Accelerator	vmstorfl.sys	6.2.9200.16384	Kernel Driver	Running
storvsc	storvsc	storvsc.sys	6.2.9200.16384	Kernel Driver	Running
swenum	Software Bus Driver	swenum.sys	6.2.9200.16384	Kernel Driver	Running
SymDS	Symantec Data Store	SYMDS64.SYS	2.2.1.10	Kernel Driver	Running
SymEFA	Symantec Extended File Attributes	SYMEFA64.SYS	4.2.0.53	File System Driver	Running
SymELAM	Symantec ELAM Driver	SymELAM.sys	1.0.0.111	Kernel Driver	Stopped
SymEvent	SymEvent	SYMEVENT64x86.SYS	12.9.3.1	Kernel Driver	Running
SymIRON	Symantec Iron Driver	Ironx64.SYS	3.1.0.11	Kernel Driver	Running
SymNetS	Symantec Network Security WFP Driver	SYMNETS.SYS	13.1.1.7	Kernel Driver	Running
Tcpip	TCP/IP Protocol Driver	tcpip.sys	6.2.9200.16604	Kernel Driver	Running
TCPIP6	Microsoft IPv6 Protocol Driver	tcpip.sys	6.2.9200.16604	Kernel Driver	Stopped
tcpipreg	TCP/IP Registry Compatibility	tcpipreg.sys	6.2.9200.16384	Kernel Driver	Running
tdx	NetIO Legacy TDI Support Driver	tdx.sys	6.2.9200.16384	Kernel Driver	Running
terminpt	Microsoft Remote Desktop Input Driver	terminpt.sys	6.2.9200.16384	Kernel Driver	Stopped
TPM	TPM	tpm.sys	6.2.9200.16420	Kernel Driver	Stopped
TsUsbFlt	TsUsbFlt	tsusbflt.sys	6.2.9200.16384	Kernel Driver	Stopped
TsUsbGD	Remote Desktop Generic USB Device	TsUsbGD.sys	6.2.9200.16384	Kernel Driver	Stopped
tunnel	Microsoft Tunnel Miniport Adapter Driver	tunnel.sys	6.2.9200.16384	Kernel Driver	Running
uagp35	Microsoft AGPv3.5 Filter	uagp35.sys	6.2.9200.16384	Kernel Driver	Running
UASPStor	USB Attached SCSI (UAS) Driver	uaspstor.sys	6.2.9200.16384	Kernel Driver	Stopped
UCX01000	USB Controller Extension	ucx01000.sys	6.2.9200.16604	Kernel Driver	Running
udfs	udfs	udfs.sys	6.2.9200.16384	File System Driver	Running
uliagpkx	Uli AGP Bus Filter	uliagpkx.sys	6.2.9200.16384	Kernel Driver	Running
umbus	UMBus Enumerator Driver	umbus.sys	6.2.9200.16384	Kernel Driver	Running
UmPass	Microsoft UMPass Driver	umpass.sys	6.2.9200.16384	Kernel Driver	Stopped
usb3Hub	USB-IF USB 3.0 Hub	usb3Hub.sys	1.0.24.13195	Kernel Driver	Running
usbccgp	Microsoft USB Generic Parent Driver	usbccgp.sys	6.2.9200.16384	Kernel Driver	Running
usbcir	eHome Infrared Receiver (USBCIR)	usbcir.sys	6.2.9200.16384	Kernel Driver	Stopped
usbehci	Microsoft USB 2.0 Enhanced Host Controller Miniport Driver	usbehci.sys	6.2.9200.16420	Kernel Driver	Running
usbhub	Microsoft USB Standard Hub Driver	usbhub.sys	6.2.9200.16518	Kernel Driver	Running
USBHUB3	SuperSpeed Hub	UsbHub3.sys	6.2.9200.16604	Kernel Driver	Running
usbohci	Microsoft USB Open Host Controller Miniport Driver	usbohci.sys	6.2.9200.16461	Kernel Driver	Stopped
usbprint	Microsoft USB PRINTER Class	usbprint.sys	6.2.9200.16384	Kernel Driver	Stopped
USBSTOR	USB Mass Storage Driver	USBSTOR.SYS	6.2.9200.16384	Kernel Driver	Running
usbuhci	Microsoft USB Universal Host Controller Miniport Driver	usbuhci.sys	6.2.9200.16420	Kernel Driver	Stopped
usbvideo	USB Video Device (WDM)	usbvideo.sys	6.2.9200.16420	Kernel Driver	Running
USBXHCI	USB xHCI Compliant Host Controller	USBXHCI.SYS	6.2.9200.16548	Kernel Driver	Running
vdrvroot	Microsoft Virtual Drive Enumerator	vdrvroot.sys	6.2.9200.16384	Kernel Driver	Running
VerifierExt	VerifierExt	VerifierExt.sys	6.2.9200.16384	Kernel Driver	Stopped
vhdmp	vhdmp	vhdmp.sys	6.2.9200.16384	Kernel Driver	Running
viaide	viaide	viaide.sys	6.0.6000.170	Kernel Driver	Running
vmbus	Virtual Machine Bus	vmbus.sys	6.2.9200.16384	Kernel Driver	Running
VMBusHID	VMBusHID	VMBusHID.sys	6.2.9200.16384	Kernel Driver	Stopped
volmgr	Volume Manager Driver	volmgr.sys	6.2.9200.16384	Kernel Driver	Running
volmgrx	Dynamic Volume Manager	volmgrx.sys	6.2.9200.16384	Kernel Driver	Running
volsnap	Storage volumes	volsnap.sys	6.2.9200.16384	Kernel Driver	Running
vpci	Microsoft Hyper-V Virtual PCI Bus	vpci.sys	6.2.9200.16384	Kernel Driver	Stopped
vsmraid	vsmraid	vsmraid.sys	7.0.8140.6290	Kernel Driver	Running
VSTXRAID	VIA StorX Storage Controller Windows Driver	vstxraid.sys	8.0.8220.8080	Kernel Driver	Running
vwifibus	Virtual WiFi Bus Driver	vwifibus.sys	6.2.9200.16384	Kernel Driver	Running
vwififlt	Virtual WiFi Filter Driver	vwififlt.sys	6.2.9200.16384	Kernel Driver	Running
vwifimp	Virtual WiFi Miniport Service	vwifimp.sys	6.2.9200.16384	Kernel Driver	Running
WacomPen	Wacom Serial Pen HID Driver	wacompen.sys	6.2.9200.16384	Kernel Driver	Stopped
Wanarp	Remote Access IP ARP Driver	wanarp.sys	6.2.9200.16579	Kernel Driver	Stopped
Wanarpv6	Remote Access IPv6 ARP Driver	wanarp.sys	6.2.9200.16579	Kernel Driver	Running
Wd	Microsoft Watchdog Timer Driver	wd.sys	6.2.9200.16384	Kernel Driver	Running
WdBoot	Windows Defender Boot Driver	WdBoot.sys	4.2.223.0	Kernel Driver	Stopped
Wdf01000	Kernel Mode Driver Frameworks service	Wdf01000.sys	1.11.9200.16496	Kernel Driver	Running
WdFilter	Windows Defender Mini-Filter Driver	WdFilter.sys	4.2.223.0	File System Driver	Stopped
WFPLWFS	Microsoft Windows Filtering Platform	wfplwfs.sys	6.2.9200.16384	Kernel Driver	Running
WIMMount	WIMMount	wimmount.sys	6.2.9200.16384	File System Driver	Stopped
WmiAcpi	Microsoft Windows Management Interface for ACPI	wmiacpi.sys	6.2.9200.16384	Kernel Driver	Running
wpcfltr	Family Safety Filter Driver	wpcfltr.sys	6.2.9200.16384	Kernel Driver	Stopped
WpdUpFltr	WPD Upper Class Filter Driver	WpdUpFltr.sys	6.2.9200.16384	Kernel Driver	Running
ws2ifsl	Winsock IFS Driver	ws2ifsl.sys	6.2.9200.16420	Kernel Driver	Stopped
WudfPf	User Mode Driver Frameworks Platform Driver	WudfPf.sys	6.2.9200.16384	Kernel Driver	Running
WUDFRd	Windows Driver Foundation - User-mode Driver Framework Reflector	WUDFRd.sys	6.2.9200.16384	Kernel Driver	Running
WUDFWpdFs	WUDFWpdFs	WUDFRd.sys	6.2.9200.16384	Kernel Driver	Running
XHCIPort	USB-IF xHCI USB Host Controller	XHCIPort.sys	1.0.24.13195	Kernel Driver	Running

Services


Service Name	Service Description	File Name	Version	Type	State	Account
AdobeActiveFileMonitor11.0	Adobe Active File Monitor V11	PhotoshopElementsFileAgent.exe	11.0.0.0	Own Process	Running	LocalSystem
AdobeARMservice	Adobe Acrobat Update Service	armsvc.exe	1.7.4.0	Own Process	Running	LocalSystem
AeLookupSvc	Application Experience	svchost.exe	6.2.9200.16420	Share Process	Running	localSystem
ALG	Application Layer Gateway Service	alg.exe	6.2.9200.16384	Own Process	Stopped	NT AUTHORITY\LocalService
AllUserInstallAgent	Windows All-User Install Agent	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
AppIDSvc	Application Identity	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT Authority\LocalService
Appinfo	Application Information	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
AudioEndpointBuilder	Windows Audio Endpoint Builder	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
Audiosrv	Windows Audio	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
AxInstSV	ActiveX Installer (AxInstSV)	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
BDESVC	BitLocker Drive Encryption Service	svchost.exe	6.2.9200.16420	Share Process	Stopped	localSystem
BFE	Base Filtering Engine	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
BITS	Background Intelligent Transfer Service	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
Bluetooth Device Monitor	Bluetooth Device Monitor	devmonsrv.exe	2.6.1212.300	Own Process	Running	LocalSystem
Bluetooth OBEX Service	Bluetooth OBEX Service	obexsrv.exe	2.6.1212.296	Own Process	Running	LocalSystem
BrokerInfrastructure	Background Tasks Infrastructure Service	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
Browser	Computer Browser	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
bthserv	Bluetooth Support Service	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
CertPropSvc	Certificate Propagation	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
COMSysApp	COM+ System Application	dllhost.exe	6.2.9200.16384	Own Process	Stopped	LocalSystem
cphs	Intel(R) Content Protection HECI Service	IntelCpHeciSvc.exe	1.0.1.14	Own Process	Stopped	LocalSystem
CryptSvc	Cryptographic Services	svchost.exe	6.2.9200.16420	Share Process	Running	NT Authority\NetworkService
DcomLaunch	DCOM Server Process Launcher	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
defragsvc	Optimize drives	svchost.exe	6.2.9200.16420	Own Process	Stopped	localSystem
DeviceAssociationService	Device Association Service	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
DeviceInstall	Device Install Service	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
Dhcp	DHCP Client	svchost.exe	6.2.9200.16420	Share Process	Running	NT Authority\LocalService
Dnscache	DNS Client	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\NetworkService
dot3svc	Wired AutoConfig	svchost.exe	6.2.9200.16420	Share Process	Stopped	localSystem
DPS	Diagnostic Policy Service	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
DsmSvc	Device Setup Manager	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
Eaphost	Extensible Authentication Protocol	svchost.exe	6.2.9200.16420	Share Process	Running	localSystem
Easy Launcher	Easy Launcher	EasyLauncher.exe	2.0.0.10	Own Process	Running	LocalSystem
EFS	Encrypting File System (EFS)	lsass.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
ETDService	Elan Service	ETDService.exe	10.0.0.1	Own Process	Stopped	LocalSystem
EventLog	Windows Event Log	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
EventSystem	COM+ Event System	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
EvtEng	Intel(R) PROSet/Wireless Event Log	EvtEng.exe	16.1.0.0	Own Process	Running	LocalSystem
Fax	Fax	fxssvc.exe	6.2.9200.16384	Own Process	Stopped	NT AUTHORITY\NetworkService
fdPHost	Function Discovery Provider Host	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
FDResPub	Function Discovery Resource Publication	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
fhsvc	File History Service	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
FontCache	Windows Font Cache Service	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
FontCache3.0.0.0	Windows Presentation Foundation Font Cache 3.0.0.0	PresentationFontCache.exe	3.0.6920.6387	Own Process	Stopped	NT Authority\LocalService
gpsvc	Group Policy Client	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
hidserv	Human Interface Device Access	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
hkmsvc	Health Key and Certificate Management	svchost.exe	6.2.9200.16420	Share Process	Stopped	localSystem
HomeGroupListener	HomeGroup Listener	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
HomeGroupProvider	HomeGroup Provider	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
ICCS	Intel(R) Integrated Clock Controller Service - Intel(R) ICCS	ICCProxy.exe	1.0.0.1	Own Process	Running	LocalSystem
IKEEXT	IKE and AuthIP IPsec Keying Modules	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
Intel(R) Capability Licensing Service Interface	Intel(R) Capability Licensing Service Interface	HeciServer.exe	1.27.757.1	Own Process	Running	LocalSystem
Intel(R) Capability Licensing Service TCP IP Interface	Intel(R) Capability Licensing Service TCP IP Interface	SocketHeciServer.exe	1.27.757.1	Own Process	Stopped	LocalSystem
Intel(R) ME Service	Intel(R) ME Service	IntelMeFWService.exe	8.1.20.1340	Own Process	Running	LocalSystem
iphlpsvc	IP Helper	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
jhi_service	Intel(R) Dynamic Application Loader Host Interface Service	jhi_service.exe	8.1.30.1348	Own Process	Running	LocalSystem
KeyIso	CNG Key Isolation	lsass.exe	6.2.9200.16420	Share Process	Running	LocalSystem
KtmRm	KtmRm for Distributed Transaction Coordinator	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\NetworkService
LanmanServer	Server	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
LanmanWorkstation	Workstation	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\NetworkService
lltdsvc	Link-Layer Topology Discovery Mapper	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\LocalService
lmhosts	TCP/IP NetBIOS Helper	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
LMS	Intel(R) Management and Security Application Local Management Service	LMS.exe	8.1.30.1349	Own Process	Running	LocalSystem
LSM	Local Session Manager	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
MMCSS	Multimedia Class Scheduler	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
MpsSvc	Windows Firewall	svchost.exe	6.2.9200.16420	Share Process	Running	NT Authority\LocalService
MSDTC	Distributed Transaction Coordinator	msdtc.exe	2001.12.10130.16384	Own Process	Stopped	NT AUTHORITY\NetworkService
MSiSCSI	Microsoft iSCSI Initiator Service	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
msiserver	Windows Installer	msiexec.exe	5.0.9200.16384	Own Process	Stopped	LocalSystem
MyWiFiDHCPDNS	Wireless PAN DHCP Server	PanDhcpDns.exe	16.1.0.0	Own Process	Stopped	LocalSystem
napagent	Network Access Protection Agent	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\NetworkService
NcaSvc	Network Connectivity Assistant	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
NcdAutoSetup	Network Connected Devices Auto-Setup	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\LocalService
Netlogon	Netlogon	lsass.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
Netman	Network Connections	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
netprofm	Network List Service	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
NetTcpPortSharing	Net.Tcp Port Sharing Service	SMSvcHost.exe	4.0.30319.17929	Share Process	Stopped	NT AUTHORITY\LocalService
NIS	Norton Internet Security	ccSvcHst.exe	12.3.3.2	Own Process	Running	LocalSystem
NlaSvc	Network Location Awareness	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\NetworkService
nsi	Network Store Interface Service	svchost.exe	6.2.9200.16420	Share Process	Running	NT Authority\LocalService
ose	Office Source Engine	OSE.EXE	15.0.4420.1017	Own Process	Stopped	LocalSystem
p2pimsvc	Peer Networking Identity Manager	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
p2psvc	Peer Networking Grouping	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
PcaSvc	Program Compatibility Assistant Service	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
PerfHost	Performance Counter DLL Host	perfhost.exe	6.2.9200.16384	Own Process	Stopped	NT AUTHORITY\LocalService
pla	Performance Logs & Alerts	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\LocalService
PlugPlay	Plug and Play	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
PNRPAutoReg	PNRP Machine Name Publication Service	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\LocalService
PNRPsvc	Peer Name Resolution Protocol	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
PolicyAgent	IPsec Policy Agent	svchost.exe	6.2.9200.16420	Share Process	Running	NT Authority\NetworkService
Power	Power	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
PrintNotify	Printer Extensions and Notifications	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
ProfSvc	User Profile Service	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
QWAVE	Quality Windows Audio Video Experience	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\LocalService
RasAuto	Remote Access Auto Connection Manager	svchost.exe	6.2.9200.16420	Share Process	Stopped	localSystem
RasMan	Remote Access Connection Manager	svchost.exe	6.2.9200.16420	Share Process	Stopped	localSystem
RegSrvc	Intel(R) PROSet/Wireless Registry Service	RegSrvc.exe	16.1.0.0	Own Process	Running	LocalSystem
RemoteAccess	Routing and Remote Access	svchost.exe	6.2.9200.16420	Share Process	Stopped	localSystem
RemoteRegistry	Remote Registry	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\LocalService
RpcEptMapper	RPC Endpoint Mapper	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\NetworkService
RpcLocator	Remote Procedure Call (RPC) Locator	locator.exe	6.2.9200.16384	Own Process	Stopped	NT AUTHORITY\NetworkService
RpcSs	Remote Procedure Call (RPC)	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\NetworkService
SamSs	Security Accounts Manager	lsass.exe	6.2.9200.16420	Share Process	Running	LocalSystem
SCardSvr	Smart Card	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\LocalService
Schedule	Task Scheduler	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
SCPolicySvc	Smart Card Removal Policy	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
SDRSVC	Windows Backup	svchost.exe	6.2.9200.16420	Own Process	Stopped	localSystem
seclogon	Secondary Logon	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
SENS	System Event Notification Service	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
SensrSvc	Sensor Monitoring Service	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\LocalService
SessionEnv	Remote Desktop Configuration	svchost.exe	6.2.9200.16420	Share Process	Stopped	localSystem
SharedAccess	Internet Connection Sharing (ICS)	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
ShellHWDetection	Shell Hardware Detection	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
SNMPTRAP	SNMP Trap	snmptrap.exe	6.2.9200.16384	Own Process	Stopped	NT AUTHORITY\LocalService
Spooler	Print Spooler	spoolsv.exe	6.2.9200.16384	Own Process	Running	LocalSystem
sppsvc	Software Protection	sppsvc.exe	6.2.9200.16384	Own Process	Running	NT AUTHORITY\NetworkService
SSDPSRV	SSDP Discovery	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
SstpSvc	Secure Socket Tunneling Protocol Service	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT Authority\LocalService
stisvc	Windows Image Acquisition (WIA)	svchost.exe	6.2.9200.16420	Own Process	Stopped	NT Authority\LocalService
StorSvc	Storage Service	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
svsvc	Spot Verifier	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
swprv	Microsoft Software Shadow Copy Provider	svchost.exe	6.2.9200.16420	Own Process	Stopped	LocalSystem
SWUpdateService	SW Update Service	SW		Own Process	Running	LocalSystem
SysMain	Superfetch	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
SystemEventsBroker	System Events Broker	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
TabletInputService	Touch Keyboard and Handwriting Panel Service	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
TapiSrv	Telephony	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\NetworkService
TermService	Remote Desktop Services	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT Authority\NetworkService
Themes	Themes	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
THREADORDER	Thread Ordering Server	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\LocalService
TimeBroker	Time Broker	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
TrkWks	Distributed Link Tracking Client	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
TrustedInstaller	Windows Modules Installer	TrustedInstaller.exe	6.2.9200.16613	Own Process	Running	localSystem
UI0Detect	Interactive Services Detection	UI0Detect.exe	6.2.9200.16384	Own Process	Stopped	LocalSystem
UmRdpService	Remote Desktop Services UserMode Port Redirector	svchost.exe	6.2.9200.16420	Share Process	Stopped	localSystem
UNS	Intel(R) Management and Security Application User Notification Service	UNS.exe	8.1.30.1349	Own Process	Running	LocalSystem
upnphost	UPnP Device Host	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\LocalService
VaultSvc	Credential Manager	lsass.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
vds	Virtual Disk	vds.exe	6.2.9200.16465	Own Process	Stopped	LocalSystem
vmicheartbeat	Hyper-V Heartbeat Service	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
vmickvpexchange	Hyper-V Data Exchange Service	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
vmicrdv	Hyper-V Remote Desktop Virtualization Service	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
vmicshutdown	Hyper-V Guest Shutdown Service	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
vmictimesync	Hyper-V Time Synchronization Service	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\LocalService
vmicvss	Hyper-V Volume Shadow Copy Requestor	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
VSS	Volume Shadow Copy	vssvc.exe	6.2.9200.16604	Own Process	Stopped	LocalSystem
W32Time	Windows Time	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
wbengine	Block Level Backup Engine Service	wbengine.exe	6.2.9200.16384	Own Process	Stopped	localSystem
WbioSrvc	Windows Biometric Service	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
Wcmsvc	Windows Connection Manager	svchost.exe	6.2.9200.16420	Share Process	Running	NT Authority\LocalService
wcncsvc	Windows Connect Now - Config Registrar	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\LocalService
WcsPlugInService	Windows Color System	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\LocalService
WdiServiceHost	Diagnostic Service Host	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
WdiSystemHost	Diagnostic System Host	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
WebClient	WebClient	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\LocalService
Wecsvc	Windows Event Collector	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\NetworkService
wercplsupport	Problem Reports and Solutions Control Panel Support	svchost.exe	6.2.9200.16420	Share Process	Stopped	localSystem
WerSvc	Windows Error Reporting Service	svchost.exe	6.2.9200.16420	Share Process	Stopped	localSystem
WiaRpc	Still Image Acquisition Events	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
WinDefend	Windows Defender Service	MsMpEng.exe		Own Process	Stopped	LocalSystem
WinHttpAutoProxySvc	WinHTTP Web Proxy Auto-Discovery Service	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
Winmgmt	Windows Management Instrumentation	svchost.exe	6.2.9200.16420	Share Process	Running	localSystem
WinRM	Windows Remote Management (WS-Management)	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\NetworkService
WlanSvc	WLAN AutoConfig	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
wlidsvc	Microsoft Account Sign-in Assistant	svchost.exe	6.2.9200.16420	Share Process	Stopped	LocalSystem
wmiApSrv	WMI Performance Adapter	WmiApSrv.exe	6.2.9200.16384	Own Process	Stopped	localSystem
WMPNetworkSvc	Windows Media Player Network Sharing Service	wmpnetwk.exe		Own Process	Stopped	NT AUTHORITY\NetworkService
WPCSvc	Family Safety	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT Authority\LocalService
WPDBusEnum	Portable Device Enumerator Service	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
wscsvc	Security Center	svchost.exe	6.2.9200.16420	Share Process	Running	NT AUTHORITY\LocalService
WSearch	Windows Search	SearchIndexer.exe	7.0.9200.16578	Own Process	Running	LocalSystem
WSService	Windows Store Service (WSService)	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT AUTHORITY\LocalService
wuauserv	Windows Update	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
wudfsvc	Windows Driver Foundation - User-mode Driver Framework	svchost.exe	6.2.9200.16420	Share Process	Running	LocalSystem
WwanSvc	WWAN AutoConfig	svchost.exe	6.2.9200.16420	Share Process	Stopped	NT Authority\LocalService
ZeroConfigService	Intel(R) PROSet/Wireless Zero Configuration Service	ZeroConfigService.exe	16.1.0.0	Own Process	Running	LocalSystem

AX Files


AX File	Version	Description
3daudio.ax
bdaplgin.ax	6.2.9200.16384	Microsoft BDA Device Control Plug-in for MPEG2 based networks.
g711codc.ax	6.2.9200.16384	Intel G711 CODEC
iac25_32.ax	2.0.5.53	Indeo® audio software
ir41_32.ax	6.2.9200.16384	IR41_32 WRAPPER DLL
ivfsrc.ax	5.10.2.51	Intel Indeo® video IVF Source Filter 5.10
ksproxy.ax	6.2.9200.16384	WDM Streaming ActiveMovie Proxy
kstvtune.ax	6.2.9200.16384	WDM Streaming TvTuner
kswdmcap.ax	6.2.9200.16384	WDM Streaming Video Capture
ksxbar.ax	6.2.9200.16384	WDM Streaming Crossbar
mpeg2data.ax	6.6.9200.16384	Microsoft MPEG-2 Section and Table Acquisition Module
mpg2splt.ax	6.6.9200.16384	DirectShow MPEG-2 Splitter.
msdvbnp.ax	6.6.9200.16384	Microsoft Network Provider for MPEG2 based networks.
msnp.ax	6.6.9200.16384	Microsoft Network Provider for MPEG2 based networks.
muzdecode.ax	1.0.0.60207	PCube Audio Decoder Filter
muzeffect.ax	1.0.0.60210	P3AudioEffect Filter
muzmp4sp.ax	1.0.0.60210	P3MP4Splitter Filter
muzmpgsp.ax	1.1.7.911	PCube MPEG Splitter Filter
muzoggsp.ax	1.0.0.60207	OGG Splitter
psisrndr.ax	6.6.9200.16384	Microsoft Transport Information Filter for MPEG2 based networks.
vbicodec.ax	6.6.9200.16384	Microsoft VBI Codec
vbisurf.ax	6.2.9200.16384	VBI Surface Allocator Filter
vidcap.ax	6.2.9200.16384	Video Capture Interface Server
wstpager.ax	6.6.9200.16384	Microsoft Teletext Server

DLL Files


DLL File	Version	Description
aaclient.dll	6.2.9200.16384	Anywhere access client
accessibilitycpl.dll	6.2.9200.16384	Ease of access control panel
acctres.dll	6.2.9200.16384	Microsoft Internet Account Manager Resources
acledit.dll	6.2.9200.16384	Access Control List Editor
aclui.dll	6.2.9200.16384	Security Descriptor Editor
acppage.dll	6.2.9200.16384	Compatibility Tab Shell Extension Library
actioncenter.dll	6.2.9200.16384	Action Center
actioncentercpl.dll	6.2.9200.16384	Action Center Control Panel
activeds.dll	6.2.9200.16384	ADs Router Layer DLL
actxprxy.dll	6.2.9200.16519	ActiveX Interface Marshaling Library
adprovider.dll	6.2.9200.16384	adprovider DLL
adsldp.dll	6.2.9200.16384	ADs LDAP Provider DLL
adsldpc.dll	6.2.9200.16384	ADs LDAP Provider C DLL
adsmsext.dll	6.2.9200.16384	ADs LDAP Provider DLL
adsnt.dll	6.2.9200.16384	ADs Windows NT Provider DLL
adtschema.dll	6.2.9200.16384	Security Audit Schema DLL
advapi32.dll	6.2.9200.16384	Advanced Windows 32 Base API
advpack.dll	10.0.9200.16384	ADVPACK
aecache.dll	6.2.9200.16384	AECache Sysprep Plugin
aeevts.dll	6.2.9200.16384	Application Experience Event Resources
amstream.dll	6.6.9200.16384	DirectShow Runtime.
apds.dll	6.2.9200.16384	Microsoft® Help Data Services Module
api-ms-win-appmodel-identity-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-appmodel-runtime-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-appmodel-state-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-base-bootconfig-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-base-util-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-apiquery-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-appcompat-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-appinit-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-atoms-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-bem-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-bicltapi-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-biplmapi-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-biptcltapi-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-com-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-comm-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-com-private-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-console-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-console-l2-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-crt-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-crt-l2-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-datetime-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-datetime-l1-1-1.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-debug-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-debug-l1-1-1.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-delayload-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-delayload-l1-1-1.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-errorhandling-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-errorhandling-l1-1-1.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-fibers-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-fibers-l1-1-1.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-fibers-l2-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-file-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-file-l1-2-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-file-l2-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-firmware-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-handle-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-heap-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-heap-l1-2-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-heap-obsolete-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-interlocked-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-interlocked-l1-2-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-io-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-io-l1-1-1.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-job-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-job-l2-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-kernel32-legacy-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-kernel32-private-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-libraryloader-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-libraryloader-l1-1-1.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-localization-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-localization-l1-2-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-localization-l2-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-localization-obsolete-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-localization-private-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-localregistry-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-memory-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-memory-l1-1-1.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-multipleproviderrouter-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-namedpipe-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-namedpipe-l1-2-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-namespace-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-normalization-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-path-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-privateprofile-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-processenvironment-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-processenvironment-l1-2-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-processsecurity-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-processthreads-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-processthreads-l1-1-1.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-processtopology-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-processtopology-obsolete-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-profile-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-psapi-ansi-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-psapi-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-psapi-obsolete-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-psm-app-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-psm-info-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-psm-plm-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-realtime-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-registry-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-registry-l2-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-registry-private-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-registryuserspecific-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-rtlsupport-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-rtlsupport-l1-2-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-shutdown-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-sidebyside-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-stringansi-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-string-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-string-l2-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-stringloader-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-string-obsolete-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-synch-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-synch-l1-2-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-sysinfo-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-sysinfo-l1-2-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-systemtopology-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-threadpool-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-threadpool-l1-2-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-threadpool-legacy-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-threadpool-private-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-timezone-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-timezone-private-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-toolhelp-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-url-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-util-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-versionansi-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-version-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-version-private-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-windowserrorreporting-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-winrt-error-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-winrt-errorprivate-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-winrt-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-winrt-propertysetprivate-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-winrt-registration-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-winrt-robuffer-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-winrt-roparameterizediid-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-winrt-string-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-wow64-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-xstate-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-core-xstate-l1-1-1.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-devices-config-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-devices-query-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-devices-swdevice-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-downlevel-advapi32-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-downlevel-advapi32-l2-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-downlevel-normaliz-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-downlevel-ole32-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-downlevel-shell32-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-downlevel-shlwapi-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-downlevel-shlwapi-l2-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-downlevel-user32-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-downlevel-version-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-dx-d3dkmt-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-eventing-classicprovider-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-eventing-consumer-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-eventing-controller-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-eventing-legacy-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-eventing-obsolete-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-eventing-provider-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-eventlog-legacy-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-eventlog-private-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-gdi-ie-rgn-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-http-time-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-input-ie-interactioncontext-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-mm-joystick-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-mm-mci-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-mm-misc-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-mm-misc-l2-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-mm-mme-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-mm-playsound-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-mm-time-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-net-isolation-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-ntuser-dc-access-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-ntuser-ie-clipboard-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-ntuser-ie-message-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-ntuser-ie-window-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-ntuser-ie-wmpointer-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-ntuser-rectangle-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-ntuser-sysparams-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-ntuser-uicontext-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-ole32-ie-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-power-base-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-power-setting-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-ro-typeresolution-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-activedirectoryclient-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-appcontainer-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-audit-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-base-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-base-l1-2-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-base-private-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-credentials-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-credentials-l2-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-grouppolicy-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-lsalookup-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-lsalookup-l1-1-1.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-lsalookup-l2-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-lsapolicy-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-provider-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-sddl-ansi-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-sddl-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-sddlparsecond-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-systemfunctions-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-security-trustee-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-service-core-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-service-core-l1-1-1.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-service-management-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-service-management-l2-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-service-private-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-service-winsvc-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-service-winsvc-l1-2-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-shcore-comhelpers-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-shcore-obsolete-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-shcore-registry-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-shcore-scaling-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-shcore-stream-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-shcore-stream-winrt-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-shcore-sysinfo-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-shcore-thread-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-shcore-unicodeansi-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-shell-shellcom-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-shell-shellfolders-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
api-ms-win-shlwapi-ie-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
apphelp.dll	6.2.9200.16420	Application Compatibility Client Library
apphlpdm.dll	6.2.9200.16384	Application Compatibility Help Module
appidapi.dll	6.2.9200.16384	Application Identity APIs Dll
apprepapi.dll	6.2.9200.16384	Application Reputation APIs Dll
apprepsync.dll	6.2.9200.16384	AppRepSync Task
appxalluserstore.dll	6.2.9200.16384	AppX All User Store DLL
appxdeploymentclient.dll	6.2.9200.16384	AppX Deployment Client DLL
appxpackaging.dll	6.2.9200.16384	Native Code Appx Packaging Library
appxsip.dll	6.2.9200.16433	Appx Subject Interface Package
asferror.dll	12.0.9200.16384	ASF Error Definitions
aspnet_counters.dll	4.0.30319.17929	Microsoft ASP.NET Performance Counter Shim DLL
asycfilt.dll	6.2.9200.16384
atl.dll	3.5.2284.0	ATL Module for Windows XP (Unicode)
atl100.dll	10.0.40219.325	ATL Module for Windows
atl110.dll	11.0.50727.1	ATL Module for Windows
atmfd.dll	5.1.2.236	Windows NT OpenType/Type 1 Font Driver
atmlib.dll	5.1.2.236	Windows NT OpenType/Type 1 API Library.
audiodev.dll	6.2.9200.16384	Portable Media Devices Shell Extension
audioeng.dll	6.2.9200.16578	Audio Engine
audiokse.dll	6.2.9200.16451	Audio Ks Endpoint
audioses.dll	6.2.9200.16578	Audio Session
authbroker.dll	6.2.9200.16384	Web Authentication WinRT API
authext.dll	6.2.9200.16384	Authentication Extensions
authfwcfg.dll	6.2.9200.16384	Windows Firewall with Advanced Security Configuration Helper
authfwgp.dll	6.2.9200.16384	Windows Firewall with Advanced Security Group Policy Editor Extension
authfwsnapin.dll	6.2.9200.16384	Microsoft.WindowsFirewall.SnapIn
authfwwizfwk.dll	6.2.9200.16384	Wizard Framework
authui.dll	6.2.9200.16604	Windows Authentication UI
authz.dll	6.2.9200.16384	Authorization Framework
autoplay.dll	6.2.9200.16384	AutoPlay Control Panel
auxiliarydisplayapi.dll	6.2.9200.16384	Microsoft Windows SideShow API
auxiliarydisplaycpl.dll	6.2.9200.16384	Microsoft Windows SideShow Control Panel
avicap32.dll	6.2.9200.16384	AVI Capture window class
avifil32.dll	6.2.9200.16384	Microsoft AVI File support library
avrt.dll	6.2.9200.16420	Multimedia Realtime Runtime
azroles.dll	6.2.9200.16384	azroles Module
azroleui.dll	6.2.9200.16384	Authorization Manager
azsqlext.dll	6.2.9200.16384	AzMan Sql Audit Extended Stored Procedures Dll
basecsp.dll	6.2.9200.16384	Microsoft Base Smart Card Crypto Provider
batmeter.dll	6.2.9200.16420	Battery Meter Helper DLL
bcp47langs.dll	6.2.9200.16604	BCP47 Language Classes
bcrypt.dll	6.2.9200.16384	Windows Cryptographic Primitives Library
bcryptprimitives.dll	6.2.9200.16384	Windows Cryptographic Primitives Library
bidispl.dll	6.2.9200.16384	Bidispl DLL
biocredprov.dll	6.2.9200.16384	WinBio Credential Provider
bitsperf.dll	7.6.9200.16384	Perfmon Counter Access
bitsprx2.dll	7.6.9200.16384	Background Intelligent Transfer Service Proxy
bitsprx3.dll	7.6.9200.16384	Background Intelligent Transfer Service 2.0 Proxy
bitsprx4.dll	7.6.9200.16384	Background Intelligent Transfer Service 2.5 Proxy
bitsprx5.dll	7.6.9200.16384	Background Intelligent Transfer Service 3.0 Proxy
bitsprx6.dll	7.6.9200.16384	Background Intelligent Transfer Service 4.0 Proxy
bitsprx7.dll	7.6.9200.16384	Background Intelligent Transfer Service 5.0 Proxy
biwinrt.dll	6.2.9200.16604	Windows Background Broker Infrastructure
blackbox.dll	11.0.9200.16384	BlackBox DLL
bluetoothapis.dll	6.2.9200.16384	Bluetooth Usermode Api host
bootvid.dll	6.2.9200.16384	VGA Boot Driver
browcli.dll	6.2.9200.16384	Browser Service Client DLL
browseui.dll	6.2.9200.16384	Shell Browser UI Library
btpanui.dll	6.2.9200.16384	Bluetooth PAN User Interface
bwcontexthandler.dll	1.0.0.1	ContextH Application
c_g18030.dll	6.2.9200.16384	GB18030 DBCS-Unicode Conversion DLL
c_is2022.dll	6.2.9200.16384	ISO-2022 Code Page Translation DLL
c_iscii.dll	6.2.9200.16384	ISCII Code Page Translation DLL
cabinet.dll	6.2.9200.16384	Microsoft® Cabinet File API
cabview.dll	6.2.9200.16384	Cabinet File Viewer Shell Extension
callbuttons.dll	6.2.9200.16384	Windows Runtime CallButtonsServer DLL
callbuttons.proxystub.dll	6.2.9200.16384	Windows Runtime CallButtonsServer ProxyStub DLL
capiprovider.dll	6.2.9200.16384	capiprovider DLL
capisp.dll	6.2.9200.16384	Sysprep cleanup dll for CAPI
catsrv.dll	2001.12.10130.16384	COM+ Configuration Catalog Server
catsrvps.dll	2001.12.10130.16384	COM+ Configuration Catalog Server Proxy/Stub
catsrvut.dll	2001.12.10130.16384	COM+ Configuration Catalog Server Utilities
cbfsmntntf3.dll	3.2.114.113	CbFs Mount Notifier
cbfsnetrdr3.dll	3.2.114.192	Network Redirector
cca.dll	6.6.9200.16384	CCA DirectShow Filter.
cdosys.dll	6.6.9200.16384	Microsoft CDO for Windows Library
certca.dll	6.2.9200.16384	Microsoft® Active Directory Certificate Services CA
certcli.dll	6.2.9200.16384	Microsoft® Active Directory Certificate Services Client
certcredprovider.dll	6.2.9200.16384	Cert Credential Provider
certenc.dll	6.2.9200.16384	Active Directory Certificate Services Encoding
certenroll.dll	6.2.9200.16384	Microsoft® Active Directory Certificate Services Enrollment Client
certenrollui.dll	6.2.9200.16384	X509 Certificate Enrollment UI
certmgr.dll	6.2.9200.16384	Certificates snap-in
certpoleng.dll	6.2.9200.16384	Certificate Policy Engine
cewmdm.dll	12.0.9200.16384	Windows CE WMDM Service Provider
cfgbkend.dll	6.2.9200.16384	Configuration Backend Interface
cfgmgr32.dll	6.2.9200.16384	Configuration Manager DLL
cfmifs.dll	6.2.9200.16384	FmIfs Engine
cfmifsproxy.dll	6.2.9200.16384	Microsoft® FmIfs Proxy Library
chartv.dll	6.2.9200.16384	Chart View
chsbrkr.dll	6.2.9200.16384	Simplified Chinese Word Breaker
chtbrkr.dll	6.2.9200.16384	Chinese Traditional Word Breaker
chxreadingstringime.dll	6.2.9200.16384	CHxReadingStringIME
cic.dll	6.2.9200.16384	CIC - MMC controls for Taskpad
cis-2.4.dll
clb.dll	6.2.9200.16384	Column List Box
clbcatq.dll	2001.12.10130.16384	COM+ Configuration Catalog
clfsw32.dll	6.2.9200.16384	Common Log Marshalling Win32 DLL
cliconfg.dll	6.2.9200.16384	SQL Client Configuration Utility DLL
clrhost.dll	6.2.9200.16384	In Proc server for managed servers in the Windows Runtime
clusapi.dll	6.2.9200.16384	Cluster API Library
cmcfg32.dll	7.2.9200.16384	Microsoft Connection Manager Configuration Dll
cmdext.dll	6.2.9200.16384	cmd.exe Extension DLL
cmdial32.dll	7.2.9200.16384	Microsoft Connection Manager
cmifw.dll	6.2.9200.16384	Windows Firewall rule configuration plug-in
cmipnpinstall.dll	6.2.9200.16384	PNP plugin installer for CMI
cmlua.dll	7.2.9200.16384	Connection Manager Admin API Helper
cmpbk32.dll	7.2.9200.16384	Microsoft Connection Manager Phonebook
cmstplua.dll	7.2.9200.16384	Connection Manager Admin API Helper for Setup
cmutil.dll	7.2.9200.16384	Microsoft Connection Manager Utility Lib
cngcredui.dll	6.2.9200.16384	Microsoft CNG CredUI Provider
cngprovider.dll	6.2.9200.16384	cngprovider DLL
cnvfat.dll	6.2.9200.16384	FAT File System Conversion Utility DLL
colbact.dll	2001.12.10130.16384	COM+
colorcnv.dll	6.2.9200.16384	Windows Media Color Conversion
colorui.dll	6.2.9200.16384	Microsoft Color Control Panel
combase.dll	6.2.9200.16420	Microsoft COM for Windows
comcat.dll	6.2.9200.16384	Microsoft Component Category Manager Library
comctl32.dll	5.82.9200.16384	User Experience Controls Library
comdlg32.dll	6.2.9200.16384	Common Dialogs DLL
compobj.dll	2.10.35.35	OLE 2.1 16/32 Interoperability Library
compstui.dll	6.2.9200.16384	Common Property Sheet User Interface DLL
comrepl.dll	2001.12.10130.16384	COM+
comres.dll	2001.12.10130.16384	COM+ Resources
comsnap.dll	2001.12.10130.16384	COM+ Explorer MMC Snapin
comsvcs.dll	2001.12.10130.16384	COM+ Services
comuid.dll	2001.12.10130.16384	COM+ Explorer UI
concrt140.dll	14.0.23506.0	Microsoft® Concurrency Runtime Library
connect.dll	6.2.9200.16384	Get Connected Wizards
connectedaccountstate.dll	6.2.9200.16384	ConnectedAccountState.dll
console.dll	6.2.9200.16384	Control Panel Console Applet
cpfilters.dll	6.6.9200.16384	PTFilter & Encypter/Decrypter Tagger Filters.
credssp.dll	6.2.9200.16384	Credential Delegation Security Package
credui.dll	6.2.9200.16384	Credential Manager User Interface
crtdll.dll	4.0.1183.1	Microsoft C Runtime Library
crypt32.dll	6.2.9200.16592	Crypto API32
cryptbase.dll	6.2.9200.16384	Base cryptographic API DLL
cryptdlg.dll	6.2.9200.16569	Microsoft Common Certificate Dialogs
cryptdll.dll	6.2.9200.16384	Cryptography Manager
cryptext.dll	6.2.9200.16384	Crypto Shell Extensions
cryptnet.dll	6.2.9200.16592	Crypto Network Related API
cryptowinrt.dll	6.2.9200.16384	Crypto WinRT Library
cryptsp.dll	6.2.9200.16384	Cryptographic Service Provider API
cryptui.dll	6.2.9200.16384	Microsoft Trust UI Provider
cryptuiwizard.dll	6.2.9200.16384	Microsoft Trust UI Provider
cryptxml.dll	6.2.9200.16384	XML DigSig API
cscapi.dll	6.2.9200.16384	Offline Files Win32 API
cscdll.dll	6.2.9200.16384	Offline Files Temporary Shim
csver.dll	9.3.0.1021	CSVer
ctl3d32.dll	2.31.0.0	Ctl3D 3D Windows Controls
d2d1.dll	6.2.9200.16420	Microsoft D2D Library
d3d10.dll	6.2.9200.16384	Direct3D 10 Runtime
d3d10_1.dll	6.2.9200.16384	Direct3D 10.1 Runtime
d3d10_1core.dll	6.2.9200.16384	Direct3D 10.1 Runtime
d3d10core.dll	6.2.9200.16384	Direct3D 10 Runtime
d3d10level9.dll	6.2.9200.16384	Direct3D 10 to Direct3D9 Translation Runtime
d3d10warp.dll	6.2.9200.16420	Direct3D 10 Rasterizer
d3d11.dll	6.2.9200.16420	Direct3D 11 Runtime
d3d8.dll	6.2.9200.16384	Microsoft Direct3D
d3d8thk.dll	6.2.9200.16384	Microsoft Direct3D OS Thunk Layer
d3d9.dll	6.2.9200.16384	Direct3D 9 Runtime
d3dcompiler_41.dll	9.26.952.2844	Direct3D HLSL Compiler
d3dcompiler_43.dll	9.29.952.3111	Direct3D HLSL Compiler
d3dim.dll	6.2.9200.16384	Microsoft Direct3D
d3dim700.dll	6.2.9200.16384	Microsoft Direct3D
d3dramp.dll	6.2.9200.16384	Microsoft Direct3D
d3dx10_41.dll	9.26.952.2844	Direct3D 10.1 Extensions
d3dx10_42.dll	9.27.952.3001	Direct3D 10.1 Extensions
d3dx11_43.dll	9.29.952.3111	Direct3D 10.1 Extensions
d3dx9_32.dll	9.16.843.0	Microsoft® DirectX for Windows®
d3dxof.dll	6.2.9200.16384	DirectX Files DLL
dafprintprovider.dll	6.2.9200.16384	DAF Print Provider DLL
daotpcredentialprovider.dll	6.2.9200.16384	DirectAccess One-Time Password Credential Provider
dataclen.dll	6.2.9200.16384	Disk Space Cleaner for Windows
davclnt.dll	6.2.9200.16384	Web DAV Client DLL
davhlpr.dll	6.2.9200.16384	DAV Helper DLL
dbgeng.dll	6.2.9200.16384	Windows Symbolic Debugger Engine
dbghelp.dll	6.2.9200.16384	Windows Image Helper
dbnetlib.dll	6.2.9200.16384	Winsock Oriented Net DLL for SQL Clients
dbnmpntw.dll	6.2.9200.16384	Named Pipes Net DLL for SQL Clients
dciman32.dll	6.2.9200.16453	DCI Manager
dcomp.dll	6.2.9200.16384	Microsoft DirectComposition Library
ddaclsys.dll	6.2.9200.16384	SysPrep module for Resetting Data Drive ACL
ddoiproxy.dll	6.2.9200.16384	DDOI Interface Proxy
ddores.dll	6.2.9200.16384	Device Category information and resources
ddraw.dll	6.2.9200.16384	Microsoft DirectDraw
ddrawex.dll	6.2.9200.16384	Direct Draw Ex
delegatorprovider.dll	6.2.9200.16384	WMI PassThru Provider for Storage Management
deskadp.dll	6.2.9200.16384	Advanced display adapter properties
deskmon.dll	6.2.9200.16384	Advanced display monitor properties
devdispitemprovider.dll	6.2.9200.16384	DeviceItem inproc devquery subsystem
devenum.dll	6.6.9200.16384	Device enumeration.
deviceaccess.dll	6.2.9200.16384	Device Broker And Policy COM Server
deviceassociation.dll	6.2.9200.16384	Device Association Client DLL
devicecenter.dll	6.2.9200.16384	Device Center
devicedisplaystatusmanager.dll	6.2.9200.16384	Device Display Status Manager
devicemetadataparsers.dll	6.2.9200.16384	Common Device Metadata parsers
devicepairing.dll	6.2.9200.16604	Shell extensions for Device Pairing
devicepairingfolder.dll	6.2.9200.16384	Device Pairing Folder
devicepairingproxy.dll	6.2.9200.16384	Device Pairing Proxy Dll
deviceuxres.dll	6.2.9200.16384	Windows Device User Experience Resource File
devmgr.dll	6.2.9200.16384	Device Manager MMC Snapin
devobj.dll	6.2.9200.16384	Device Information Set DLL
devrtl.dll	6.2.9200.16384	Device Management Run Time Library
dfscli.dll	6.2.9200.16384	Windows NT Distributed File System Client DLL
dfshim.dll	4.0.41209.0	ClickOnce Application Deployment Support Library
dfsshlex.dll	6.2.9200.16384	Distributed File System shell extension
dgderapi.dll	1.3.1900.0	Device Error Recovery SDK(x86)
dhcpcmonitor.dll	6.2.9200.16384	DHCP Client Monitor Dll
dhcpcore.dll	6.2.9200.16433	DHCP Client Service
dhcpcore6.dll	6.2.9200.16433	DHCPv6 Client
dhcpcsvc.dll	6.2.9200.16433	DHCP Client Service
dhcpcsvc6.dll	6.2.9200.16433	DHCPv6 Client
dhcpqec.dll	6.2.9200.16384	Microsoft DHCP NAP Enforcement Client
dhcpsapi.dll	6.2.9200.16384	DHCP Server API Stub DLL
difxapi.dll	2.1.0.0	Driver Install Frameworks for API library module
dimsjob.dll	6.2.9200.16384	DIMS Job DLL
dimsroam.dll	6.2.9200.16384	Key Roaming DIMS Provider DLL
dinput.dll	6.2.9200.16384	Microsoft DirectInput
dinput8.dll	6.2.9200.16384	Microsoft DirectInput
directdb.dll	6.2.9200.16384	Microsoft Direct Database API
diskcopy.dll	6.2.9200.16384	Windows DiskCopy
dismapi.dll	6.2.9200.16384	DISM API Framework
dispex.dll	5.8.9200.16384	Microsoft ® DispEx
display.dll	6.2.9200.16384	Display Control Panel
dlnashext.dll	12.0.9200.16384	DLNA Namespace DLL
dmband.dll	6.2.9200.16384	Microsoft DirectMusic Band
dmcompos.dll	6.2.9200.16384	Microsoft DirectMusic Composer
dmdlgs.dll	6.2.9200.16384	Disk Management Snap-in Dialogs
dmdskmgr.dll	6.2.9200.16384	Disk Management Snap-in Support Library
dmdskres.dll	6.2.9200.16384	Disk Management Snap-in Resources
dmdskres2.dll	6.2.9200.16384	Disk Management Snap-in Resources
dmime.dll	6.2.9200.16384	Microsoft DirectMusic Interactive Engine
dmintf.dll	6.2.9200.16384	Disk Management DCOM Interface Stub
dmloader.dll	6.2.9200.16384	Microsoft DirectMusic Loader
dmocx.dll	6.2.9200.16384	TreeView OCX
dmscript.dll	6.2.9200.16384	Microsoft DirectMusic Scripting
dmstyle.dll	6.2.9200.16384	Microsoft DirectMusic Style Engline
dmsynth.dll	6.2.9200.16384	Microsoft DirectMusic Software Synthesizer
dmusic.dll	6.2.9200.16384	Microsoft DirectMusic Core Services
dmutil.dll	6.2.9200.16384	Logical Disk Manager Utility Library
dmvdsitf.dll	6.2.9200.16578	Disk Management Snap-in Support Library
dnsapi.dll	6.2.9200.16420	DNS Client API DLL
dnscmmc.dll	6.2.9200.16384	DNS Client MMC Snap-in DLL
docprop.dll	6.2.9200.16384	OLE DocFile Property Page
dot3api.dll	6.2.9200.16384	802.3 Autoconfiguration API
dot3cfg.dll	6.2.9200.16384	802.3 Netsh Helper
dot3dlg.dll	6.2.9200.16384	802.3 UI Helper
dot3gpclnt.dll	6.2.9200.16384	802.3 Group Policy Client
dot3gpui.dll	6.2.9200.16384	802.3 Network Policy Management Snap-in
dot3hc.dll	6.2.9200.16384	Dot3 Helper Class
dot3msm.dll	6.2.9200.16384	802.3 Media Specific Module
dot3ui.dll	6.2.9200.16384	802.3 Advanced UI
dpapi.dll	6.2.9200.16384	Data Protection API
dpapiprovider.dll	6.2.9200.16384	dpapiprovider DLL
dplayx.dll	6.2.9200.16384	Microsoft DirectPlay
dpmodemx.dll	6.2.9200.16384	Modem and Serial Connection For DirectPlay
dpnaddr.dll	6.2.9200.16450	Microsoft DirectPlay8 Address
dpnathlp.dll	6.2.9200.16450	Microsoft DirectPlay NAT Helper UPnP
dpnet.dll	6.2.9200.16450	Microsoft DirectPlay
dpnhpast.dll	6.2.9200.16450	Microsoft DirectPlay NAT Helper PAST
dpnhupnp.dll	6.2.9200.16450	Microsoft DirectPlay NAT Helper UPNP
dpnlobby.dll	6.2.9200.16450	Microsoft DirectPlay8 Lobby
dpwsockx.dll	6.2.9200.16384	Internet TCP/IP and IPX Connection For DirectPlay
dpx.dll	6.2.9200.16384	Microsoft(R) Delta Package Expander
drmmgrtn.dll	11.0.9200.16384	DRM Migration DLL
drmv2clt.dll	11.0.9200.16384	DRMv2 Client DLL
drprov.dll	6.2.9200.16384	Microsoft Remote Desktop Session Host Server Network Provider
drt.dll	6.2.9200.16384	Distributed Routing Table
drtprov.dll	6.2.9200.16384	Distributed Routing Table Providers
drttransport.dll	6.2.9200.16384	Distributed Routing Table Transport Provider
drvstore.dll	6.2.9200.16451	Driver Store API
dsauth.dll	6.2.9200.16384	DS Authorization for Services
dsdmo.dll	6.2.9200.16384	DirectSound Effects
dskquota.dll	6.2.9200.16384	Windows Shell Disk Quota Support DLL
dskquoui.dll	6.2.9200.16384	Windows Shell Disk Quota UI DLL
dsound.dll	6.2.9200.16384	DirectSound
dsparse.dll	6.2.9200.16384	Active Directory Domain Services API
dsprop.dll	6.2.9200.16384	Windows Active Directory Property Pages
dsquery.dll	6.2.9200.16384	Directory Service Find
dsrole.dll	6.2.9200.16384	DS Setup Client DLL
dssec.dll	6.2.9200.16384	Directory Service Security UI
dssenh.dll	6.2.9200.16384	Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
dsui.dll	6.2.9200.16384	Device Setup UI Pages
dsuiext.dll	6.2.9200.16384	Directory Service Common UI
dswave.dll	6.2.9200.16384	Microsoft DirectMusic Wave
dtsh.dll	6.2.9200.16384	Detection and Sharing Status API
dui70.dll	6.2.9200.16384	Windows DirectUI Engine
duser.dll	6.2.9200.16518	Windows DirectUser Engine
dwmapi.dll	6.2.9200.16384	Microsoft Desktop Window Manager API
dwmcore.dll	6.2.9200.16433	Microsoft DWM Core Library
dwrite.dll	6.2.9200.16433	Microsoft DirectX Typography Services
dxdiagn.dll	6.2.9200.16384	Microsoft DirectX Diagnostic Tool
dxgi.dll	6.2.9200.16420	DirectX Graphics Infrastructure
dxmasf.dll	12.0.9200.16420	Microsoft Windows Media Component Removal File.
dxptaskringtone.dll	6.2.9200.16384	Microsoft Ringtone Editor
dxptasksync.dll	6.2.9200.16384	Microsoft Windows DXP Sync.
dxtmsft.dll	10.0.9200.16384	DirectX Media -- Image DirectX Transforms
dxtrans.dll	10.0.9200.16384	DirectX Media -- DirectX Transform Core
dxva2.dll	6.2.9200.16384	DirectX Video Acceleration 2.0 DLL
eapp3hst.dll	6.2.9200.16384	Microsoft ThirdPartyEapDispatcher
eappcfg.dll	6.2.9200.16384	Eap Peer Config
eappgnui.dll	6.2.9200.16384	EAP Generic UI
eapphost.dll	6.2.9200.16384	Microsoft EAPHost Peer service
eappprxy.dll	6.2.9200.16384	Microsoft EAPHost Peer Client DLL
eapqec.dll	6.2.9200.16384	Microsoft EAP NAP Enforcement Client
easwrt.dll	6.2.9200.16384	Exchange ActiveSync Windows Runtime DLL
efsadu.dll	6.2.9200.16384	File Encryption Utility
efscore.dll	6.2.9200.16384	EFS Core Library
efsutil.dll	6.2.9200.16384	EFS Utility Library
ehstorapi.dll	6.2.9200.16384	Windows Enhanced Storage API
ehstorpwdmgr.dll	6.2.9200.16384	Microsoft Enhanced Storage Password Manager
els.dll	6.2.9200.16384	Event Viewer Snapin
elscore.dll	6.2.9200.16384	Els Core Platform DLL
elshyph.dll	6.2.9200.16384	ELS Hyphenation Service
elslad.dll	6.2.9200.16384	ELS Language Detection
elstrans.dll	6.2.9200.16384	ELS Transliteration Service
encapi.dll	6.2.9200.16384	Encoder API
encdec.dll	6.6.9200.16384	XDSCodec & Encypter/Decrypter Tagger Filters.
eqossnap.dll	6.2.9200.16384	EQoS Snapin extension
es.dll	2001.12.10130.16384	COM+
esent.dll	6.2.9200.16384	Extensible Storage Engine for Microsoft(R) Windows(R)
esentprf.dll	6.2.9200.16384	Extensible Storage Engine Performance Monitoring Library for Microsoft(R) Windows(R)
eventcls.dll	6.2.9200.16420	Microsoft® Volume Shadow Copy Service event class
evr.dll	6.2.9200.16384	Enhanced Video Renderer DLL
explorerframe.dll	6.2.9200.16384	ExplorerFrame
expsrv.dll	6.0.72.9589	Visual Basic for Applications Runtime - Expression Service
ext-ms-win-advapi32-auth-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-advapi32-encryptedfile-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-advapi32-eventingcontroller-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-advapi32-eventlog-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-advapi32-lsa-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-advapi32-msi-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-advapi32-ntmarta-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-advapi32-psm-app-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-advapi32-registry-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-advapi32-safer-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-advapi32-shutdown-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-authz-claimpolicies-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-authz-context-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-authz-remote-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-biometrics-winbio-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-bluetooth-deviceassociation-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-branding-winbrand-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-cluster-clusapi-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-cluster-resutils-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-cmd-util-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-cng-rng-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-com-clbcatq-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-com-ole32-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-com-psmregister-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-domainjoin-netjoin-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-firewallapi-webproxy-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-fs-clfs-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-fsutilext-ifsutil-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-fsutilext-ulib-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-gdi-dc-create-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-gdi-dc-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-gdi-devcaps-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-gdi-draw-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-gdi-font-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-gdi-metafile-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-gdi-path-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-gdi-render-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-gdi-rgn-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-gdi-wcs-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-gpapi-grouppolicy-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-gui-uxinit-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-kernel32-appcompat-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-kernel32-datetime-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-kernel32-errorhandling-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-kernel32-file-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-kernel32-package-current-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-kernel32-package-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-kernel32-registry-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-kernel32-sidebyside-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-kernel32-transacted-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-kernel32-windowserrorreporting-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-kernelbase-processthread-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-mf-winmm-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-mm-msacm-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-mm-pehelper-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-mm-wmdrmsdk-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-mpr-multipleproviderrouter-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-mrmcorer-resmanager-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-msiltcfg-msi-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-networking-winipsec-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-newdev-config-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntdsa-activedirectoryserver-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntdsapi-activedirectoryclient-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntos-ksecurity-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntos-ksigningpolicy-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntos-tm-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-caret-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-dc-access-ext-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-dialogbox-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-draw-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-gui-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-keyboard-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-menu-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-message-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-misc-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-mouse-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-powermanagement-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-private-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-rectangle-ext-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-string-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-synch-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-sysparams-ext-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-windowclass-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-window-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ntuser-windowstation-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ole32-bindctx-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ole32-clipboard-ie-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ole32-ie-ext-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ole32-oleautomation-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-printer-winspool-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-profile-profsvc-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-profile-userenv-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ras-rasapi32-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ras-rasdlg-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ras-rasman-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-ras-tapi32-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-rometadata-dispenser-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-samsrv-accountstore-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-scesrv-server-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-secur32-translatename-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-security-credui-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-security-cryptui-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-security-kerberos-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-security-vaultcli-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-session-userinit-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-session-wininit-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-session-winsta-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-session-wtsapi32-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-setupapi-cfgmgr32local-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-setupapi-cfgmgr32remote-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-setupapi-classinstallers-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-setupapi-inf-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-setupapi-logging-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-shell32-shellcom-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-shell32-shellfolders-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-shell-propsys-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-shell-shell32-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-shell-shlwapi-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-smbshare-sscore-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-spinf-inf-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-sxs-oleautomation-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-umpoext-umpo-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-webio-pal-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-wer-reporting-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-wevtapi-eventlog-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-winhttp-pal-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-wininet-pal-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-wlan-grouppolicy-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-wlan-onexui-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-wlan-scard-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-wsclient-devlicense-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
ext-ms-win-wwan-wwapi-l1-1-0.dll	6.2.9200.16384	ApiSet Stub DLL
f3ahvoas.dll	6.2.9200.16384	JP Japanese Keyboard Layout for Fujitsu FMV oyayubi-shift keyboard
faultrep.dll	6.2.9200.16384	Windows User Mode Crash Reporting DLL
fdbth.dll	6.2.9200.16384	Function Discovery Bluetooth Provider Dll
fdbthproxy.dll	6.2.9200.16384	Bluetooth Provider Proxy Dll
fde.dll	6.2.9200.16384	Folder Redirection Snapin Extension
fdeploy.dll	6.2.9200.16384	Folder Redirection Group Policy Extension
fdpnp.dll	6.2.9200.16384	Pnp Provider Dll
fdproxy.dll	6.2.9200.16384	Function Discovery Proxy Dll
fdssdp.dll	6.2.9200.16384	Function Discovery SSDP Provider Dll
fdwcn.dll	6.2.9200.16451	Windows Connect Now - Config Function Discovery Provider DLL
fdwnet.dll	6.2.9200.16384	Function Discovery WNet Provider Dll
fdwsd.dll	6.2.9200.16384	Function Discovery WS Discovery Provider Dll
feclient.dll	6.2.9200.16384	Windows NT File Encryption Client Interfaces
filemgmt.dll	6.2.9200.16384	Services and Shared Folders
findnetprinters.dll	6.2.9200.16384	Find Network Printers COM Component
firewallapi.dll	6.2.9200.16433	Windows Firewall API
firewallcontrolpanel.dll	6.2.9200.16384	Windows Firewall Control Panel
fltlib.dll	6.2.9200.16384	Filter Library
fm20.dll	15.0.4420.1017	Microsoft® Forms DLL
fm20enu.dll	15.0.4420.1017	Microsoft® Forms International DLL
fmifs.dll	6.2.9200.16578	FM IFS Utility DLL
fms.dll	6.2.9200.16384	Font Management Services
fontext.dll	6.2.9200.16384	Windows Font Folder
fontsub.dll	6.2.9200.16453	Font Subsetting DLL
fphc.dll	6.2.9200.16384	Filtering Platform Helper Class
framedyn.dll	6.2.9200.16384	WMI SDK Provider Framework
framedynos.dll	6.2.9200.16384	WMI SDK Provider Framework
frprov.dll	6.2.9200.16384	Folder Redirection WMI Provider
fsutilext.dll	6.2.9200.16384	FS Utility Extension DLL
fundisc.dll	6.2.9200.16384	Function Discovery Dll
fwcfg.dll	6.2.9200.16384	Windows Firewall Configuration Helper
fwpuclnt.dll	6.2.9200.16465	FWP/IPsec User-Mode API
fwremotesvr.dll	6.2.9200.16384	Windows Firewall Remote APIs Server
fxsapi.dll	6.2.9200.16384	Microsoft Fax API Support DLL
fxscom.dll	6.2.9200.16384	Microsoft Fax Server COM Client Interface
fxscomex.dll	6.2.9200.16384	Microsoft Fax Server Extended COM Client Interface
fxsext32.dll	6.2.9200.16384	Microsoft Fax Exchange Command Extension
fxsresm.dll	6.2.9200.16384	Microsoft Fax Resource DLL
fxsxp32.dll	6.2.9200.16384	Microsoft Fax Transport Provider
gameux.dll	6.2.9200.16384	Games Explorer
gameuxlegacygdfs.dll	1.0.0.1	Legacy GDF resource DLL
gcdef.dll	6.2.9200.16384	Game Controllers Default Sheets
gdi32.dll	6.2.9200.16604	GDI Client DLL
gdiplus.dll	6.2.9200.16502	Microsoft GDI+
getuname.dll	6.2.9200.16384	Unicode name Dll for UCE
glcndfilter.dll	6.2.9200.16451	Windows Reader
glmf32.dll	6.2.9200.16384	OpenGL Metafiling DLL
glu32.dll	6.2.9200.16384	OpenGL Utility Library DLL
gpapi.dll	6.2.9200.16384	Group Policy Client API
gpedit.dll	6.2.9200.16384	GPEdit
gpprnext.dll	6.2.9200.16384	Group Policy Printer Extension
gptext.dll	6.2.9200.16384	GPTExt
hbaapi.dll	6.2.9200.16384	HBA API data interface dll for HBA_API_Rev_2-18_2002MAR1.doc
hcproviders.dll	6.2.9200.16384	Action Center Providers
helppaneproxy.dll	6.2.9200.16384	Microsoft® Help Proxy
hgcpl.dll	6.2.9200.16384	HomeGroup Control Panel
hhsetup.dll	6.2.9200.16384	Microsoft® HTML Help
hid.dll	6.2.9200.16384	Hid User Library
hidserv.dll	6.2.9200.16384	HID Service
hlink.dll	6.2.9200.16384	Microsoft Office 2000 component
hnetcfg.dll	6.2.9200.16384	Home Networking Configuration Manager
hnetmon.dll	6.2.9200.16384	Home Networking Monitor DLL
httpapi.dll	6.2.9200.16384	HTTP Protocol Stack API
htui.dll	6.2.9200.16384	Common halftone Color Adjustment Dialogs
ias.dll	6.2.9200.16384	Network Policy Server
iasacct.dll	6.2.9200.16384	NPS Accounting Provider
iasads.dll	6.2.9200.16384	NPS Active Directory Data Store
iasdatastore.dll	6.2.9200.16384	NPS Datastore server
iashlpr.dll	6.2.9200.16384	NPS Surrogate Component
iasmigplugin.dll	6.2.9200.16384	NPS Migration DLL
iasnap.dll	6.2.9200.16384	NPS NAP Provider
iaspolcy.dll	6.2.9200.16384	NPS Pipeline
iasrad.dll	6.2.9200.16384	NPS RADIUS Protocol Component
iasrecst.dll	6.2.9200.16384	NPS XML Datastore Access
iassam.dll	6.2.9200.16384	NPS NT SAM Provider
iassdo.dll	6.2.9200.16384	NPS SDO Component
iassvcs.dll	6.2.9200.16384	NPS Services Component
iccvid.dll	1.10.0.12	Cinepak® Codec
icm32.dll	6.2.9200.16384	Microsoft Color Management Module (CMM)
icmp.dll	6.2.9200.16384	ICMP DLL
icmui.dll	6.2.9200.16384	Microsoft Color Matching System User Interface DLL
iconcodecservice.dll	6.2.9200.16384	Converts a PNG part of the icon to a legacy bmp icon
icsigd.dll	6.2.9200.16384	Internet Gateway Device properties
idctrls.dll	6.2.9200.16384	Identity Controls
idndl.dll	6.2.9200.16384	Downlevel DLL
idstore.dll	6.2.9200.16384	Identity Store
ieadvpack.dll	10.0.9200.16384	ADVPACK
ieapfltr.dll	10.0.9200.16384	Microsoft SmartScreen Filter
iedkcs32.dll	18.0.9200.16384	IEAK branding
ieframe.dll	10.0.9200.16598	Internet Browser
iepeers.dll	10.0.9200.16384	Internet Explorer Peer Objects
iernonce.dll	10.0.9200.16537	Extended RunOnce processing with UI
iertutil.dll	10.0.9200.16598	Run time utility for Internet Explorer
iesetup.dll	10.0.9200.16537	IOD Version Map
iesysprep.dll	10.0.9200.16537	IE Sysprep Provider
ieui.dll	10.0.9200.16384	Internet Explorer UI Engine
ifmon.dll	6.2.9200.16384	IF Monitor DLL
ifsutil.dll	6.2.9200.16384	IFS Utility DLL
ifsutilx.dll	6.2.9200.16384	IFS Utility Extension DLL
ig4icd32.dll	9.17.10.2884	OpenGL(R) Driver for Intel(R) Graphics Accelerator
ig7icd32.dll	9.17.10.2963	OpenGL(R) Driver for Intel(R) Graphics Accelerator
igd10umd32.dll	9.17.10.2963	LDDM User Mode Driver for Intel(R) Graphics Technology
igdbcl32.dll	9.17.10.2884	OpenCL User Mode Driver for Intel(R) Graphics Technology
igdde32.dll
igdfcl32.dll	8.1.0.2963	OpenCL Driver for Intel(R) Graphics Technology
igdrcl32.dll	9.17.10.2963	OpenCL User Mode Driver for Intel(R) Graphics Technology
igdumd32.dll	9.17.10.2963	LDDM User Mode Driver for Intel(R) Graphics Technology
igfx11cmrt32.dll	2.4.0.1019	CM Runtime Dynamic Link Library (DX11)
igfxcmjit32.dll	2.4.0.1019	CM JIT Dynamic Link Library
igfxcmrt32.dll	2.4.0.1019	CM Runtime Dynamic Link Library
igfxdv32.dll	8.15.10.2963	igfxdev Module
igfxexps32.dll	8.15.10.2963	igfxext Module
iglhcp32.dll	3.0.1.15	iglhcp32 Dynamic Link Library
iglhsip32.dll	3.0.0.12	iglhsip32 Dynamic Link Library
imagehlp.dll	6.2.9200.16384	Windows NT Image Helper
imageres.dll	6.2.9200.16384	Windows Image Resource
imagesp1.dll	6.2.9200.16384	Windows SP1 Image Resource
imapi.dll	6.2.9200.16384	Image Mastering API
imapi2.dll	6.2.9200.16384	Image Mastering API v2
imapi2fs.dll	6.2.9200.16384	Image Mastering File System Imaging API v2
imgutil.dll	10.0.9200.16384	IE plugin image decoder support DLL
imm32.dll	6.2.9200.16384	Multi-User Windows IMM32 API Client DLL
inetcomm.dll	6.2.9200.16384	Microsoft Internet Messaging API Resources
inetmib1.dll	6.2.9200.16384	Microsoft MIB-II subagent
inetres.dll	6.2.9200.16384	Microsoft Internet Messaging API Resources
inked.dll	6.2.9200.16384	Microsoft Tablet PC InkEdit Control
input.dll	6.2.9200.16433	InputSetting DLL
inputswitch.dll	6.2.9200.16384	Microsoft Windows Input Switcher
inseng.dll	10.0.9200.16384	Install engine
intel_opencl_icd32.dll	1.2.1.0	OpenCL Client DLL
intelopencl32.dll	1.1.0.1003	Intel(R) OpenCL(TM) Runtime
iologmsg.dll	6.2.9200.16384	IO Logging DLL
iphlpapi.dll	6.2.9200.16420	IP Helper API
iprop.dll	6.2.9200.16384	OLE PropertySet Implementation
iprtprio.dll	6.2.9200.16384	IP Routing Protocol Priority DLL
iprtrmgr.dll	6.2.9200.16384	IP Router Manager
ipsecsnp.dll	6.2.9200.16384	IP Security Policy Management Snap-in
ipsmsnap.dll	6.2.9200.16384	IP Security Monitor Snap-in
ir32_32.dll	6.2.9200.16384	IR32_32 WRAPPER DLL
ir32_32original.dll	3.24.15.3	Intel Indeo(R) Video R3.2 32-bit Driver
ir41_32original.dll	4.51.16.3	Intel Indeo® Video 4.5
ir41_qc.dll	6.2.9200.16384	IR41_QC WRAPPER DLL
ir41_qcoriginal.dll	4.30.62.2	Intel Indeo® Video Interactive Quick Compressor
ir41_qcx.dll	6.2.9200.16384	IR41_QCX WRAPPER DLL
ir41_qcxoriginal.dll	4.30.64.1	Intel Indeo® Video Interactive Quick Compressor
ir50_32.dll	6.2.9200.16384	IR50_32 WRAPPER DLL
ir50_32original.dll	5.2562.15.55	Intel Indeo® video 5.10
ir50_qc.dll	6.2.9200.16384	IR50_QC WRAPPER DLL
ir50_qcoriginal.dll	5.0.63.48	Intel Indeo® video 5.10 Quick Compressor
ir50_qcx.dll	6.2.9200.16384	IR50_QCX WRAPPER DLL
ir50_qcxoriginal.dll	5.0.64.48	Intel Indeo® video 5.10 Quick Compressor
irclass.dll	6.2.9200.16384	Infrared Class Coinstaller
iscsicpl.dll	5.2.3790.1830	iSCSI Initiator Control Panel Applet
iscsidsc.dll	6.2.9200.16384	iSCSI Discovery api
iscsied.dll	6.2.9200.16384	iSCSI Extension DLL
iscsium.dll	6.2.9200.16384	iSCSI Discovery api
iscsiwmi.dll	6.2.9200.16384	MS iSCSI Initiator WMI Provider
iscsiwmiv2.dll	6.2.9200.16384	WMI Provider for iSCSI
issacapi_bs-2.3.dll
issacapi_pe-2.3.dll
issacapi_se-2.3.dll
itircl.dll	6.2.9200.16384	Microsoft® InfoTech IR Local DLL
itss.dll	6.2.9200.16384	Microsoft® InfoTech Storage System Library
iuseventlog.dll
iyuv_32.dll	6.2.9200.16384	Intel Indeo(R) Video YUV Codec
jscript.dll	5.8.9200.16598	Microsoft ® JScript
jscript9.dll	10.0.9200.16598	Microsoft ® JScript
jsproxy.dll	10.0.9200.16537	JScript Proxy Auto-Configuration
kbd101.dll	6.2.9200.16384	JP Japanese Keyboard Layout for 101
kbd101a.dll	6.2.9200.16384	KO Hangeul Keyboard Layout for 101 (Type A)
kbd101b.dll	6.2.9200.16384	KO Hangeul Keyboard Layout for 101(Type B)
kbd101c.dll	6.2.9200.16384	KO Hangeul Keyboard Layout for 101(Type C)
kbd103.dll	6.2.9200.16384	KO Hangeul Keyboard Layout for 103
kbd106.dll	6.2.9200.16384	JP Japanese Keyboard Layout for 106
kbd106n.dll	6.2.9200.16384	JP Japanese Keyboard Layout for 106
kbda1.dll	6.2.9200.16384	Arabic_English_101 Keyboard Layout
kbda2.dll	6.2.9200.16384	Arabic_2 Keyboard Layout
kbda3.dll	6.2.9200.16384	Arabic_French_102 Keyboard Layout
kbdal.dll	6.2.9200.16384	Albania Keyboard Layout
kbdarme.dll	6.2.9200.16384	Eastern Armenian Keyboard Layout
kbdarmph.dll	6.2.9200.16384	Armenian Phonetic Keyboard Layout
kbdarmty.dll	6.2.9200.16384	Armenian Typewriter Keyboard Layout
kbdarmw.dll	6.2.9200.16384	Western Armenian Keyboard Layout
kbdax2.dll	6.2.9200.16384	JP Japanese Keyboard Layout for AX2
kbdaze.dll	6.2.9200.16384	Azerbaijan_Cyrillic Keyboard Layout
kbdazel.dll	6.2.9200.16384	Azeri-Latin Keyboard Layout
kbdbash.dll	6.2.9200.16384	Bashkir Keyboard Layout
kbdbe.dll	6.2.9200.16384	Belgian Keyboard Layout
kbdbene.dll	6.2.9200.16384	Belgian Dutch Keyboard Layout
kbdbgph.dll	6.2.9200.16384	Bulgarian Phonetic Keyboard Layout
kbdbgph1.dll	6.2.9200.16384	Bulgarian (Phonetic Traditional) Keyboard Layout
kbdbhc.dll	6.2.9200.16384	Bosnian (Cyrillic) Keyboard Layout
kbdblr.dll	6.2.9200.16384	Belarusian Keyboard Layout
kbdbr.dll	6.2.9200.16384	Brazilian Keyboard Layout
kbdbu.dll	6.2.9200.16384	Bulgarian (Typewriter) Keyboard Layout
kbdbulg.dll	6.2.9200.16384	Bulgarian Keyboard Layout
kbdca.dll	6.2.9200.16384	Canadian Multilingual Keyboard Layout
kbdcan.dll	6.2.9200.16384	Canadian Multilingual Standard Keyboard Layout
kbdcher.dll	6.2.9200.16384	Cherokee Nation Keyboard Layout
kbdcherp.dll	6.2.9200.16384	Cherokee Phonetic Keyboard Layout
kbdcr.dll	6.2.9200.16384	Croatian/Slovenian Keyboard Layout
kbdcz.dll	6.2.9200.16384	Czech Keyboard Layout
kbdcz1.dll	6.2.9200.16384	Czech_101 Keyboard Layout
kbdcz2.dll	6.2.9200.16384	Czech_Programmer's Keyboard Layout
kbdda.dll	6.2.9200.16384	Danish Keyboard Layout
kbddiv1.dll	6.2.9200.16384	Divehi Phonetic Keyboard Layout
kbddiv2.dll	6.2.9200.16384	Divehi Typewriter Keyboard Layout
kbddv.dll	6.2.9200.16384	Dvorak US English Keyboard Layout
kbdes.dll	6.2.9200.16384	Spanish Alernate Keyboard Layout
kbdest.dll	6.2.9200.16384	Estonia Keyboard Layout
kbdfa.dll	6.2.9200.16384	Persian Keyboard Layout
kbdfar.dll	6.2.9200.16384	Persian Standard Keyboard Layout
kbdfc.dll	6.2.9200.16384	Canadian French Keyboard Layout
kbdfi.dll	6.2.9200.16384	Finnish Keyboard Layout
kbdfi1.dll	6.2.9200.16384	Finnish-Swedish with Sami Keyboard Layout
kbdfo.dll	6.2.9200.16384	Færoese Keyboard Layout
kbdfr.dll	6.2.9200.16384	French Keyboard Layout
kbdgae.dll	6.2.9200.16384	Scottish Gaelic (United Kingdom) Keyboard Layout
kbdgeo.dll	6.2.9200.16384	Georgian Keyboard Layout
kbdgeoer.dll	6.2.9200.16384	Georgian (Ergonomic) Keyboard Layout
kbdgeome.dll	6.2.9200.16384	Georgian (MES) Keyboard Layout
kbdgeooa.dll	6.2.9200.16384	Georgian (Old Alphabets) Keyboard Layout
kbdgeoqw.dll	6.2.9200.16384	Georgian (QWERTY) Keyboard Layout
kbdgkl.dll	6.2.9200.16384	Greek_Latin Keyboard Layout
kbdgr.dll	6.2.9200.16384	German Keyboard Layout
kbdgr1.dll	6.2.9200.16384	German_IBM Keyboard Layout
kbdgrlnd.dll	6.2.9200.16384	Greenlandic Keyboard Layout
kbdhau.dll	6.2.9200.16384	Hausa Keyboard Layout
kbdhaw.dll	6.2.9200.16384	Hawaiian Keyboard Layout
kbdhe.dll	6.2.9200.16384	Greek Keyboard Layout
kbdhe220.dll	6.2.9200.16384	Greek IBM 220 Keyboard Layout
kbdhe319.dll	6.2.9200.16384	Greek IBM 319 Keyboard Layout
kbdheb.dll	6.2.9200.16384	KBDHEB Keyboard Layout
kbdhebl3.dll	6.2.9200.16433	Hebrew Standard Keyboard Layout
kbdhela2.dll	6.2.9200.16384	Greek IBM 220 Latin Keyboard Layout
kbdhela3.dll	6.2.9200.16384	Greek IBM 319 Latin Keyboard Layout
kbdhept.dll	6.2.9200.16384	Greek_Polytonic Keyboard Layout
kbdhu.dll	6.2.9200.16384	Hungarian Keyboard Layout
kbdhu1.dll	6.2.9200.16384	Hungarian 101-key Keyboard Layout
kbdibm02.dll	6.2.9200.16384	JP Japanese Keyboard Layout for IBM 5576-002/003
kbdibo.dll	6.2.9200.16384	Igbo Keyboard Layout
kbdic.dll	6.2.9200.16384	Icelandic Keyboard Layout
kbdinasa.dll	6.2.9200.16384	Assamese (Inscript) Keyboard Layout
kbdinbe1.dll	6.2.9200.16384	Bengali - Inscript (Legacy) Keyboard Layout
kbdinbe2.dll	6.2.9200.16384	Bengali (Inscript) Keyboard Layout
kbdinben.dll	6.2.9200.16384	Bengali Keyboard Layout
kbdindev.dll	6.2.9200.16384	Devanagari Keyboard Layout
kbdinen.dll	6.2.9200.16384	English - India Keyboard Layout
kbdinguj.dll	6.2.9200.16384	Gujarati Keyboard Layout
kbdinhin.dll	6.2.9200.16384	Hindi Keyboard Layout
kbdinkan.dll	6.2.9200.16384	Kannada Keyboard Layout
kbdinmal.dll	6.2.9200.16384	Malayalam Keyboard Layout Keyboard Layout
kbdinmar.dll	6.2.9200.16384	Marathi Keyboard Layout
kbdinori.dll	6.2.9200.16384	Odia Keyboard Layout
kbdinpun.dll	6.2.9200.16384	Punjabi/Gurmukhi Keyboard Layout
kbdintam.dll	6.2.9200.16384	Tamil Keyboard Layout
kbdintel.dll	6.2.9200.16384	Telugu Keyboard Layout
kbdinuk2.dll	6.2.9200.16384	Inuktitut Naqittaut Keyboard Layout
kbdir.dll	6.2.9200.16384	Irish Keyboard Layout
kbdit.dll	6.2.9200.16384	Italian Keyboard Layout
kbdit142.dll	6.2.9200.16384	Italian 142 Keyboard Layout
kbdiulat.dll	6.2.9200.16384	Inuktitut Latin Keyboard Layout
kbdjpn.dll	6.2.9200.16384	JP Japanese Keyboard Layout Stub driver
kbdkaz.dll	6.2.9200.16384	Kazak_Cyrillic Keyboard Layout
kbdkhmr.dll	6.2.9200.16384	Cambodian Standard Keyboard Layout
kbdkni.dll	6.2.9200.16384	Khmer (NIDA) Keyboard Layout
kbdkor.dll	6.2.9200.16384	KO Hangeul Keyboard Layout Stub driver
kbdkurd.dll	6.2.9200.16384	Central Kurdish Keyboard Layout
kbdkyr.dll	6.2.9200.16384	Kyrgyz Keyboard Layout
kbdla.dll	6.2.9200.16384	Latin-American Spanish Keyboard Layout
kbdlao.dll	6.2.9200.16384	Lao Standard Keyboard Layout
kbdlisub.dll	6.2.9200.16384	Lisu Basic Keyboard Layout
kbdlisus.dll	6.2.9200.16384	Lisu Standard Keyboard Layout
kbdlk41a.dll	6.2.9200.16384	DEC LK411-AJ Keyboard Layout
kbdlt.dll	6.2.9200.16384	Lithuania Keyboard Layout
kbdlt1.dll	6.2.9200.16384	Lithuanian Keyboard Layout
kbdlt2.dll	6.2.9200.16384	Lithuanian Standard Keyboard Layout
kbdlv.dll	6.2.9200.16384	Latvia Keyboard Layout
kbdlv1.dll	6.2.9200.16384	Latvia-QWERTY Keyboard Layout
kbdmac.dll	6.2.9200.16384	Macedonian (FYROM) Keyboard Layout
kbdmacst.dll	6.2.9200.16384	Macedonian (FYROM) - Standard Keyboard Layout
kbdmaori.dll	6.2.9200.16384	Maori Keyboard Layout
kbdmlt47.dll	6.2.9200.16384	Maltese 47-key Keyboard Layout
kbdmlt48.dll	6.2.9200.16384	Maltese 48-key Keyboard Layout
kbdmon.dll	6.2.9200.16384	Mongolian Keyboard Layout
kbdmonmo.dll	6.2.9200.16384	Mongolian (Mongolian Script) Keyboard Layout
kbdmyan.dll	6.2.9200.16384	Myanmar Keyboard Layout
kbdne.dll	6.2.9200.16384	Dutch Keyboard Layout
kbdnec.dll	6.2.9200.16384	JP Japanese Keyboard Layout for (NEC PC-9800)
kbdnec95.dll	6.2.9200.16384	JP Japanese Keyboard Layout for (NEC PC-9800 Windows 95)
kbdnecat.dll	6.2.9200.16384	JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX)
kbdnecnt.dll	6.2.9200.16384	JP Japanese NEC PC-9800 Keyboard Layout
kbdnepr.dll	6.2.9200.16384	Nepali Keyboard Layout
kbdnko.dll	6.2.9200.16384	N'Ko Keyboard Layout
kbdno.dll	6.2.9200.16384	Norwegian Keyboard Layout
kbdno1.dll	6.2.9200.16384	Norwegian with Sami Keyboard Layout
kbdnso.dll	6.2.9200.16384	Sesotho sa Leboa Keyboard Layout
kbdntl.dll	6.2.9200.16384	New Tai Leu Keyboard Layout
kbdogham.dll	6.2.9200.16384	Ogham Keyboard Layout
kbdpash.dll	6.2.9200.16384	Pashto (Afghanistan) Keyboard Layout
kbdphags.dll	6.2.9200.16384	Phags-pa Keyboard Layout
kbdpl.dll	6.2.9200.16384	Polish Keyboard Layout
kbdpl1.dll	6.2.9200.16384	Polish Programmer's Keyboard Layout
kbdpo.dll	6.2.9200.16384	Portuguese Keyboard Layout
kbdro.dll	6.2.9200.16384	Romanian (Legacy) Keyboard Layout
kbdropr.dll	6.2.9200.16384	Romanian (Programmers) Keyboard Layout
kbdrost.dll	6.2.9200.16384	Romanian (Standard) Keyboard Layout
kbdru.dll	6.2.9200.16384	Russian Keyboard Layout
kbdru1.dll	6.2.9200.16384	Russia(Typewriter) Keyboard Layout
kbdrum.dll	6.2.9200.16384	Russian - Mnemonic Keyboard Layout
kbdsf.dll	6.2.9200.16384	Swiss French Keyboard Layout
kbdsg.dll	6.2.9200.16384	Swiss German Keyboard Layout
kbdsl.dll	6.2.9200.16384	Slovak Keyboard Layout
kbdsl1.dll	6.2.9200.16384	Slovak(QWERTY) Keyboard Layout
kbdsmsfi.dll	6.2.9200.16384	Sami Extended Finland-Sweden Keyboard Layout
kbdsmsno.dll	6.2.9200.16384	Sami Extended Norway Keyboard Layout
kbdsn1.dll	6.2.9200.16384	Sinhala Keyboard Layout
kbdsorex.dll	6.2.9200.16384	Sorbian Extended Keyboard Layout
kbdsors1.dll	6.2.9200.16384	Sorbian Standard Keyboard Layout
kbdsorst.dll	6.2.9200.16384	Sorbian Standard (Legacy) Keyboard Layout
kbdsp.dll	6.2.9200.16384	Spanish Keyboard Layout
kbdsw.dll	6.2.9200.16384	Swedish Keyboard Layout
kbdsw09.dll	6.2.9200.16384	Sinhala - Wij 9 Keyboard Layout
kbdsyr1.dll	6.2.9200.16384	Syriac Standard Keyboard Layout
kbdsyr2.dll	6.2.9200.16384	Syriac Phoenetic Keyboard Layout
kbdtaile.dll	6.2.9200.16384	Tai Le Keyboard Layout
kbdtajik.dll	6.2.9200.16384	Tajik Keyboard Layout
kbdtat.dll	6.2.9200.16384	Tatar_Cyrillic Keyboard Layout
kbdth0.dll	6.2.9200.16384	Thai Kedmanee Keyboard Layout
kbdth1.dll	6.2.9200.16384	Thai Pattachote Keyboard Layout
kbdth2.dll	6.2.9200.16384	Thai Kedmanee (non-ShiftLock) Keyboard Layout
kbdth3.dll	6.2.9200.16384	Thai Pattachote (non-ShiftLock) Keyboard Layout
kbdtifi.dll	6.2.9200.16384	Tifinagh (Basic) Keyboard Layout
kbdtifi2.dll	6.2.9200.16384	Tifinagh (Extended) Keyboard Layout
kbdtiprc.dll	6.2.9200.16384	Tibetan (PRC) Keyboard Layout
kbdtuf.dll	6.2.9200.16384	Turkish F Keyboard Layout
kbdtuq.dll	6.2.9200.16384	Turkish Q Keyboard Layout
kbdturme.dll	6.2.9200.16384	Turkmen Keyboard Layout
kbdughr.dll	6.2.9200.16384	Uyghur (Legacy) Keyboard Layout
kbdughr1.dll	6.2.9200.16384	Uyghur Keyboard Layout
kbduk.dll	6.2.9200.16384	United Kingdom Keyboard Layout
kbdukx.dll	6.2.9200.16384	United Kingdom Extended Keyboard Layout
kbdur.dll	6.2.9200.16384	Ukrainian Keyboard Layout
kbdur1.dll	6.2.9200.16384	Ukrainian (Enhanced) Keyboard Layout
kbdurdu.dll	6.2.9200.16384	Urdu Keyboard Layout
kbdus.dll	6.2.9200.16384	United States Keyboard Layout
kbdusa.dll	6.2.9200.16384	US IBM Arabic 238_L Keyboard Layout
kbdusl.dll	6.2.9200.16384	Dvorak Left-Hand US English Keyboard Layout
kbdusr.dll	6.2.9200.16384	Dvorak Right-Hand US English Keyboard Layout
kbdusx.dll	6.2.9200.16384	US Multinational Keyboard Layout
kbduzb.dll	6.2.9200.16384	Uzbek_Cyrillic Keyboard Layout
kbdvntc.dll	6.2.9200.16384	Vietnamese Keyboard Layout
kbdwol.dll	6.2.9200.16384	Wolof Keyboard Layout
kbdyak.dll	6.2.9200.16384	Sakha - Russia Keyboard Layout
kbdyba.dll	6.2.9200.16384	Yoruba Keyboard Layout
kbdycc.dll	6.2.9200.16384	Serbian (Cyrillic) Keyboard Layout
kbdycl.dll	6.2.9200.16384	Serbian (Latin) Keyboard Layout
kerberos.dll	6.2.9200.16578	Kerberos Security Package
kernel32.dll	6.2.9200.16604	Windows NT BASE API Client DLL
kernelbase.dll	6.2.9200.16451	Windows NT BASE API Client DLL
keyiso.dll	6.2.9200.16384	CNG Key Isolation Service
keymgr.dll	6.2.9200.16384	Stored User Names and Passwords
korwbrkr.dll	6.2.9200.16384	Korean Word Breaker
ksuser.dll	6.2.9200.16384	User CSA Library
ktmw32.dll	6.2.9200.16384	Windows KTM Win32 Client DLL
l2gpstore.dll	6.2.9200.16384	Policy Storage dll
l2nacp.dll	6.2.9200.16384	Windows Onex Credential Provider
l2sechc.dll	6.2.9200.16384	Layer 2 Security Diagnostics Helper Classes
laprxy.dll	12.0.9200.16384	Windows Media Logagent Proxy
licmgr10.dll	10.0.9200.16384	Microsoft® License Manager DLL
linkinfo.dll	6.2.9200.16384	Windows Volume Tracking
loadperf.dll	6.2.9200.16384	Load & Unload Performance Counters
localsec.dll	6.2.9200.16384	Local Users and Groups MMC Snapin
locationapi.dll	6.2.9200.16384	Microsoft Windows Location API
loghours.dll	6.2.9200.16384	Schedule Dialog
logoncli.dll	6.2.9200.16384	Net Logon Client DLL
lpk.dll	6.2.9200.16453	Language Pack
lsmproxy.dll	6.2.9200.16384	LSM interfaces proxy Dll
luainstall.dll	6.2.9200.16384	Lua manifest install
lz32.dll	6.2.9200.16384	LZ Expand/Compress API DLL
macxmlproto.dll	1.2.2005.128	????? ???? ?????
madrm.dll	3.0.2004.1011	MaDRM DLL
magnification.dll	6.2.9200.16384	Microsoft Magnification API
majguilib.dll	1.0.2004.301	MaJGUILib DLL
mamacextract.dll	1.0.2009.930	???? MAC ?? ?? DLL
mapi32.dll	1.0.2536.0	Extended MAPI 1.0 for Windows NT
mapistub.dll	1.0.2536.0	Extended MAPI 1.0 for Windows NT
maxmlproto.dll	1.0.2004.602	MaXMLProto DLL
mbaeapi.dll	6.2.9200.16384	Mobile Broadband Account Experience API
mbaeapipublic.dll	6.2.9200.16384	Mobile Broadband Account API
mbsmsapi.dll	6.2.9200.16518	Microsoft Windows Mobile Broadband SMS API
mbussdapi.dll	6.2.9200.16384	Microsoft Windows Mobile Broadband USSD API
mcewmdrmndbootstrap.dll	1.3.2310.10	Windows® Media Center WMDRM-ND Receiver Bridge Bootstrap DLL
mciavi32.dll	6.2.9200.16384	Video For Windows MCI driver
mcicda.dll	6.2.9200.16384	MCI driver for cdaudio devices
mciqtz32.dll	6.6.9200.16384	DirectShow MCI Driver
mciseq.dll	6.2.9200.16384	MCI driver for MIDI sequencer
mciwave.dll	6.2.9200.16384	MCI driver for waveform audio
mdminst.dll	6.2.9200.16384	Modem Class Installer
mf.dll	12.0.9200.16384	Media Foundation DLL
mf3216.dll	6.2.9200.16384	32-bit to 16-bit Metafile Conversion DLL
mfaacenc.dll	6.2.9200.16384	Media Foundation AAC Encoder
mfasfsrcsnk.dll	12.0.9200.16437	Media Foundation ASF Source and Sink DLL
mfc100.dll	10.0.40219.325	MFCDLL Shared Library - Retail Version
mfc100chs.dll	10.0.40219.325	MFC Language Specific Resources
mfc100cht.dll	10.0.40219.325	MFC Language Specific Resources
mfc100deu.dll	10.0.40219.325	MFC Language Specific Resources
mfc100enu.dll	10.0.40219.325	MFC Language Specific Resources
mfc100esn.dll	10.0.40219.325	MFC Language Specific Resources
mfc100fra.dll	10.0.40219.325	MFC Language Specific Resources
mfc100ita.dll	10.0.40219.325	MFC Language Specific Resources
mfc100jpn.dll	10.0.40219.325	MFC Language Specific Resources
mfc100kor.dll	10.0.40219.325	MFC Language Specific Resources
mfc100rus.dll	10.0.40219.325	MFC Language Specific Resources
mfc100u.dll	10.0.40219.325	MFCDLL Shared Library - Retail Version
mfc140.dll	14.0.23506.0	MFCDLL Shared Library - Retail Version
mfc140u.dll	14.0.23506.0	MFCDLL Shared Library - Retail Version
mfc40.dll	4.1.0.6140	MFCDLL Shared Library - Retail Version
mfc40u.dll	4.1.0.6140	MFCDLL Shared Library - Retail Version
mfc42.dll	6.6.8063.0	MFCDLL Shared Library - Retail Version
mfc42u.dll	6.6.8063.0	MFCDLL Shared Library - Retail Version
mfcaptureengine.dll	12.0.9200.16451	Media Foundation CaptureEngine DLL
mfcm100.dll	10.0.40219.325	MFC Managed Library - Retail Version
mfcm100u.dll	10.0.40219.325	MFC Managed Library - Retail Version
mfcm140.dll	14.0.23506.0	MFC Managed Library - Retail Version
mfcm140u.dll	14.0.23506.0	MFC Managed Library - Retail Version
mfcore.dll	12.0.9200.16451	Media Foundation Core DLL
mfcsubs.dll	2001.12.10130.16384	COM+
mfds.dll	12.0.9200.16384	Media Foundation Direct Show wrapper DLL
mfdvdec.dll	6.2.9200.16384	Media Foundation DV Decoder
mferror.dll	12.0.9200.16384	Media Foundation Error DLL
mfh264enc.dll	6.2.9200.16420	Media Foundation H264 Encoder
mfmediaengine.dll	6.2.9200.16578	Media Foundation Media Engine DLL
mfmjpegdec.dll	6.2.9200.16384	Media Foundation MJPEG Decoder
mfmp4srcsnk.dll	12.0.9200.16604	Media Foundation MPEG4 Source and Sink DLL
mfmpeg2srcsnk.dll	12.0.9200.16437	Media Foundation MPEG2 Source and Sink DLL
mfnetcore.dll	12.0.9200.16437	Media Foundation Net Core DLL
mfnetsrc.dll	12.0.9200.16437	Media Foundation Net Source DLL
mfplat.dll	12.0.9200.16433	Media Foundation Platform DLL
mfplay.dll	12.0.9200.16420	Media Foundation Playback API DLL
mfps.dll	12.0.9200.16384	Media Foundation Proxy DLL
mfreadwrite.dll	12.0.9200.16578	Media Foundation ReadWrite DLL
mfsrcsnk.dll	12.0.9200.16420	Media Foundation Source and Sink DLL
mfsvr.dll	6.2.9200.16420	Media Foundation Simple Video Renderer DLL
mftranscode.dll	12.0.9200.16384	Media Foundation Transcode DLL
mfvdsp.dll	6.2.9200.16384	Windows Media Foundation Video DSP Components
mfwmaaec.dll	6.2.9200.16384	Windows Media Audio AEC for Media Foundation
mgmtapi.dll	6.2.9200.16384	Microsoft SNMP Manager API (uses WinSNMP)
mi.dll	6.2.9200.16384	Management Infrastructure
midimap.dll	6.2.9200.16384	Microsoft MIDI Mapper
migisol.dll	6.2.9200.16384	Migration System Isolation Layer
miguiresource.dll	6.2.9200.16384	MIG wini32 resources
mimefilt.dll	2008.0.9200.16384	MIME Filter
mirrordrvcompat.dll	6.2.9200.16384	Mirror Driver Compatibility Helper
miutils.dll	6.2.9200.16384	Management Infrastructure
mk_lyric.dll	1.0.1124.1	MK_Lyric
mlang.dll	6.2.9200.16384	Multi Language Support DLL
mmcbase.dll	6.2.9200.16384	MMC Base DLL
mmci.dll	6.2.9200.16384	Media class installer
mmcico.dll	6.2.9200.16384	Media class co-installer
mmcndmgr.dll	6.2.9200.16384	MMC Node Manager DLL
mmcshext.dll	6.2.9200.16384	MMC Shell Extension DLL
mmdevapi.dll	6.2.9200.16420	MMDevice API
mmres.dll	6.2.9200.16384	General Audio Resources
modemui.dll	6.2.9200.16384	Windows Modem Properties
moricons.dll	6.2.9200.16384	Windows NT Setup Icon Resources Library
mp3dmod.dll	6.2.9200.16384	Microsoft MP3 Decoder DMO
mp43decd.dll	6.2.9200.16384	Windows Media MPEG-4 Video Decoder
mp4sdecd.dll	6.2.9200.16496	Windows Media MPEG-4 S Video Decoder
mpg4decd.dll	6.2.9200.16384	Windows Media MPEG-4 Video Decoder
mpr.dll	6.2.9200.16384	Multiple Provider Router DLL
mprapi.dll	6.2.9200.16384	Windows NT MP Router Administration DLL
mprddm.dll	6.2.9200.16384	Demand Dial Manager Supervisor
mprdim.dll	6.2.9200.16384	Dynamic Interface Manager
mprext.dll	6.2.9200.16384	Multiple Provider Router Extension DLL
mprmsg.dll	6.2.9200.16384	Multi-Protocol Router Service Messages DLL
mrmcorer.dll	6.2.9200.16384	Microsoft Windows MRM
mrmindexer.dll	6.2.9200.16384	Microsoft Windows MRM
msaatext.dll	2.0.10413.0	Active Accessibility text support
msac3enc.dll	6.2.9200.16384	Microsoft AC-3 Encoder
msacm32.dll	6.2.9200.16384	Microsoft ACM Audio Filter
msadce.dll	6.2.9200.16384	OLE DB Cursor Engine
msadcer.dll	6.2.9200.16384	OLE DB Cursor Engine Resources
msadco.dll	6.2.9200.16384	Remote Data Services Data Control
msadcor.dll	6.2.9200.16384	Remote Data Services Data Control Resources
msadds.dll	6.2.9200.16384	OLE DB Data Shape Provider
msaddsr.dll	6.2.9200.16384	OLE DB Data Shape Provider Resources
msader15.dll	6.2.9200.16384	ActiveX Data Objects Resources
msado15.dll	6.2.9200.16384	ActiveX Data Objects
msadomd.dll	6.2.9200.16384	ActiveX Data Objects (Multi-Dimensional)
msador15.dll	6.2.9200.16384	Microsoft ActiveX Data Objects Recordset
msadox.dll	6.2.9200.16384	ActiveX Data Objects Extensions
msadrh15.dll	6.2.9200.16384	ActiveX Data Objects Rowset Helper
msafd.dll	6.2.9200.16384	Microsoft Windows Sockets 2.0 Service Provider
msasn1.dll	6.2.9200.16384	ASN.1 Runtime APIs
msauddecmft.dll	6.2.9200.16578	Media Foundation Audio Decoders
msaudite.dll	6.2.9200.16384	Security Audit Events DLL
mscandui.dll	6.2.9200.16384	MSCANDUI Server DLL
mscat32.dll	6.2.9200.16384	MSCAT32 Forwarder DLL
msclib.dll	1.0.0.8	MSCLib DLL
msclmd.dll	6.2.9200.16384	Microsoft Class Mini-driver
mscms.dll	6.2.9200.16384	Microsoft Color Matching System DLL
mscoree.dll	4.0.41209.0	Microsoft .NET Runtime Execution Engine
mscorier.dll	2.0.50727.6387	Microsoft .NET Runtime IE resources
mscories.dll	2.0.50727.6387	Microsoft .NET IE SECURITY REGISTRATION
mscpx32r.dll	6.2.9200.16384	ODBC Code Page Translator Resources
mscpxl32.dll	6.2.9200.16384	ODBC Code Page Translator
msctf.dll	6.2.9200.16496	MSCTF Server DLL
msctfmonitor.dll	6.2.9200.16384	MsCtfMonitor DLL
msctfp.dll	6.2.9200.16384	MSCTFP Server DLL
msctfui.dll	6.2.9200.16384	MSCTFUI Server DLL
msdadc.dll	6.2.9200.16384	OLE DB Data Conversion Stub
msdadiag.dll	6.2.9200.16384	Built-In Diagnostics
msdaenum.dll	6.2.9200.16384	OLE DB Root Enumerator Stub
msdaer.dll	6.2.9200.16384	OLE DB Error Collection Stub
msdaora.dll	6.2.9200.16384	OLE DB Provider for Oracle
msdaorar.dll	6.2.9200.16384	OLE DB Provider for Oracle Resources
msdaosp.dll	6.2.9200.16384	OLE DB Simple Provider
msdaprsr.dll	6.2.9200.16384	OLE DB Persistence Services Resources
msdaprst.dll	6.2.9200.16384	OLE DB Persistence Services
msdaps.dll	6.2.9200.16384	OLE DB Interface Proxies/Stubs
msdarem.dll	6.2.9200.16384	OLE DB Remote Provider
msdaremr.dll	6.2.9200.16384	OLE DB Remote Provider Resources
msdart.dll	6.2.9200.16384	OLE DB Runtime Routines
msdasc.dll	6.2.9200.16384	OLE DB Service Components Stub
msdasql.dll	6.2.9200.16384	OLE DB Provider for ODBC Drivers
msdasqlr.dll	6.2.9200.16384	OLE DB Provider for ODBC Drivers Resources
msdatl3.dll	6.2.9200.16384	OLE DB Implementation Support Routines
msdatt.dll	6.2.9200.16384	OLE DB Temporary Table Services
msdaurl.dll	6.2.9200.16384	OLE DB RootBinder Stub
msdelta.dll	6.2.9200.16384	Microsoft Patch Engine
msdfmap.dll	6.2.9200.16384	Data Factory Handler
msdmo.dll	6.6.9200.16384	DMO Runtime
msdrm.dll	6.2.9200.16384	Windows Rights Management client
msdtcprx.dll	2001.12.10130.16384	Microsoft Distributed Transaction Coordinator OLE Transactions Interface Proxy DLL
msdtcuiu.dll	2001.12.10130.16384	Microsoft Distributed Transaction Coordinator Administrative DLL
msdtcvsp1res.dll	2001.12.10130.16384	Microsoft Distributed Transaction Coordinator Resources for Vista SP1
msexch40.dll	4.0.9756.0	Microsoft Jet Exchange Isam
msexcl40.dll	4.0.9756.0	Microsoft Jet Excel Isam
msfeeds.dll	10.0.9200.16598	Microsoft Feeds Manager
msfeedsbs.dll	10.0.9200.16384	Microsoft Feeds Background Sync
msflib.dll	1.0.0.7	MSFLib DLL
msftedit.dll	6.2.9200.16384	Rich Text Edit Control, v7.5
mshtml.dll	10.0.9200.16612	Microsoft (R) HTML Viewer
mshtmled.dll	10.0.9200.16384	Microsoft® HTML Editing Component
mshtmler.dll	10.0.9200.16384	Microsoft® HTML Editing Component's Resource DLL
msi.dll	5.0.9200.16384	Windows Installer
msidcrl40.dll	6.2.9200.16384	Microsoft® Account Dynamic Link Library
msident.dll	6.2.9200.16384	Microsoft Identity Manager
msidle.dll	6.2.9200.16384	User Idle Monitor
msidntld.dll	6.2.9200.16384	Microsoft Identity Manager
msieftp.dll	6.2.9200.16384	Microsoft Internet Explorer FTP Folder Shell Extension
msihnd.dll	5.0.9200.16384	Windows® installer
msiltcfg.dll	5.0.9200.16384	Windows Installer Configuration API Stub
msimg32.dll	6.2.9200.16384	GDIEXT Client DLL
msimsg.dll	5.0.9200.16384	Windows® Installer International Messages
msimtf.dll	6.2.9200.16384	Active IMM Server DLL
msisip.dll	5.0.9200.16384	MSI Signature SIP Provider
msiwer.dll	5.0.9200.16384	MSI Windows Error Reporting
msjet40.dll	4.0.9765.0	Microsoft Jet Engine Library
msjetoledb40.dll	4.0.9756.0
msjint40.dll	4.0.9765.0	Microsoft Jet Database Engine International DLL
msjro.dll	6.2.9200.16384	Jet and Replication Objects
msjter40.dll	4.0.9756.0	Microsoft Jet Database Engine Error DLL
msjtes40.dll	4.0.9756.0	Microsoft Jet Expression Service
mskeyprotcli.dll	6.2.9200.16384	Windows Client Key Protection Provider
mskeyprotect.dll	6.2.9200.16384	Microsoft Key Protection Provider
msls31.dll	3.10.349.0	Microsoft Line Services library file
msltus40.dll	4.0.9756.0	Microsoft Jet Lotus 1-2-3 Isam
mslur71.dll	7.10.0.0	User-Generated Microsoft (R) C/C++ Runtime Library
msmapi32.dll	15.0.4420.1017	Extended MAPI 1.0 for Windows NT
msmpeg2adec.dll	12.0.8506.0	Microsoft DTV-DVD Audio Decoder
msmpeg2enc.dll	12.0.9200.16384	Microsoft MPEG-2 Encoder
msmpeg2vdec.dll	12.0.9200.16429	Microsoft DTV-DVD Video Decoder
msnetobj.dll	11.0.9200.16384	DRM ActiveX Network Object
msobjs.dll	6.2.9200.16384	System object audit names
msoeacct.dll	6.2.9200.16384	Microsoft Internet Account Manager
msoert2.dll	6.2.9200.16384	Microsoft Windows Mail RT Lib
msorc32r.dll	6.2.9200.16384	ODBC Driver for Oracle Resources
msorcl32.dll	6.2.9200.16384	ODBC Driver for Oracle
mspatcha.dll	6.2.9200.16384	Microsoft File Patch Application API
mspatchc.dll	6.2.9200.16384	Microsoft Patch Creation Engine
mspbde40.dll	4.0.9756.0	Microsoft Jet Paradox Isam
msports.dll	6.2.9200.16384	Ports Class Installer
msrating.dll	10.0.9200.16384	Internet Ratings and Local User Management DLL
msrd2x40.dll	4.0.9756.0	Microsoft (R) Red ISAM
msrd3x40.dll	4.0.9756.0	Microsoft (R) Red ISAM
msrdc.dll	6.2.9200.16384	Remote Differential Compression COM server
msrdpwebaccess.dll	6.2.9200.16384	Microsoft Remote Desktop Services Web Access Control
msrepl40.dll	4.0.9756.0	Microsoft Replication Library
msrle32.dll	6.2.9200.16384	Microsoft RLE Compressor
msscntrs.dll	7.0.9200.16433	PKM Perfmon Counter DLL
msscp.dll	11.0.9200.16384	Windows Media Secure Content Provider
mssha.dll	6.2.9200.16384	Windows Security Health Agent
msshavmsg.dll	6.2.9200.16384	Windows Security Health Agent Validator Message
msshooks.dll	7.0.9200.16578	Microsoft Search Hooks
mssign32.dll	6.2.9200.16384	Microsoft Trust Signing APIs
mssip32.dll	6.2.9200.16384	MSSIP32 Forwarder DLL
mssitlb.dll	7.0.9200.16433	mssitlb
msspellcheckingfacility.dll	6.2.9200.16420	Microsoft Spell Checking Facility
mssph.dll	7.0.9200.16578	Microsoft Search Protocol Handler
mssphtb.dll	7.0.9200.16578	Outlook MSSearch Connector
mssprxy.dll	7.0.9200.16578	Microsoft Search Proxy
mssrch.dll	7.0.9200.16578	Microsoft Embedded Search
mssvp.dll	7.0.9200.16578	MSSearch Vista Platform
mstask.dll	6.2.9200.16384	Task Scheduler interface DLL
mstext40.dll	4.0.9756.0	Microsoft Jet Text Isam
mstscax.dll	6.2.9200.16518	Remote Desktop Services ActiveX Client
msutb.dll	6.2.9200.16384	MSUTB Server DLL
msv1_0.dll	6.2.9200.16384	Microsoft Authentication Package v1.0
msvbvm60.dll	6.0.98.15	Visual Basic Virtual Machine
msvcirt.dll	7.0.9200.16384	Windows NT IOStreams DLL
msvcp100.dll	10.0.40219.325	Microsoft® C Runtime Library
msvcp110.dll	11.0.50727.1	Microsoft® C Runtime Library
msvcp110_clr0400.dll	11.0.50709.17929	Microsoft® C Runtime Library
msvcp110d.dll	11.0.50727.1	Microsoft® C Runtime Library
msvcp140.dll	14.0.23506.0	Microsoft® C Runtime Library
msvcp60.dll	7.0.9200.16384	Windows NT C++ Runtime Library DLL
msvcp71.dll	7.10.3077.0	Microsoft® C++ Runtime Library
msvcr100.dll	10.0.40219.325	Microsoft® C Runtime Library
msvcr100_clr0400.dll	11.0.50709.18010	Microsoft® .NET Framework
msvcr110.dll	11.0.50727.1	Microsoft® C Runtime Library
msvcr110_clr0400.dll	11.0.50709.17929	Microsoft® C Runtime Library
msvcr110d.dll	11.0.50727.1	Microsoft® C Runtime Library
msvcr71.dll	7.10.3052.4	Microsoft® C Runtime Library
msvcrt.dll	7.0.9200.16384	Windows NT CRT DLL
msvcrt20.dll	2.12.0.0	Microsoft® C Runtime Library
msvcrt40.dll	6.2.9200.16384	VC 4.x CRT DLL (Forwarded to msvcrt.dll)
msvfw32.dll	6.2.9200.16384	Microsoft Video for Windows DLL
msvidc32.dll	6.2.9200.16384	Microsoft Video 1 Compressor
msvidctl.dll	6.5.9200.16384	ActiveX control for streaming video
msvideodsp.dll	6.2.9200.16384	Video Stabilization MFT
msvproc.dll	12.0.9200.16420	Media Foundation Video Processor
mswdat10.dll	4.0.9756.0	Microsoft Jet Sort Tables
mswmdm.dll	12.0.9200.16384	Windows Media Device Manager Core
mswsock.dll	6.2.9200.16433	Microsoft Windows Sockets 2.0 Service Provider
mswstr10.dll	4.0.9765.0	Microsoft Jet Sort Library
msxactps.dll	6.2.9200.16384	OLE DB Transaction Proxies/Stubs
msxbde40.dll	4.0.9756.0	Microsoft Jet xBASE Isam
msxml3.dll	8.110.9200.16447	MSXML 3.0
msxml3a.dll	8.10.8308.0	XML Resources
msxml3r.dll	8.110.9200.16447	XML Resources
msxml6.dll	6.30.9200.16447	MSXML 6.0
msxml6r.dll	6.30.9200.16447	XML Resources
msyuv.dll	6.2.9200.16384	Microsoft UYVY Video Decompressor
mttelechip.dll	1.9.4.2	USB Dynamic Link Library for TCC730
mtxclu.dll	2001.12.10130.16384	Microsoft Distributed Transaction Coordinator Failover Clustering Support DLL
mtxdm.dll	2001.12.10130.16384	COM+
mtxex.dll	2001.12.10130.16384	COM+
mtxlegih.dll	2001.12.10130.16384	COM+
mtxoci.dll	2001.12.10130.16384	Microsoft Distributed Transaction Coordinator Database Support DLL for Oracle
mtxsyncicon.dll	1.0.0.1	MTXSYNCICON Module
muifontsetup.dll	6.2.9200.16604	MUI Callback for font registry settings
muzaf1.dll	1.0.0.60410	AOD Sourcer Filter
muzapp.dll	1.3.9.303	MUZAoDAppCtrl Module
muzwmts.dll	1.0.0.60208	P3WMTSplitter Filter
mycomput.dll	6.2.9200.16384	Computer Management
mydocs.dll	6.2.9200.16384	My Documents Folder UI
napcrypt.dll	6.2.9200.16384	NAP Cryptographic API helper
napdsnap.dll	6.2.9200.16384	NAP GPEdit Extension
naphlpr.dll	6.2.9200.16384	NAP client config API helper
napinsp.dll	6.2.9200.16384	E-mail Naming Shim Provider
napipsec.dll	6.2.9200.16384	NAP IPSec Enforcement Client
napmontr.dll	6.2.9200.16384	NAP Netsh Helper
naturallanguage6.dll	6.2.9200.16384	Natural Language Development Platform 6
ncaapi.dll	6.2.9200.16384	Microsoft Network Connectivity Assistant API
ncdprop.dll	6.2.9200.16384	Advanced network device properties
nci.dll	6.2.9200.16384	CoInstaller: NET
ncobjapi.dll	6.2.9200.16384	Microsoft® Windows® Operating System
ncrypt.dll	6.2.9200.16384	Windows NCrypt Router
ncryptprov.dll	6.2.9200.16384	Microsoft KSP
ncryptsslp.dll	6.2.9200.16464	Microsoft SChannel Provider
nddeapi.dll	6.2.9200.16384	Network DDE Share Management APIs
ndfapi.dll	6.2.9200.16384	Network Diagnostic Framework Client API
ndfetw.dll	6.2.9200.16384	Network Diagnostic Engine Event Interface
ndfhcdiscovery.dll	6.2.9200.16384	Network Diagnostic Framework HC Discovery API
ndiscapcfg.dll	6.2.9200.16384	NdisCap Notify Object
ndishc.dll	6.2.9200.16384	NDIS Helper Classes
ndproxystub.dll	6.2.9200.16384	Network Diagnostic Engine Proxy/Stub
negoexts.dll	6.2.9200.16384	NegoExtender Security Package
netapi32.dll	6.2.9200.16384	Net Win32 API DLL
netbios.dll	6.2.9200.16384	NetBIOS Interface Library
netcenter.dll	6.2.9200.16384	Network Center control panel
netcfgx.dll	6.2.9200.16384	Network Configuration Objects
netcorehc.dll	6.2.9200.16384	Networking Core Diagnostics Helper Classes
netdiagfx.dll	6.2.9200.16384	Network Diagnostic Framework
netevent.dll	6.2.9200.16384	Net Event Handler
netfxperf.dll	4.0.41209.0	Extensible Performance Counter Shim
neth.dll	6.2.9200.16384	Net Help Messages DLL
netid.dll	6.2.9200.16384	System Control Panel Applet; Network ID Page
netiohlp.dll	6.2.9200.16384	Netio Helper DLL
netjoin.dll	6.2.9200.16384	Domain Join DLL
netlogon.dll	6.2.9200.16384	Net Logon Services DLL
netmsg.dll	6.2.9200.16384	Net Messages DLL
netplwiz.dll	6.2.9200.16604	Map Network Drives/Network Places Wizard
netprofm.dll	6.2.9200.16604	Network List Manager
netprovisionsp.dll	6.2.9200.16384	Provisioning Service Provider DLL
netshell.dll	6.2.9200.16384	Network Connections Shell
netutils.dll	6.2.9200.16384	Net Win32 API Helpers DLL
networkexplorer.dll	6.2.9200.16384	Network Explorer
networkitemfactory.dll	6.2.9200.16384	NetworkItem Factory
newdev.dll	6.0.5054.0	Add Hardware Device Library
ninput.dll	6.2.9200.16384	Microsoft Pen and Touch Input Component
nlaapi.dll	6.2.9200.16518	Network Location Awareness 2
nlhtml.dll	2008.0.9200.16384	HTML filter
nlmgp.dll	6.2.9200.16384	Network List Manager Snapin
nlmproxy.dll	6.2.9200.16518	Network List Manager Public Proxy
nlmsprep.dll	6.2.9200.16518	Network List Manager Sysprep Module
nlsbres.dll	6.2.9200.16384	NLSBuild resource DLL
nlsdata0000.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0001.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0002.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0003.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0007.dll	6.2.9200.16384	Microsoft German Natural Language Server Data and Code
nlsdata0009.dll	6.2.9200.16384	Microsoft English Natural Language Server Data and Code
nlsdata000a.dll	6.2.9200.16384	Microsoft Spanish Natural Language Server Data and Code
nlsdata000c.dll	6.2.9200.16384	Microsoft French Natural Language Server Data and Code
nlsdata000d.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata000f.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0010.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0011.dll	6.2.9200.16384	Microsoft Japanese Natural Language Server Data and Code
nlsdata0013.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0018.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0019.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata001a.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata001b.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata001d.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0020.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0021.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0022.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0024.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0026.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0027.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata002a.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0039.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata003e.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0045.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0046.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0047.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0049.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata004a.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata004b.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata004c.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata004e.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0414.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0416.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0816.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata081a.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0c1a.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdl.dll	6.2.9200.16384	Nls Downlevel DLL
nlslexicons0001.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0002.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0003.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0007.dll	6.2.9200.16384	Microsoft German Natural Language Server Data and Code
nlslexicons0009.dll	6.2.9200.16384	Microsoft English Natural Language Server Data and Code
nlslexicons000a.dll	6.2.9200.16384	Microsoft Spanish Natural Language Server Data and Code
nlslexicons000c.dll	6.2.9200.16384	Microsoft French Natural Language Server Data and Code
nlslexicons000d.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons000f.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0010.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0011.dll	6.2.9200.16384	Microsoft Japanese Natural Language Server Data and Code
nlslexicons0013.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0018.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0019.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons001a.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons001b.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons001d.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0020.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0021.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0022.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0024.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0026.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0027.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons002a.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0039.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons003e.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0045.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0046.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0047.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0049.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons004a.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons004b.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons004c.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons004e.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0414.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0416.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0816.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons081a.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0c1a.dll	6.2.9200.16384	Microsoft Neutral Natural Language Server Data and Code
nlsmodels0011.dll	6.2.9200.16384	Microsoft Japanese Natural Language Server Data and Code
normaliz.dll	6.2.9200.16384	Unicode Normalization DLL
npmproxy.dll	6.2.9200.16604	Network List Manager Proxy
nshhttp.dll	6.2.9200.16384	HTTP netsh DLL
nshipsec.dll	6.2.9200.16384	Net Shell IP Security helper DLL
nshwfp.dll	6.2.9200.16465	Windows Filtering Platform Netsh Helper
nsi.dll	6.2.9200.16384	NSI User-mode interface DLL
ntasn1.dll	6.2.9200.16384	Microsoft ASN.1 API
ntdll.dll	6.2.9200.16578	NT Layer DLL
ntdsapi.dll	6.2.9200.16384	Active Directory Domain Services API
ntlanman.dll	6.2.9200.16384	Microsoft® Lan Manager
ntlanui2.dll	6.2.9200.16384	Network object shell UI
ntmarta.dll	6.2.9200.16384	Windows NT MARTA provider
ntprint.dll	6.2.9200.16384	Spooler Setup DLL
ntshrui.dll	6.2.9200.16384	Shell extensions for sharing
ntvdm64.dll	6.2.9200.16384	16-bit Emulation on NT64
nvd3dum.dll	9.18.13.286	NVIDIA WDDM D3D Driver, Version 302.86
nvwgf2um.dll	9.18.13.286	NVIDIA D3D10 Driver, Version 302.86
objsel.dll	6.2.9200.16384	Object Picker Dialog
occache.dll	10.0.9200.16384	Object Control Viewer
ocsetapi.dll	6.2.9200.16384	Windows Optional Component Setup API
odbc32.dll	6.2.9200.16384	ODBC Driver Manager
odbcbcp.dll	6.2.9200.16384	BCP for ODBC
odbcconf.dll	6.2.9200.16384	ODBC Driver Configuration Program
odbccp32.dll	6.2.9200.16384	ODBC Installer
odbccr32.dll	6.2.9200.16384	ODBC Cursor Library
odbccu32.dll	6.2.9200.16384	ODBC Cursor Library
odbcint.dll	6.2.9200.16384	ODBC Resources
odbcji32.dll	6.2.9200.16384	Microsoft ODBC Desktop Driver Pack 3.5
odbcjt32.dll	6.2.9200.16384	Microsoft ODBC Desktop Driver Pack 3.5
odbctrac.dll	6.2.9200.16384	ODBC Driver Manager Trace
oddbse32.dll	6.2.9200.16384	ODBC (3.0) driver for DBase
odexl32.dll	6.2.9200.16384	ODBC (3.0) driver for Excel
odfox32.dll	6.2.9200.16384	ODBC (3.0) driver for FoxPro
odpdx32.dll	6.2.9200.16384	ODBC (3.0) driver for Paradox
odtext32.dll	6.2.9200.16384	ODBC (3.0) driver for text files
oemlicense.dll
offfilt.dll	2008.0.9200.16384	OFFICE Filter
ogldrv.dll	6.2.9200.16384	MSOGL
ole2.dll	2.10.35.35	OLE 2.1 16/32 Interoperability Library
ole2disp.dll	2.10.3050.1	OLE 2.1 16/32 Interoperability Library
ole2nls.dll	2.10.3050.1	OLE 2.1 16/32 Interoperability Library
ole32.dll	6.2.9200.16451	Microsoft OLE for Windows
oleacc.dll	7.2.9200.16384	Active Accessibility Core Component
oleacchooks.dll	7.2.9200.16384	Active Accessibility Event Hooks Library
oleaccrc.dll	7.2.9200.16384	Active Accessibility Resource DLL
oleaut32.dll	6.2.9200.16384
olecli32.dll	6.2.9200.16384	Object Linking and Embedding Client Library
oledb32.dll	6.2.9200.16384	OLE DB Core Services
oledb32r.dll	6.2.9200.16384	OLE DB Core Services Resources
oledlg.dll	6.2.9200.16384	OLE User Interface Support
oleprn.dll	6.2.9200.16384	Oleprn DLL
olepro32.dll	6.2.9200.16384
olesvr32.dll	6.2.9200.16384	Object Linking and Embedding Server Library
olethk32.dll	6.2.9200.16384	Microsoft OLE for Windows
onex.dll	6.2.9200.16384	IEEE 802.1X supplicant library
onexui.dll	6.2.9200.16384	IEEE 802.1X supplicant UI library
oobefldr.dll	6.2.9200.16384	Getting Started
opcservices.dll	6.2.9200.16384	Native Code OPC Services Library
opencl.dll	1.2.1.0	OpenCL Client DLL
opengl32.dll	6.2.9200.16384	OpenGL Client DLL
osbaseln.dll	6.2.9200.16384	Service Reporting API
osksupport.dll	6.2.9200.16384	Microsoft On-Screen Keyboard Support Utilities
osuninst.dll	6.2.9200.16384	Uninstall Interface
p2p.dll	6.2.9200.16384	Peer-to-Peer Grouping
p2pgraph.dll	6.2.9200.16384	Peer-to-Peer Graphing
p2pnetsh.dll	6.2.9200.16384	Peer-to-Peer NetSh Helper
packager.dll	6.2.9200.16384	Object Packager2
packagestateroaming.dll	6.2.9200.16420	Package State Roaming
panmap.dll	6.2.9200.16384	PANOSE(tm) Font Mapper
pautoenr.dll	6.2.9200.16384	Auto Enrollment DLL
pcacli.dll	6.2.9200.16384	Program Compatibility Assistant Client Module
pcaui.dll	6.2.9200.16384	Program Compatibility Assistant User Interface Module
pcpksp.dll	6.2.9200.16433	Microsoft Platform Key Storage Provider for Platform Crypto Provider
pcptpm12.dll	6.2.9200.16384	Microsoft Platform Crypto Provider for Trusted Platform Module 1.2
pcwum.dll	6.2.9200.16384	Performance Counters for Windows Native DLL
pdh.dll	6.2.9200.16384	Windows Performance Data Helper DLL
pdhui.dll	6.2.9200.16384	PDH UI
perfcentercpl.dll	6.2.9200.16384	Performance Center
perfctrs.dll	6.2.9200.16420	Performance Counters
perfdisk.dll	6.2.9200.16420	Windows Disk Performance Objects DLL
perfnet.dll	6.2.9200.16420	Windows Network Service Performance Objects DLL
perfos.dll	6.2.9200.16420	Windows System Performance Objects DLL
perfproc.dll	6.2.9200.16420	Windows System Process Performance Objects DLL
perfts.dll	6.2.9200.16384	Windows Remote Desktop Services Performance Objects
photometadatahandler.dll	6.2.9200.16384	Photo Metadata Handler
photowiz.dll	6.2.9200.16384	Photo Printing Wizard
pid.dll	6.2.9200.16384	Microsoft PID
pidgenx.dll	6.2.9200.16384	Pid Generation
pifmgr.dll	6.2.9200.16384	Windows NT PIF Manager Icon Resources Library
pku2u.dll	6.2.9200.16384	Pku2u Security Package
pla.dll	6.2.9200.16384	Performance Logs & Alerts
playlistfolder.dll	6.2.9200.16384	Playlist Folder
playsndsrv.dll	6.2.9200.16384	PlaySound Service
playtomanager.dll	6.2.9200.16384	Microsoft Windows PlayTo Manager
pngfilt.dll	10.0.9200.16384	IE PNG plugin image decoder
pnrpnsp.dll	6.2.9200.16384	PNRP Name Space Provider
polstore.dll	6.2.9200.16384	Policy Storage dll
portabledeviceapi.dll	6.2.9200.16384	Windows Portable Device API Components
portabledeviceclassextension.dll	6.2.9200.16384	Windows Portable Device Class Extension Component
portabledeviceconnectapi.dll	6.2.9200.16384	Portable Device Connection API Components
portabledevicestatus.dll	6.2.9200.16384	Microsoft Windows Portable Device Status Provider
portabledevicesyncprovider.dll	6.2.9200.16384	Microsoft Windows Portable Device Provider.
portabledevicetypes.dll	6.2.9200.16384	Windows Portable Device (Parameter) Types Component
portabledevicewiacompat.dll	6.2.9200.16384	PortableDevice WIA Compatibility Driver
portabledevicewmdrm.dll	6.2.9200.16384	Windows Portable Device WMDRM Component
pots.dll	6.2.9200.16384	Power Troubleshooter
powercpl.dll	6.2.9200.16384	Power Options Control Panel
powrprof.dll	6.2.9200.16384	Power Profile Helper DLL
presentationcffrasterizernative_v0300.dll	3.0.6920.6387	WinFX OpenType/CFF Rasterizer
presentationhostproxy.dll	4.0.41209.0	Windows Presentation Foundation Host Proxy
presentationnative_v0300.dll	3.0.6920.6387	PresentationNative_v0300.dll
prflbmsg.dll	6.2.9200.16384	Perflib Event Messages
printconfig.dll	0.3.9200.16518	PrintConfig User Interface
printdialogs.dll	6.2.9200.16384	Microsoft® Windows® Operating System
printui.dll	6.2.9200.16384	Printer Settings User Interface
prncache.dll	6.2.9200.16384	Print UI Cache
prnfldr.dll	6.2.9200.16384	prnfldr dll
prnntfy.dll	6.2.9200.16384	prnntfy DLL
prntvpt.dll	6.2.9200.16384	Print Ticket Services Module
profapi.dll	6.2.9200.16384	User Profile Basic API
profext.dll	6.2.9200.16384	profext
propsys.dll	7.0.9200.16420	Microsoft Property System
provcore.dll	6.2.9200.16420	Microsoft Wireless Provisioning Core
provsvc.dll	6.2.9200.16384	Windows HomeGroup
provthrd.dll	6.2.9200.16384	WMI Provider Thread & Log Library
proximitycommon.dll	6.2.9200.16384	Proximity Common Implementation
prvdmofcomp.dll	6.2.9200.16384	WMI
psapi.dll	6.2.9200.16384	Process Status Helper
pshed.dll	6.2.9200.16384	Platform Specific Hardware Error Driver
psisdecd.dll	6.6.9200.16384	Microsoft SI/PSI parser for MPEG2 based networks.
psmodulediscoveryprovider.dll	6.2.9200.16384	WMI
pstorec.dll	6.2.9200.16384	Deprecated Protected Storage COM interfaces
puiapi.dll	6.2.9200.16384	puiapi DLL
puiobj.dll	6.2.9200.16384	PrintUI Objects DLL
pwrshplugin.dll	6.2.9200.16384	pwrshplugin.dll
qagent.dll	6.2.9200.16384	Quarantine Agent Proxy
qasf.dll	12.0.9200.16384	DirectShow ASF Support
qcap.dll	6.6.9200.16384	DirectShow Runtime.
qcliprov.dll	6.2.9200.16384	Quarantine Client WMI Provider
qdv.dll	6.6.9200.16384	DirectShow Runtime.
qdvd.dll	6.6.9200.16384	DirectShow DVD PlayBack Runtime.
qedit.dll	6.6.9200.16384	DirectShow Editing.
qedwipes.dll	6.6.9200.16384	DirectShow Editing SMPTE Wipes
qmgrprxy.dll	7.6.9200.16384	Background Intelligent Transfer Service Proxy
qshvhost.dll	6.2.9200.16384	Quarantine SHV Host
qsvrmgmt.dll	6.2.9200.16384	Quarantine Server Management
quartz.dll	6.6.9200.16384	DirectShow Runtime.
query.dll	6.2.9200.16384	Content Index Utility DLL
qutil.dll	6.2.9200.16384	Quarantine Utilities
qwave.dll	6.2.9200.16384	Windows NT
racengn.dll	6.2.9200.16420	Reliability analysis metrics calculation engine
racpldlg.dll	6.2.9200.16384	Remote Assistance Contact List
radardt.dll	6.2.9200.16384	Microsoft Windows Resource Exhaustion Detector
radarrs.dll	6.2.9200.16384	Microsoft Windows Resource Exhaustion Resolver
rasadhlp.dll	6.2.9200.16384	Remote Access AutoDial Helper
rasapi32.dll	6.2.9200.16384	Remote Access API
rascfg.dll	6.2.9200.16420	RAS Configuration Objects
raschap.dll	6.2.9200.16384	Remote Access PPP CHAP
rasctrs.dll	6.2.9200.16384	Windows NT Remote Access Perfmon Counter dll
rasdiag.dll	6.2.9200.16420	RAS Diagnostics Helper Classes
rasdlg.dll	6.2.9200.16384	Remote Access Common Dialog API
rasgcw.dll	6.2.9200.16384	RAS Wizard Pages
rasman.dll	6.2.9200.16384	Remote Access Connection Manager
rasmontr.dll	6.2.9200.16384	RAS Monitor DLL
rasmxs.dll	6.2.9200.16420	Remote Access Device DLL for modems, PADs and switches
rasplap.dll	6.2.9200.16384	RAS PLAP Credential Provider
rasppp.dll	6.2.9200.16384	Remote Access PPP
rasser.dll	6.2.9200.16420	Remote Access Media DLL for COM ports
rastapi.dll	6.2.9200.16384	Remote Access TAPI Compliance Layer
rastls.dll	6.2.9200.16384	Remote Access PPP EAP-TLS
rdpcore.dll	6.2.9200.16384	RDP Core DLL
rdpencom.dll	6.2.9200.16384	RDPSRAPI COM Objects
rdpendp.dll	6.2.9200.16384	RDP Audio Endpoint
rdvvmtransport.dll	6.2.9200.16384	RdvVmTransport EndPoints
reagent.dll	6.2.9200.16548	Microsoft Windows Recovery Agent DLL
redemption.dll	4.8.0.1184	Outlook Redemption COM library
regapi.dll	6.2.9200.16384	Registry Configuration APIs
regctrl.dll	6.2.9200.16384	RegCtrl
remotepg.dll	6.2.9200.16384	Remote Sessions CPL Extension
removedevicecontexthandler.dll	6.2.9200.16384	Devices & Printers Remove Device Context Menu Handler
removedeviceelevated.dll	6.2.9200.16384	RemoveDeviceElevated Proxy Dll
resampledmo.dll	6.2.9200.16384	Windows Media Resampler
resutils.dll	6.2.9200.16384	Microsoft Cluster Resource Utility DLL
rgb9rast.dll	6.2.9200.16384	Microsoft® Windows® Operating System
riched20.dll	5.31.23.1230	Rich Text Edit Control, v3.1
riched32.dll	6.2.9200.16384	Wrapper Dll for Richedit 1.0
rnr20.dll	6.2.9200.16384	Windows Socket2 NameSpace DLL
rometadata.dll	4.0.30319.17929	Microsoft MetaData Library
rpchttp.dll	6.2.9200.16384	RPC HTTP DLL
rpcns4.dll	6.2.9200.16384	Remote Procedure Call Name Service Client
rpcnsh.dll	6.2.9200.16384	RPC Netshell Helper
rpcrt4.dll	6.2.9200.16384	Remote Procedure Call Runtime
rpcrtremote.dll	6.2.9200.16384	Remote RPC Extension
rsaenh.dll	6.2.9200.16553	Microsoft Enhanced Cryptographic Provider
rshx32.dll	6.2.9200.16384	Security Shell Extension
rstrtmgr.dll	6.2.9200.16384	Restart Manager
rtffilt.dll	2008.0.9200.16384	RTF Filter
rtm.dll	6.2.9200.16384	Routing Table Manager
rtutils.dll	6.2.9200.16384	Routing Utilities
samcli.dll	6.2.9200.16384	Security Accounts Manager Client DLL
samlib.dll	6.2.9200.16496	SAM Library DLL
sas.dll	6.2.9200.16384	WinLogon Software SAS Library
sbe.dll	6.6.9200.16384	DirectShow Stream Buffer Filter.
sbeio.dll	12.0.9200.16384	Stream Buffer IO DLL
sberes.dll	6.6.9200.16384	DirectShow Stream Buffer Filter Resouces.
scansetting.dll	6.2.9200.16384	Microsoft® Windows(TM) ScanSettings Profile and Scanning implementation
scarddlg.dll	6.2.9200.16384	SCardDlg - Smart Card Common Dialog
scecli.dll	6.2.9200.16384	Windows Security Configuration Editor Client Engine
scesrv.dll	6.2.9200.16384	Windows Security Configuration Editor Engine
schannel.dll	6.2.9200.16578	TLS / SSL Security Provider
schedcli.dll	6.2.9200.16384	Scheduler Service Client DLL
scksp.dll	6.2.9200.16384	Microsoft Smart Card Key Storage Provider
scripto.dll	6.6.9200.16384	Microsoft ScriptO
scrobj.dll	5.8.9200.16384	Windows ® Script Component Runtime
scrrun.dll	5.8.9200.16384	Microsoft ® Script Runtime
sdiageng.dll	6.2.9200.16384	Scripted Diagnostics Execution Engine
sdiagprv.dll	6.2.9200.16384	Windows Scripted Diagnostic Provider API
sdohlp.dll	6.2.9200.16384	NPS SDO Helper Component
searchfolder.dll	6.2.9200.16384	SearchFolder
sechost.dll	6.2.9200.16384	Host for SCM/SDDL/LSA Lookup APIs
secproc.dll	6.2.9200.16384	Windows Rights Management Desktop Security Processor
secproc_isv.dll	6.2.9200.16384	Windows Rights Management Desktop Security Processor
secproc_ssp.dll	6.2.9200.16384	Windows Rights Management Services Server Security Processor
secproc_ssp_isv.dll	6.2.9200.16384	Windows Rights Management Services Server Security Processor (Pre-production)
secur32.dll	6.2.9200.16384	Security Support Provider Interface
security.dll	6.2.9200.16384	Security Support Provider Interface
sendmail.dll	6.2.9200.16384	Send Mail
sensapi.dll	6.2.9200.16384	SENS Connectivity API DLL
sensorsapi.dll	6.2.9200.16384	Sensor API
sensorscpl.dll	6.2.9200.16384	Open Location and Other Sensors
serialui.dll	6.2.9200.16384	Serial Port Property Pages
serwvdrv.dll	6.2.9200.16384	Unimodem Serial Wave driver
sessenv.dll	6.2.9200.16384	Remote Desktop Configuration service
settingmonitor.dll	6.2.9200.16384	Setting Synchronization Change Monitor
settingsync.dll	6.2.9200.16518	Setting Synchronization
settingsyncinfo.dll	6.2.9200.16384	Setting Synchronization Information
setupapi.dll	6.2.9200.16496	Windows Setup API
setupcln.dll	6.2.9200.16384	Setup Files Cleanup
sfc.dll	6.2.9200.16384	Windows File Protection
sfc_os.dll	6.2.9200.16384	Windows File Protection
sfcom.dll	3.0.0.11	SFCOM.DLL
shacct.dll	6.2.9200.16384	Shell Accounts Classes
shcore.dll	6.2.9200.16433	SHCORE
shdocvw.dll	6.2.9200.16550	Shell Doc Object and Control Library
shell32.dll	6.2.9200.16550	Windows Shell Common Dll
shellstyle.dll	6.2.9200.16384	Windows Shell Style Resource Dll
shfolder.dll	6.2.9200.16384	Shell Folder Service
shgina.dll	6.2.9200.16384	Windows Shell User Logon
shimeng.dll	6.2.9200.16420	Shim Engine DLL
shimgvw.dll	6.2.9200.16384	Photo Gallery Viewer
shlwapi.dll	6.2.9200.16384	Shell Light-weight Utility Library
shpafact.dll	6.2.9200.16384	Windows Shell LUA/PA Elevation Factory Dll
shsetup.dll	6.2.9200.16384	Shell setup helper
shsvcs.dll	6.2.9200.16384	Windows Shell Services Dll
shunimpl.dll	6.2.9200.16384	Windows Shell Obsolete APIs
shwebsvc.dll	6.2.9200.16384	Windows Shell Web Services
signdrv.dll	6.2.9200.16384	WMI provider for Signed Drivers
simauth.dll	6.2.9200.16384	EAP SIM run-time dll
simcfg.dll	6.2.9200.16384	EAP SIM config dll
sisbkup.dll	6.2.9200.16384	Single-Instance Store Backup Support Functions
slc.dll	6.2.9200.16384	Software Licensing Client Dll
slcext.dll	6.2.9200.16384	Software Licensing Client Extension Dll
slwga.dll	6.2.9200.16384	Software Licensing WGA API
smartcardcredentialprovider.dll	6.2.9200.16384	Windows Smartcard Credential Provider
smbhelperclass.dll	1.0.0.1	SMB (File Sharing) Helper Class for Network Diagnostic Framework
smspace.dll	6.2.9200.16384	Storage Management Provider for Spaces
sndvolsso.dll	6.2.9200.16384	SCA Volume
snmpapi.dll	6.2.9200.16384	SNMP Utility Library
softkbd.dll	6.2.9200.16384	Soft Keyboard Server and Tip
softpub.dll	6.2.9200.16384	Softpub Forwarder DLL
sortserver2003compat.dll	6.2.9200.16384	Sort Version Server 2003
sortwindows61.dll	6.2.9200.16384	SortWindows61 Dll
sortwindows6compat.dll	6.2.9200.16384	Sort Version Windows 6.0
spbcd.dll	6.2.9200.16384	BCD Sysprep Plugin
spfileq.dll	6.2.9200.16384	Windows SPFILEQ
spinf.dll	6.2.9200.16384	Windows SPINF
spnet.dll	6.2.9200.16384	Net Sysprep Plugin
spopk.dll	6.2.9200.16384	OPK Sysprep Plugin
spp.dll	6.2.9200.16384	Microsoft® Windows Shared Protection Point Library
sppc.dll	6.2.9200.16384	Software Licensing Client Dll
sppcext.dll	6.2.9200.16384	Software Protection Platform Client Extension Dll
sppinst.dll	6.2.9200.16384	SPP CMI Installer Plug-in DLL
sppwmi.dll	6.2.9200.16384	Software Protection Platform WMI provider
spwinsat.dll	6.2.9200.16384	WinSAT Sysprep Plugin
spwizeng.dll	6.2.9200.16384	Setup Wizard Framework
spwizimg.dll	6.2.9200.16384	Setup Wizard Framework Resources
spwizres.dll	6.2.9200.16384	Setup Wizard Framework Resources
spwmp.dll	6.2.9200.16420	Windows Media Player System Preparation DLL
sqlcecompact40.dll	4.0.8275.1	Database Repair Tool (32-bit)
sqlceoledb40.dll	4.0.9200.1	OLEDB Provider (32-bit)
sqlceqp40.dll	4.0.9200.1	Query Processor (32-bit)
sqlcese40.dll	4.0.9200.1	Storage Engine (32-bit)
sqloledb.dll	6.2.9200.16384	OLE DB Provider for SQL Server
sqlsrv32.dll	6.2.9200.16384	SQL Server ODBC Driver
sqlunirl.dll	2000.80.2039.0	String Function .DLL for SQL Enterprise Components
sqlwid.dll	2000.80.2039.0	Unicode Function .DLL for SQL Enterprise Components
sqlwoa.dll	2000.80.2040.0	Unicode/ANSI Function .DLL for SQL Enterprise Components
sqlxmlx.dll	6.2.9200.16384	XML extensions for SQL Server
sqmapi.dll	6.2.9200.16384	SQM Client
srchadmin.dll	7.0.9200.16384	Indexing Options
srclient.dll	6.2.9200.16384	Microsoft® Windows System Restore Client Library
srh.dll	6.2.9200.16384	Screen Reader Helper DLL
srumapi.dll	6.2.9200.16384	System Resource Usage Monitor API
srumsvc.dll	6.2.9200.16384	System Resource Usage Monitor Service
srvcli.dll	6.2.9200.16384	Server Service Client DLL
sscore.dll	6.2.9200.16384	Server Service Core DLL
ssdpapi.dll	6.2.9200.16384	SSDP Client API DLL
sspicli.dll	6.2.9200.16420	Security Support Provider Interface
ssshim.dll	6.2.9200.16384	Windows Componentization Platform Servicing API
startupscan.dll	6.2.9200.16384	Startup scan task DLL
stclient.dll	2001.12.10130.16384	COM+ Configuration Catalog Client
sti.dll	6.2.9200.16384	Still Image Devices client DLL
stobject.dll	6.2.9200.16604	Systray shell service object
storage.dll	2.10.35.35	OLE 2.1 16/32 Interoperability Library
storagecontexthandler.dll	6.2.9200.16384	Device Center Storage Context Menu Handler
storagewmi.dll	6.2.9200.16465	WMI Provider for Storage Management
storagewmi_passthru.dll	6.2.9200.16384	WMI PassThru Provider for Storage Management
storprop.dll	6.2.9200.16384	Property Pages for Storage Devices
storsvc.dll	6.2.9200.16384	Storage Services
structuredquery.dll	7.0.9200.16433	Structured Query
sud.dll	6.2.9200.16384	SUD Control Panel
sxproxy.dll	6.2.9200.16384	Microsoft® Windows System Protection Proxy Library
sxs.dll	6.2.9200.16384	Fusion 2.5
sxshared.dll	6.2.9200.16384	Microsoft® Windows SX Shared Library
sxsstore.dll	6.2.9200.16384	Sxs Store DLL
synccenter.dll	6.2.9200.16384	Microsoft Sync Center
synceng.dll	6.2.9200.16432	Windows Briefcase Engine
synchostps.dll	6.2.9200.16384	Proxystub for sync host
syncinfrastructure.dll	6.2.9200.16384	Microsoft Windows Sync Infrastructure.
syncinfrastructureps.dll	6.2.9200.16384	Microsoft Windows sync infrastructure proxy stub.
syncreg.dll	2007.94.9200.16384	Microsoft Synchronization Framework Registration
syncui.dll	6.2.9200.16384	Windows Briefcase
syssetup.dll	6.2.9200.16384	Windows NT System Setup
systemcpl.dll	6.2.9200.16384	My System CPL
systemeventsbrokerclient.dll	6.2.9200.16384	system Events Broker Client Library
t2embed.dll	6.2.9200.16384	Microsoft T2Embed Font Embedding
tapi3.dll	6.2.9200.16384	Microsoft TAPI3
tapi32.dll	6.2.9200.16384	Microsoft® Windows(TM) Telephony API Client DLL
tapimigplugin.dll	6.2.9200.16384	Microsoft® Windows(TM) TAPI Migration Plugin Dll
tapiperf.dll	6.2.9200.16384	Microsoft® Windows(TM) Telephony Performance Monitor
tapisrv.dll	6.2.9200.16384	Microsoft® Windows(TM) Telephony Server
tapisysprep.dll	6.2.9200.16384	Microsoft® Windows(TM) Telephony Sysprep Work
tapiui.dll	6.2.9200.16384	Microsoft® Windows(TM) Telephony API UI DLL
taskcomp.dll	6.2.9200.16384	Task Scheduler Backward Compatibility Plug-in
taskschd.dll	6.2.9200.16384	Task Scheduler COM API
taskschdps.dll	6.2.9200.16384	Task Scheduler Interfaces Proxy
tbs.dll	6.2.9200.16384	TBS
tcpipcfg.dll	6.2.9200.16384	Network Configuration Objects
tcpmib.dll	6.2.9200.16384	Standard TCP/IP Port Monitor Helper DLL
tcpmonui.dll	6.2.9200.16384	Standard TCP/IP Port Monitor UI DLL
tdh.dll	6.2.9200.16384	Event Trace Helper Library
termmgr.dll	6.2.9200.16384	Microsoft TAPI3 Terminal Manager
thawbrkr.dll	6.2.9200.16384	Thai Word Breaker
themecpl.dll	6.2.9200.16384	Personalization CPL
themeui.dll	6.2.9200.16384	Windows Theme API
threadpoolwinrt.dll	6.2.9200.16384	Windows WinRT Threadpool
thumbcache.dll	6.2.9200.16384	Microsoft Thumbnail Cache
timebrokerclient.dll	6.2.9200.16384	Time Broker Client Library
timedatemuicallback.dll	6.2.9200.16384	Time Date Control UI Language Change plugin
tlscsp.dll	6.2.9200.16384	Microsoft® Remote Desktop Services Cryptographic Utility
tpmcompc.dll	6.2.9200.16384	Computer Chooser Dialog
tquery.dll	7.0.9200.16578	Microsoft Tripoli Query
traffic.dll	6.2.9200.16384	Microsoft Traffic Control 1.0 DLL
tsbyuv.dll	6.2.9200.16384	Toshiba Video Codec
tschannel.dll	6.2.9200.16384	Task Scheduler Proxy
tsgqec.dll	6.2.9200.16384	RD Gateway QEC
tsmf.dll	6.2.9200.16384	RDP MF Plugin
tspkg.dll	6.2.9200.16384	Web Service Security Package
tsworkspace.dll	6.2.9200.16384	RemoteApp and Desktop Connection Component
ttlsauth.dll	6.2.9200.16384	EAP TTLS run-time dll
ttlscfg.dll	6.2.9200.16384	EAP TTLS configuration dll
tvratings.dll	6.6.9200.16384	Module for managing TV ratings
twext.dll	6.2.9200.16384	Previous Versions property page
twinapi.dll	6.2.9200.16420	twinapi
twinui.dll	6.2.9200.16604	TWINUI
txflog.dll	2001.12.10130.16384	COM+
txfw32.dll	6.2.9200.16384	TxF Win32 DLL
typelib.dll	2.10.3029.1	OLE 2.1 16/32 Interoperability Library
tzres.dll	6.2.9200.16479	Time Zones resource DLL
ubpm.dll	6.2.9200.16604	Unified Background Process Manager DLL
ucmhc.dll	6.2.9200.16384	UCM Helper Class
udhisapi.dll	6.2.9200.16384	UPnP Device Host ISAPI Extension
uexfat.dll	6.2.9200.16384	eXfat Utility DLL
ufat.dll	6.2.9200.16384	FAT Utility DLL
uianimation.dll	6.2.9200.16384	Windows Animation Manager
uiautomationcore.dll	7.2.9200.16384	Microsoft UI Automation Core
uiautomationcoreres.dll	7.2.9200.16384	Microsoft UI Automation Core Resource
uicom.dll	6.2.9200.16384	Add/Remove Modems
uireng.dll	6.2.9200.16384	UI Recording Engine Library
uiribbon.dll	6.2.9200.16384	Windows Ribbon Framework
uiribbonres.dll	6.2.9200.16384	Windows Ribbon Framework Resources
ulib.dll	6.2.9200.16384	File Utilities Support DLL
umdmxfrm.dll	6.2.9200.16384	Unimodem Tranform Module
unimdmat.dll	6.2.9200.16384	Unimodem Service Provider AT Mini Driver
uniplat.dll	6.2.9200.16384	Unimodem AT Mini Driver Platform Driver for Windows NT
untfs.dll	6.2.9200.16384	NTFS Utility DLL
upnp.dll	6.2.9200.16384	UPnP Control Point API
upnphost.dll	6.2.9200.16384	UPnP Device Host
ureg.dll	6.2.9200.16384	Registry Utility DLL
url.dll	10.0.9200.16384	Internet Shortcut Shell Extension DLL
urlmon.dll	10.0.9200.16598	OLE32 Extensions for Win32
usbceip.dll	6.2.9200.16384	USBCEIP Task
usbperf.dll	6.2.9200.16384	USB Performance Objects DLL
usbui.dll	6.2.9200.16384	USB UI Dll
user32.dll	6.2.9200.16420	Multi-User Windows USER API Client DLL
useraccountcontrolsettings.dll	6.2.9200.16384	UserAccountControlSettings
usercpl.dll	6.2.9200.16433	User control panel
userenv.dll	6.2.9200.16384	Userenv
userinitext.dll	6.2.9200.16384	UserInit Utility Extension DLL
userlanguageprofilecallback.dll	6.2.9200.16384	MUI Callback for User Language profile changed
userlanguagescpl.dll	6.2.9200.16465	My Languages Configuration Control Panel
usp10.dll	6.2.9200.16384	Uniscribe Unicode script processor
ustprov.dll	6.2.9200.16384	User State WMI Provider
utildll.dll	6.2.9200.16384	WinStation utility support DLL
uudf.dll	6.2.9200.16384	UDF Utility DLL
uxinit.dll	6.2.9200.16611	Windows User Experience Session Initialization Dll
uxlib.dll	6.2.9200.16384	Setup Wizard Framework
uxlibres.dll	6.2.9200.16384	UXLib Resources
uxtheme.dll	6.2.9200.16537	Microsoft UxTheme Library
van.dll	6.2.9200.16420	View Available Networks
vault.dll	6.2.9200.16384	Windows vault Control Panel
vaultcli.dll	6.2.9200.16384	Credential Vault Client Library
vbajet32.dll	6.0.1.9431	Visual Basic for Applications Development Environment - Expression Service Loader
vbscript.dll	5.8.9200.16384	Microsoft ® VBScript
vccorlib110.dll	11.0.50727.1	Microsoft ® VC WinRT core library
vccorlib110d.dll	11.0.50727.1	Microsoft ® VC WinRT core library
vccorlib140.dll	14.0.23506.0	Microsoft ® VC WinRT core library
vcomp100.dll	10.0.40219.325	Microsoft® C/C++ OpenMP Runtime
vcomp110.dll	11.0.50727.1	Microsoft® C/C++ OpenMP Runtime
vcruntime140.dll	14.0.23506.0	Microsoft® C Runtime Library
vdmdbg.dll	6.2.9200.16384	VDMDBG.DLL
vds_ps.dll	6.2.9200.16465	Microsoft® Virtual Disk Service proxy/stub
verifier.dll	6.2.9200.16384	Standard application verifier provider dll
version.dll	6.2.9200.16384	Version Checking and File Installation Libraries
vfwwdm32.dll	6.2.9200.16384	VfW MM Driver for WDM Video Capture Devices
vidreszr.dll	6.2.9200.16384	Windows Media Resizer
virtdisk.dll	6.2.9200.16384	Virtual Disk API DLL
vpnikeapi.dll	6.2.9200.16384	VPN IKE API's
vscmgrps.dll	6.2.9200.16384	Microsoft Virtual Smart Card Manager Proxy/Stub
vss_ps.dll	6.2.9200.16384	Microsoft® Volume Shadow Copy Service proxy/stub
vssapi.dll	6.2.9200.16420	Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL
vsstrace.dll	6.2.9200.16420	Microsoft® Volume Shadow Copy Service Tracing Library
w32topl.dll	6.2.9200.16384	Windows NT Topology Maintenance Tool
wab32.dll	6.2.9200.16384	Microsoft (R) Contacts DLL
wab32res.dll	6.2.9200.16384	Microsoft (R) Contacts DLL
wabsyncprovider.dll	6.2.9200.16384	Microsoft Windows Contacts Sync Provider
wavemsp.dll	6.2.9200.16384	Microsoft Wave MSP
wbemcomn.dll	6.2.9200.16384	WMI
wcmapi.dll	6.2.9200.16384	Windows Connection Manager Client API
wcnapi.dll	6.2.9200.16451	Windows Connect Now - API Helper DLL
wcnwiz.dll	6.2.9200.16384	Windows Connect Now Wizards
wcspluginservice.dll	6.2.9200.16384	WcsPlugInService DLL
wdc.dll	6.2.9200.16384	Performance Monitor
wdi.dll	6.2.9200.16384	Windows Diagnostic Infrastructure
wdigest.dll	6.2.9200.16384	Microsoft Digest Access
wdscore.dll	6.2.9200.16384	Panther Engine Module
webcamui.dll	6.2.9200.16465	Microsoft® Windows® Operating System
webcheck.dll	10.0.9200.16384	Web Site Monitor
webclnt.dll	6.2.9200.16384	Web DAV Service DLL
webio.dll	6.2.9200.16420	Web Transfer Protocols API
webservices.dll	6.2.9200.16384	Windows Web Services Runtime
websocket.dll	6.2.9200.16384	Web Socket API
wecapi.dll	6.2.9200.16384	Event Collector Configuration API
wer.dll	6.2.9200.16384	Windows Error Reporting DLL
werdiagcontroller.dll	6.2.9200.16384	WER Diagnostic Controller
werui.dll	6.2.9200.16384	Windows Error Reporting UI DLL
wevtapi.dll	6.2.9200.16384	Eventing Consumption and Configuration API
wevtfwd.dll	6.2.9200.16384	WS-Management Event Forwarding Plug-in
wfapigp.dll	6.2.9200.16433	Windows Firewall GPO Helper dll
wfdprov.dll	6.2.9200.16451	Private WPS provisioning API DLL for Wi-Fi Direct
wfhc.dll	6.2.9200.16384	Windows Firewall Helper Class
whhelper.dll	6.2.9200.16384	Net shell helper DLL for winHttp
wiaaut.dll	6.2.9200.16384	WIA Automation Layer
wiadefui.dll	6.2.9200.16384	WIA Scanner Default UI
wiadss.dll	6.2.9200.16384	WIA TWAIN compatibility layer
wiascanprofiles.dll	6.2.9200.16384	Microsoft Windows ScanProfiles
wiashext.dll	6.2.9200.16384	Imaging Devices Shell Folder UI
wiatrace.dll	6.2.9200.16384	WIA Tracing
wimgapi.dll	6.2.9200.16384	Windows Imaging Library
winbio.dll	6.2.9200.16384	Windows Biometrics Client API
winbrand.dll	6.2.9200.16384	Windows Branding Resources
wincredprovider.dll	6.2.9200.16384	wincredprovider DLL
windows.applicationmodel.background.systemeventsbroker.dll	6.2.9200.16384	Windows Background System Events Broker API Server
windows.applicationmodel.background.timebroker.dll	6.2.9200.16384	Windows Background Time Broker API Server
windows.applicationmodel.dll	6.2.9200.16384	Windows ApplicationModel API Server
windows.applicationmodel.store.dll	6.2.9200.16420	Windows Store Runtime DLL
windows.applicationmodel.store.testingframework.dll	6.2.9200.16420	Windows Store Testing Framework Runtime DLL
windows.devices.enumeration.dll	6.2.9200.16384	Windows.Devices.Enumeration
windows.devices.enumeration.ps.dll	6.2.9200.16384	Windows.Devices.Enumeration Interface Proxy
windows.devices.geolocation.dll	6.2.9200.16384	Geolocation Runtime DLL
windows.devices.portable.dll	6.2.9200.16384	Windows Runtime Portable Devices DLL
windows.devices.printers.extensions.dll	6.2.9200.16384	Windows.Devices.Printers.Extensions
windows.devices.sensors.dll	6.2.9200.16384	Windows Runtime Sensors DLL
windows.globalization.dll	6.2.9200.16384	Windows Globalization
windows.globalization.fontgroups.dll	6.2.9200.16384	Fonts Mapping API
windows.graphics.dll	6.2.9200.16384	WinRT Windows Graphics DLL
windows.graphics.printing.dll	6.2.9200.16384	Microsoft Windows Printing Support
windows.media.devices.dll	6.2.9200.16384	Windows Runtime media device server DLL
windows.media.dll	6.2.9200.16496	Windows Media Runtime DLL
windows.media.mediacontrol.dll	6.2.9200.16384	Windows Runtime MediaControl server DLL
windows.media.streaming.dll	12.0.9200.16420	DLNA DLL
windows.media.streaming.ps.dll	12.0.9200.16384	DLNA Proxy-Stub DLL
windows.networking.backgroundtransfer.dll	6.2.9200.16578	Windows.Networking.BackgroundTransfer DLL
windows.networking.connectivity.dll	6.2.9200.16518	Windows Networking Connectivity Runtime DLL
windows.networking.dll	6.2.9200.16578	Windows.Networking DLL
windows.networking.networkoperators.hotspotauthentication.dll	6.2.9200.16384	Microsoft Windows Hotspot Authentication API
windows.networking.proximity.dll	6.2.9200.16384	Windows Runtime Proximity API DLL
windows.networking.sockets.pushenabledapplication.dll	6.2.9200.16384	Windows.Networking.Sockets.PushEnabledApplication DLL
windows.security.authentication.onlineid.dll	6.2.9200.16384	Windows Runtime OnlineId Authentication DLL
windows.security.credentials.ui.credentialpicker.dll	6.2.9200.16384	WinRT Credential Picker Server
windows.storage.applicationdata.dll	6.2.9200.16384	Windows Application Data API Server
windows.storage.compression.dll	6.2.9200.16433	WinRT Compression
windows.system.display.dll	6.2.9200.16384	Windows System Display Runtime DLL
windows.system.profile.hardwareid.dll	6.2.9200.16384	Windows System Profile HardwareId DLL
windows.system.remotedesktop.dll	6.2.9200.16384	Windows System RemoteDesktop Runtime DLL
windows.ui.dll	6.2.9200.16384	Windows Runtime UI Foundation DLL
windows.ui.immersive.dll	6.2.9200.16433	WINDOWS.UI.IMMERSIVE
windows.ui.input.inking.dll	6.2.9200.16384	WinRT Windows Inking DLL
windows.ui.xaml.dll	6.2.9200.16604	Windows.UI.Xaml dll
windows.web.dll	6.2.9200.16384	Web Client DLL
windowscodecs.dll	6.2.9200.16420	Microsoft Windows Codecs Library
windowscodecsext.dll	6.2.9200.16384	Microsoft Windows Codecs Extended Library
windowslivelogin.dll	6.2.9200.16384	Microsoft® Account Login Helper
winfax.dll	6.2.9200.16384	Microsoft Fax API Support DLL
winhttp.dll	6.2.9200.16451	Windows HTTP Services
wininet.dll	10.0.9200.16598	Internet Extensions for Win32
wininitext.dll	6.2.9200.16384	WinInit Utility Extension DLL
winipsec.dll	6.2.9200.16384	Windows IPsec SPD Client DLL
winlangdb.dll	6.2.9200.16384	Windows Bcp47 Language Database
winmde.dll	12.0.9200.16465	WinMDE DLL
winmm.dll	6.2.9200.16384	MCI API DLL
winmmbase.dll	6.2.9200.16384	Base Multimedia Extension API DLL
winmsoirmprotector.dll	6.2.9200.16384	Windows Office file format IRM Protector
winnsi.dll	6.2.9200.16384	Network Store Information RPC interface
winopcirmprotector.dll	6.2.9200.16384	Windows Office file format IRM Protector
winrnr.dll	6.2.9200.16384	LDAP RnR Provider DLL
winrscmd.dll	6.2.9200.16384	remtsvc
winrsmgr.dll	6.2.9200.16384	WSMan Shell API
winrssrv.dll	6.2.9200.16384	winrssrv
winsatapi.dll	6.2.9200.16420	Windows System Assessment Tool API
winscard.dll	6.2.9200.16384	Microsoft Smart Card API
winshfhc.dll	6.2.9200.16384	File Risk Estimation
winsku.dll	6.2.9200.16384	Windows SKU Library
winsockhc.dll	6.2.9200.16384	Winsock Network Diagnostic Helper Class
winsrpc.dll	6.2.9200.16384	WINS RPC LIBRARY
winsta.dll	6.2.9200.16384	Winstation Library
winsync.dll	2007.94.9200.16384	Synchronization Framework
winsyncmetastore.dll	2007.94.9200.16384	Windows Synchronization Metadata Store
winsyncproviders.dll	2007.94.9200.16384	Windows Synchronization Provider Framework
wintrust.dll	6.2.9200.16420	Microsoft Trust Verification APIs
wintypes.dll	6.2.9200.16420	Windows Base Types DLL
winusb.dll	6.2.9200.16384	Windows USB Driver User Library
wisp.dll	6.2.9200.16384	Microsoft Pen and Touch Input Component
wkscli.dll	6.2.9200.16384	Workstation Service Client DLL
wkspbrokerax.dll	6.2.9200.16384	Microsoft Workspace Broker ActiveX Control
wksprtps.dll	6.2.9200.16384	WorkspaceRuntime ProxyStub DLL
wlanapi.dll	6.2.9200.16451	Windows WLAN AutoConfig Client Side API DLL
wlancfg.dll	6.2.9200.16384	Wlan Netsh Helper DLL
wlanconn.dll	6.2.9200.16384	Dot11 Connection Flows
wlandlg.dll	6.2.9200.16384	Wireless Lan Dialog Wizards
wlangpui.dll	6.2.9200.16384	Wireless Network Policy Management Snap-in
wlanhlp.dll	6.2.9200.16451	Windows Wireless LAN 802.11 Client Side Helper API
wlaninst.dll	6.2.9200.16384	Windows NET Device Class Co-Installer for Wireless LAN
wlanmm.dll	6.2.9200.16384	Dot11 Media and AdHoc Managers
wlanmsm.dll	6.2.9200.16451	Windows Wireless LAN 802.11 MSM DLL
wlanpref.dll	6.2.9200.16384	Wireless Preferred Networks
wlansec.dll	6.2.9200.16451	Windows Wireless LAN 802.11 MSM Security Module DLL
wlanui.dll	6.2.9200.16384	Wireless Profile UI
wlanutil.dll	6.2.9200.16384	Windows Wireless LAN 802.11 Utility DLL
wldap32.dll	6.2.9200.16384	Win32 LDAP API DLL
wlgpclnt.dll	6.2.9200.16384	802.11 Group Policy Client
wlidcli.dll	6.2.9200.16384	Microsoft® Account Dynamic Link Library
wlidcredprov.dll	6.2.9200.16420	Microsoft® Account Credential Provider
wlidfdp.dll	6.2.9200.16384	Microsoft® Account Function Discovery Provider
wlidnsp.dll	6.2.9200.16384	Microsoft® Account Namespace Provider
wlidprov.dll	6.2.9200.16384	Microsoft® Account Provider
wlidres.dll	6.2.9200.16384	Microsoft® Windows Live ID Resource
wlroamextension.dll	6.2.9200.16518	Windows Live Roaming Sync Extension
wls0wndh.dll	6.2.9200.16384	Session0 Viewer Window Hook DLL
wmadmod.dll	6.2.9200.16384	Windows Media Audio Decoder
wmadmoe.dll	6.2.9200.16384	Windows Media Audio 10 Encoder/Transcoder
wmasf.dll	12.0.9200.16384	Windows Media ASF DLL
wmcodecdspps.dll	6.2.9200.16384	Windows Media CodecDSP Proxy Stub Dll
wmdmlog.dll	12.0.9200.16384	Windows Media Device Manager Logger
wmdmps.dll	12.0.9200.16384	Windows Media Device Manager Proxy Stub
wmdrmdev.dll	12.0.9200.16384	Windows Media DRM for Network Devices Registration DLL
wmdrmnet.dll	12.0.9200.16384	Windows Media DRM for Network Devices DLL
wmdrmsdk.dll	11.0.9200.16384	Windows Media DRM SDK DLL
wmerror.dll	12.0.9200.16384	Windows Media Error Definitions (English)
wmi.dll	6.2.9200.16384	WMI DC and DP functionality
wmiclnt.dll	6.2.9200.16384	WMI Client API
wmidcom.dll	6.2.9200.16384	WMI
wmidx.dll	12.0.9200.16384	Windows Media Indexer DLL
wmiprop.dll	6.2.9200.16384	WDM Provider Dynamic Property Page CoInstaller
wmitomi.dll	6.2.9200.16384	CIM Provider Adapter
wmnetmgr.dll	12.0.9200.16384	Windows Media Network Plugin Manager DLL
wmof64.dll	1.0.0.0	Resource only DLL containing MOF for ASL code
wmp.dll	12.0.9200.16578	Windows Media Player
wmpdxm.dll	12.0.9200.16384	Windows Media Player Extension
wmpeffects.dll	12.0.9200.16384	Windows Media Player Effects
wmphoto.dll	6.2.9200.16384	Windows Media Photo Codec
wmploc.dll	12.0.9200.16420	Windows Media Player Resources
wmpps.dll	12.0.9200.16384	Windows Media Player Proxy Stub Dll
wmpshell.dll	12.0.9200.16384	Windows Media Player Launcher
wmsgapi.dll	6.2.9200.16384	WinLogon IPC Client
wmspdmod.dll	6.2.9200.16384	Windows Media Audio Voice Decoder
wmspdmoe.dll	6.2.9200.16384	Windows Media Audio Voice Encoder
wmvcore.dll	12.0.9200.16384	Windows Media Playback/Authoring DLL
wmvdecod.dll	6.2.9200.16384	Windows Media Video Decoder
wmvdspa.dll	6.2.9200.16384	Windows Media Video DSP Components - Advanced
wmvencod.dll	6.2.9200.16384	Windows Media Video 9 Encoder
wmvsdecd.dll	6.2.9200.16384	Windows Media Screen Decoder
wmvsencd.dll	6.2.9200.16384	Windows Media Screen Encoder
wmvxencd.dll	6.2.9200.16384	Windows Media Video Encoder
wow32.dll	6.2.9200.16384	Wow32
wpc.dll	6.2.9200.16384	WPC Settings Library
wpcsvc.dll	6.2.9200.16384	WPC Filtering Service
wpdshext.dll	6.2.9200.16384	Portable Devices Shell Extension
wpdshserviceobj.dll	6.2.9200.16384	Windows Portable Device Shell Service Object
wpdsp.dll	6.2.9200.16384	WMDM Service Provider for Windows Portable Devices
wpdwcn.dll	6.2.9200.16384	Windows Portable Device WCN Wizard
wpnapps.dll	6.2.9200.16465	Windows Push Notification Apps
ws2_32.dll	6.2.9200.16384	Windows Socket 2.0 32-Bit DLL
ws2help.dll	6.2.9200.16384	Windows Socket 2.0 Helper for Windows NT
wsabi.dll	1.0.0.3	WSABI
wscapi.dll	6.2.9200.16578	Windows Security Center API
wscinterop.dll	6.2.9200.16384	Windows Health Center WSC Interop
wscisvif.dll	6.2.9200.16384	Windows Security Center ISV API
wsclient.dll	6.2.9200.16420	Windows Store Licensing Client
wscproxystub.dll	6.2.9200.16384	Windows Security Center ISV Proxy Stub
wsdapi.dll	6.2.9200.16384	Web Services for Devices API DLL
wsdchngr.dll	6.2.9200.16384	WSD Challenge Component
wsecedit.dll	6.2.9200.16384	Security Configuration UI Module
wshbth.dll	6.2.9200.16384	Windows Sockets Helper DLL
wshcon.dll	5.8.9200.16384	Microsoft ® Windows Script Controller
wshelper.dll	6.2.9200.16384	Winsock Net shell helper DLL for winsock
wshext.dll	5.8.9200.16384	Microsoft ® Shell Extension for Windows Script Host
wship6.dll	6.2.9200.16384	Winsock2 Helper DLL (TL/IPv6)
wshirda.dll	6.2.9200.16384	Windows Sockets Helper DLL
wshqos.dll	6.2.9200.16384	QoS Winsock2 Helper DLL
wshrm.dll	6.2.9200.16384	Windows Sockets Helper DLL for PGM
wshtcpip.dll	6.2.9200.16384	Winsock2 Helper DLL (TL/IPv4)
wsmagent.dll	6.2.9200.16384	WinRM Agent
wsmanmigrationplugin.dll	6.2.9200.16384	WinRM Migration Plugin
wsmauto.dll	6.2.9200.16384	WSMAN Automation
wsmplpxy.dll	6.2.9200.16384	wsmplpxy
wsmres.dll	6.2.9200.16384	WSMan Resource DLL
wsmsvc.dll	6.2.9200.16384	WSMan Service
wsmwmipl.dll	6.2.9200.16384	WSMAN WMI Provider
wsnmp32.dll	6.2.9200.16384	Microsoft WinSNMP v2.0 Manager API
wsock32.dll	6.2.9200.16384	Windows Socket 32-Bit DLL
wsshared.dll	6.2.9200.16420	WSShared DLL
wssync.dll	6.2.9200.16420	Windows Store Licensing Sync Client
wtsapi32.dll	6.2.9200.16384	Windows Remote Desktop Session Host Server SDK APIs
wuapi.dll	7.8.9200.16604	Windows Update Client API
wudriver.dll	7.8.9200.16604	Windows Update WUDriver Stub
wups.dll	7.8.9200.16451	Windows Update client proxy stub
wuwebv.dll	7.8.9200.16604	Windows Update Vista Web Control
wvc.dll	6.2.9200.16384	Windows Visual Components
wwaapi.dll	6.2.9200.16384	Microsoft Web Application Host API library
wwanapi.dll	6.2.9200.16518	Mbnapi
wwapi.dll	8.1.9200.16384	WWAN API
xapofx1_5.dll	9.29.1962.0	Audio Effect Library
xaudio2_7.dll	9.29.1962.0	XAudio2 Game Audio API
xaudio2_8.dll	6.2.9200.16384	XAudio2 Game Audio API
xinput1_4.dll	6.2.9200.16384	Microsoft Common Controller API
xinput9_1_0.dll	6.2.9200.16384	XNA Common Controller
xmlfilter.dll	2008.0.9200.16384	XML Filter
xmllite.dll	6.2.9200.16384	Microsoft XmlLite Library
xmlprovi.dll	6.2.9200.16384	Network Provisioning Service Client API
xmlrw.dll	2011.110.2809.27	Microsoft XML Slim Library
xmlrwbin.dll	2011.110.2809.27	Microsoft XML Slim Library
xolehlp.dll	2001.12.10130.16384	Microsoft Distributed Transaction Coordinator Helper APIs DLL
xpsfilt.dll	6.2.9200.16384	XML Paper Specification Document IFilter
xpsgdiconverter.dll	6.2.9200.16578	XPS to GDI Converter
xpsprint.dll	6.2.9200.16384	XPS Printing DLL
xpsrasterservice.dll	6.2.9200.16518	XPS Rasterization Service Component
xpsservices.dll	6.2.9200.16384	Xps Object Model in memory creation and deserialization
xpsshhdr.dll	6.2.9200.16384	OPC Shell Metadata Handler
xpssvcs.dll	6.2.9200.16384	Native Code Xps Services Library
xwizards.dll	6.2.9200.16384	Extensible Wizards Manager Module
xwreg.dll	6.2.9200.16384	Extensible Wizard Registration Manager Module
xwtpdui.dll	6.2.9200.16384	Extensible Wizard Type Plugin for DUI
xwtpw32.dll	6.2.9200.16384	Extensible Wizard Type Plugin for Win32
zipfldr.dll	6.2.9200.16384	Compressed (zipped) Folders

Certificates


[ Certificate Authorities / Microsoft Windows Hardware Compatibility ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	A0 69 FE 8F 9A 3F D1 11 8B 19
		Validity	10/1/1997 - 12/31/2002
		MD5 Hash	09C254BDE4EA50F26D1497F29C51AF6D
		SHA1 Hash	109F1CAED645BB78B3EA2B94C0697C740733031C

	Issuer Properties:
		Common Name	Microsoft Root Authority
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Corporation

	Subject Properties:
		Common Name	Microsoft Windows Hardware Compatibility
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Windows Hardware Compatibility Intermediate CA
		Organizational Unit	Microsoft Corporation

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / Root Agency ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	F4 35 5C AA D4 B8 CF 11 8A 64 00 AA 00 6C 37 06
		Validity	5/29/1996 - 1/1/2040
		MD5 Hash	C0A723F0DA35026B21EDB17597F1D470
		SHA1 Hash	FEE449EE0E3965A5246F000E87FDE2A065FD89D4

	Issuer Properties:
		Common Name	Root Agency

	Subject Properties:
		Common Name	Root Agency

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	8F 07 93 3F 23 98 60 92 0F 2F D0 B4 BA EB FC 46
		Validity	4/17/1997 - 10/25/2016
		MD5 Hash	ACD80EA27BB72CE700DC22724A5F1E92
		SHA1 Hash	D559A586669B08F46A30A133F8A9ED3D038E2EA8

	Issuer Properties:
		Organization	VeriSign, Inc.
		Organizational Unit	Class 3 Public Primary Certification Authority
		Country	United States

	Subject Properties:
		Organization	VeriSign Trust Network
		Organizational Unit	VeriSign, Inc.
		Organizational Unit	VeriSign International Server CA - Class 3

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Baltimore CyberTrust Root ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	B9 00 00 02
		Validity	5/13/2000 - 5/13/2025
		MD5 Hash	ACB694A59C17E0D791529BB19706A6E4
		SHA1 Hash	D4DE20D05E66FC53FE1A50882C78DB2852CAE474

	Issuer Properties:
		Common Name	Baltimore CyberTrust Root
		Organization	Baltimore
		Organizational Unit	CyberTrust
		Country	Ireland

	Subject Properties:
		Common Name	Baltimore CyberTrust Root
		Organization	Baltimore
		Organizational Unit	CyberTrust
		Country	Ireland

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DigiCert ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	39 30 F0 1B FC 60 E5 8F FE 46 D8 17 E5 E0 E7 0C
		Validity	11/10/2006 - 11/10/2031
		MD5 Hash	87CE0B7B2A0E4900E158719B37A89372
		SHA1 Hash	0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

	Issuer Properties:
		Common Name	DigiCert Assured ID Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Subject Properties:
		Common Name	DigiCert Assured ID Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DigiCert ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	4A C7 91 59 C9 6A 75 A1 B1 46 42 90 56 E0 3B 08
		Validity	11/10/2006 - 11/10/2031
		MD5 Hash	79E4A9840D7D3A96D7C04FE2434C892E
		SHA1 Hash	A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436

	Issuer Properties:
		Common Name	DigiCert Global Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Subject Properties:
		Common Name	DigiCert Global Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DigiCert ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	77 25 46 AE F2 79 0B 8F 9B 40 0B 6A 26 5C AC 02
		Validity	11/10/2006 - 11/10/2031
		MD5 Hash	D474DE575C39B2D39C8583C5C065498A
		SHA1 Hash	5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25

	Issuer Properties:
		Common Name	DigiCert High Assurance EV Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Subject Properties:
		Common Name	DigiCert High Assurance EV Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GeoTrust Global CA ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	56 34 02
		Validity	5/21/2002 - 5/21/2022
		MD5 Hash	F775AB29FB514EB7775EFF053C998EF5
		SHA1 Hash	DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212

	Issuer Properties:
		Common Name	GeoTrust Global CA
		Organization	GeoTrust Inc.
		Country	United States

	Subject Properties:
		Common Name	GeoTrust Global CA
		Organization	GeoTrust Inc.
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GeoTrust ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	CF F4 DE 35
		Validity	8/22/1998 - 8/22/2018
		MD5 Hash	67CB9DC013248A829BB2171ED11BECD4
		SHA1 Hash	D23209AD23D314232174E40D7F9D62139786633A

	Issuer Properties:
		Organization	Equifax
		Organizational Unit	Equifax Secure Certificate Authority
		Country	United States

	Subject Properties:
		Organization	Equifax
		Organizational Unit	Equifax Secure Certificate Authority
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GTE CyberTrust Global Root ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	A5 01
		Validity	8/13/1998 - 8/14/2018
		MD5 Hash	CA3DD368F1035CD032FAB82B59E85ADB
		SHA1 Hash	97817950D81C9670CC34D809CF794431367EF474

	Issuer Properties:
		Common Name	GTE CyberTrust Global Root
		Organization	GTE Corporation
		Organizational Unit	GTE CyberTrust Solutions, Inc.
		Country	United States

	Subject Properties:
		Common Name	GTE CyberTrust Global Root
		Organization	GTE Corporation
		Organizational Unit	GTE CyberTrust Solutions, Inc.
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Authenticode(tm) Root ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	01
		Validity	1/1/1995 - 1/1/2000
		MD5 Hash	DC6D6FAF897CDD17332FB5BA9035E9CE
		SHA1 Hash	7F88CD7223F3C813818C994614A89C99FA3B5247

	Issuer Properties:
		Common Name	Microsoft Authenticode(tm) Root Authority
		Organization	MSFT
		Country	United States

	Subject Properties:
		Common Name	Microsoft Authenticode(tm) Root Authority
		Organization	MSFT
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	40 DF EC 63 F6 3E D1 11 88 3C 3C 8B 00 C1 00
		Validity	1/10/1997 - 12/31/2020
		MD5 Hash	2A954ECA79B2874573D92D90BAF99FB6
		SHA1 Hash	A43489159A520F0D93D032CCAF37E7FE20A8B419

	Issuer Properties:
		Common Name	Microsoft Root Authority
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Corporation

	Subject Properties:
		Common Name	Microsoft Root Authority
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Corporation

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Certificate Authority 2010 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	AA 39 43 6B 58 9B 9A 44 AC 44 BA BF 25 3A CC 28
		Validity	6/24/2010 - 6/24/2035
		MD5 Hash	A266BB7DCC38A562631361BBF61DD11B
		SHA1 Hash	3B1EFD3A66EA28B16697394703A72CA340A05BD5

	Issuer Properties:
		Common Name	Microsoft Root Certificate Authority 2010
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Subject Properties:
		Common Name	Microsoft Root Certificate Authority 2010
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Certificate Authority 2011 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	44 E1 42 6C D6 69 B5 43 96 B2 9F FC B5 C8 8B 3F
		Validity	3/23/2011 - 3/23/2036
		MD5 Hash	CE0490D5E56C34A5AE0BE98BE581185D
		SHA1 Hash	8F43288AD272F3103B6FB1428485EA3014C0BCFE

	Issuer Properties:
		Common Name	Microsoft Root Certificate Authority 2011
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Subject Properties:
		Common Name	Microsoft Root Certificate Authority 2011
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Certificate Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	65 2E 13 07 F4 58 73 4C AD A5 A0 4A A1 16 AD 79
		Validity	5/10/2001 - 5/10/2021
		MD5 Hash	E1C07EA0AABBD4B77B84C228117808A7
		SHA1 Hash	CDD4EEAE6000AC7F40C3802C171E30148030C072

	Issuer Properties:
		Common Name	Microsoft Root Certificate Authority

	Subject Properties:
		Common Name	Microsoft Root Certificate Authority

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Timestamp Root ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	01
		Validity	5/13/1997 - 12/31/1999
		MD5 Hash	556EBEF54C1D7C0360C43418BC9649C1
		SHA1 Hash	245C97DF7514E7CF2DF8BE72AE957B9E04741E85

	Issuer Properties:
		Organization	Microsoft Trust Network
		Organizational Unit	Microsoft Corporation
		Organizational Unit	Microsoft Time Stamping Service Root

	Subject Properties:
		Organization	Microsoft Trust Network
		Organizational Unit	Microsoft Corporation
		Organizational Unit	Microsoft Time Stamping Service Root

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Thawte Timestamping CA ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	00
		Validity	1/1/1997 - 1/1/2021
		MD5 Hash	7F667A71D3EB6978209A51149D83DA20
		SHA1 Hash	BE36A4562FB2EE05DBB3D32323ADF445084ED656

	Issuer Properties:
		Common Name	Thawte Timestamping CA
		Organization	Thawte
		Organizational Unit	Thawte Certification
		Country	South Africa
		Locality Name	Durbanville
		State/Province	Western Cape

	Subject Properties:
		Common Name	Thawte Timestamping CA
		Organization	Thawte
		Organizational Unit	Thawte Certification
		Country	South Africa
		Locality Name	Durbanville
		State/Province	Western Cape

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / thawte ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	6D 2B DB 37 CE 2F F4 49 EC ED D5 20 57 D5 4E 34
		Validity	11/17/2006 - 7/17/2036
		MD5 Hash	8CCADC0B22CEF5BE72AC411A11A8D812
		SHA1 Hash	91C6D6EE3E8AC86384E548C299295C756C817B81

	Issuer Properties:
		Common Name	thawte Primary Root CA
		Organization	thawte, Inc.
		Organizational Unit	Certification Services Division
		Organizational Unit	(c) 2006 thawte, Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	thawte Primary Root CA
		Organization	thawte, Inc.
		Organizational Unit	Certification Services Division
		Organizational Unit	(c) 2006 thawte, Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / The USERTrust Network™ ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	01
		Validity	5/30/2000 - 5/30/2020
		MD5 Hash	1D3554048578B03F42424DBF20730A3F
		SHA1 Hash	02FAF3E291435468607857694DF5E45B68851868

	Issuer Properties:
		Common Name	AddTrust External CA Root
		Organization	AddTrust AB
		Organizational Unit	AddTrust External TTP Network
		Country	Sweden

	Subject Properties:
		Common Name	AddTrust External CA Root
		Organization	AddTrust AB
		Organizational Unit	AddTrust External TTP Network
		Country	Sweden

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign Class 3 Public Primary CA ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD2 RSA (1.2.840.113549.1.1.2)
		Serial Number	BF BA CC 03 7B CA 38 B6 34 29 D9 10 1D E4 BA 70
		Validity	1/29/1996 - 8/2/2028
		MD5 Hash	10FC635DF6263E0DF325BE5F79CD6767
		SHA1 Hash	742C3192E607E424EB4549542BE1BBC53E6174E2

	Issuer Properties:
		Organization	VeriSign, Inc.
		Organizational Unit	Class 3 Public Primary Certification Authority
		Country	United States

	Subject Properties:
		Organization	VeriSign, Inc.
		Organizational Unit	Class 3 Public Primary Certification Authority
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign Time Stamping CA ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	A3 DC 5D 15 5F 73 5D A5 1C 59 82 8C 38 D2 19 4A
		Validity	5/12/1997 - 1/8/2004
		MD5 Hash	EBB04F1D3A2E372F1DDA6E27D6B680FA
		SHA1 Hash	18F7C1FCC3090203FD5BAA2F861A754976C8DD25

	Issuer Properties:
		Organization	VeriSign Trust Network
		Organizational Unit	VeriSign, Inc.
		Organizational Unit	VeriSign Time Stamping Service Root
		Organizational Unit	NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.

	Subject Properties:
		Organization	VeriSign Trust Network
		Organizational Unit	VeriSign, Inc.
		Organizational Unit	VeriSign Time Stamping Service Root
		Organizational Unit	NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	57 EF 29 71 48 90 EE D5 B9 62 3E A3 49 06 7E 9B 00
		Validity	10/1/1999 - 7/17/2036
		MD5 Hash	CD68B6A7C7C4CE75E01D4F5744619209
		SHA1 Hash	132D0D45534B6997CDB2D5C339E25576609B5CC6

	Issuer Properties:
		Common Name	VeriSign Class 3 Public Primary Certification Authority - G3
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 1999 VeriSign, Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	VeriSign Class 3 Public Primary Certification Authority - G3
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 1999 VeriSign, Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	4A 3B 6B CC CD 58 21 4A BB E8 7D 26 9E D1 DA 18
		Validity	11/8/2006 - 7/17/2036
		MD5 Hash	CB17E431673EE209FE455793F30AFA1C
		SHA1 Hash	4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5

	Issuer Properties:
		Common Name	VeriSign Class 3 Public Primary Certification Authority - G5
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 2006 VeriSign, Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	VeriSign Class 3 Public Primary Certification Authority - G5
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 2006 VeriSign, Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

UpTime


Current Session:
	Last Shutdown Time	2/28/2016 12:04:26 AM
	Last Boot Time	2/28/2016 12:07:28 AM
	Current Time	2/28/2016 2:40:50 PM
	UpTime	52402 sec (0 days, 14 hours, 33 min, 22 sec)

UpTime Statistics:
	First Boot Time	2/27/2016 12:24:55 AM
	First Shutdown Time	2/27/2016 12:35:33 AM
	Total UpTime	55655 sec (0 days, 15 hours, 27 min, 35 sec)
	Total DownTime	82257 sec (0 days, 22 hours, 50 min, 57 sec)
	Longest UpTime	52402 sec (0 days, 14 hours, 33 min, 22 sec)
	Longest DownTime	64376 sec (0 days, 17 hours, 52 min, 56 sec)
	Total Reboots	1
	System Availability	40.36%

Bluescreen Statistics:
	Total Bluescreens	0

Information:
	Information	The above statistics are based on System Event Log entries


Share Name	Type	Remark	Local Path
ADMIN$	Folder	Remote Admin	C:\windows
C$	Folder	Default share	C:\
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]

Account Security


Account Security Properties:
	Computer Role	Primary
	Domain Name	samsung-home
	Primary Domain Controller	Not Specified
	Forced Logoff Time	Disabled
	Min / Max Password Age	0 / 42 days
	Minimum Password Length	0 chars
	Password History Length	Disabled
	Lockout Threshold	Disabled
	Lockout Duration	30 min
	Lockout Observation Window	30 min

Logon


User	Full Name	Logon Server	Logon Domain
home		WIN-9R4OEB365TQ	samsung-home
home		WIN-9R4OEB365TQ	samsung-home
home		WIN-9R4OEB365TQ	samsung-home
home		WIN-9R4OEB365TQ	samsung-home
home		WIN-9R4OEB365TQ	samsung-home
home		WIN-9R4OEB365TQ	samsung-home
home		WIN-9R4OEB365TQ	samsung-home
home		WIN-9R4OEB365TQ	samsung-home

Users


[ Administrator ]

	User Properties:
		User Name	Administrator
		Full Name	Administrator
		Comment	Built-in account for administering the computer/domain
		Member Of Groups	Administrators
		Logon Count	17
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	Yes
		Locked Out User	No
		Home Folder Required	No
		Password Required	Yes
		Read-Only Password	No
		Password Never Expires	Yes

[ Guest ]

	User Properties:
		User Name	Guest
		Full Name	Guest
		Comment	Built-in account for guest access to the computer/domain
		Member Of Groups	Guests
		Logon Count	0
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	Yes
		Locked Out User	No
		Home Folder Required	No
		Password Required	No
		Read-Only Password	Yes
		Password Never Expires	Yes

[ home ]

	User Properties:
		User Name	home
		Full Name	home
		Member Of Groups	Administrators
		Logon Count	5
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	No
		Locked Out User	No
		Home Folder Required	No
		Password Required	No
		Read-Only Password	No
		Password Never Expires	Yes

Local Groups


[ Administrators ]

	Local Group Properties:
		Comment	Administrators have complete and unrestricted access to the computer/domain

	Group Members:
		Administrator
		home

[ Distributed COM Users ]

	Local Group Properties:
		Comment	Members are allowed to launch, activate and use Distributed COM objects on this machine.

[ Event Log Readers ]

	Local Group Properties:
		Comment	Members of this group can read event logs from local machine

[ Guests ]

	Local Group Properties:
		Comment	Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted

	Group Members:
		Guest

[ IIS_IUSRS ]

	Local Group Properties:
		Comment	Built-in group used by Internet Information Services.

	Group Members:
		IUSR

[ Performance Log Users ]

	Local Group Properties:
		Comment	Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer

[ Performance Monitor Users ]

	Local Group Properties:
		Comment	Members of this group can access performance counter data locally and remotely

[ Remote Management Users ]

	Local Group Properties:
		Comment	Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.

[ Users ]

	Local Group Properties:
		Comment	Users are prevented from making accidental or intentional system-wide changes and can run most applications

	Group Members:
		Authenticated Users
		INTERACTIVE

[ WinRMRemoteWMIUsers__ ]

	Local Group Properties:
		Comment	Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.

Global Groups


[ None ]

	Global Group Properties:
		Comment	Ordinary users

	Group Members:
		Administrator
		Guest
		home

Fonts


Font Family	Type	Style	Character Set	Char. Size	Char. Weight
@Adobe Fan Heiti Std B	Swiss	B	CHINESE_BIG5	32 x 40	60 %
@Adobe Fan Heiti Std B	Swiss	B	Cyrillic	32 x 40	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 40	60 %
@Adobe Fan Heiti Std B	Swiss	B	Western	32 x 40	60 %
@Adobe Gothic Std B	Swiss	B	Cyrillic	32 x 40	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 40	70 %
@Adobe Gothic Std B	Swiss	B	Hangul	32 x 40	70 %
@Adobe Gothic Std B	Swiss	B	Japanese	32 x 40	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 40	70 %
@Adobe Gothic Std B	Swiss	B	Western	32 x 40	70 %
@Adobe Heiti Std R	Swiss	R	Central European	31 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 40	40 %
@Adobe Heiti Std R	Swiss	R	Cyrillic	31 x 40	40 %
@Adobe Heiti Std R	Swiss	R	Japanese	31 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 40	40 %
@Adobe Ming Std L	Roman	L	CHINESE_BIG5	32 x 33	30 %
@Adobe Ming Std L	Roman	L	Cyrillic	32 x 33	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 33	30 %
@Adobe Ming Std L	Roman	L	Western	32 x 33	30 %
@Adobe Myungjo Std M	Roman	M	Cyrillic	32 x 33	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 33	50 %
@Adobe Myungjo Std M	Roman	M	Hangul	32 x 33	50 %
@Adobe Myungjo Std M	Roman	M	Japanese	32 x 33	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 33	50 %
@Adobe Myungjo Std M	Roman	M	Western	32 x 33	50 %
@Adobe Song Std L	Roman	L	Central European	31 x 36	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 36	30 %
@Adobe Song Std L	Roman	L	Cyrillic	31 x 36	30 %
@Adobe Song Std L	Roman	L	Japanese	31 x 36	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 36	30 %
@Batang	Roman	Regular	Baltic	16 x 32	40 %
@Batang	Roman	Regular	Central European	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@Batang	Roman	Regular	Greek	16 x 32	40 %
@Batang	Roman	Regular	Hangul	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@Batang	Roman	Regular	Western	16 x 32	40 %
@BatangChe	Modern	Regular	Baltic	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@BatangChe	Modern	Regular	Cyrillic	16 x 32	40 %
@BatangChe	Modern	Regular	Greek	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@BatangChe	Modern	Regular	Turkish	16 x 32	40 %
@BatangChe	Modern	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@DFKai-SB	Script	Regular	Western	16 x 32	40 %
@Dotum	Swiss	Regular	Baltic	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@Dotum	Swiss	Regular	Cyrillic	16 x 32	40 %
@Dotum	Swiss	Regular	Greek	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@Dotum	Swiss	Regular	Turkish	16 x 32	40 %
@Dotum	Swiss	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@DotumChe	Modern	Regular	Central European	16 x 32	40 %
@DotumChe	Modern	Regular	Cyrillic	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@DotumChe	Modern	Regular	Hangul	16 x 32	40 %
@DotumChe	Modern	Regular	Turkish	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@FangSong	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
@FangSong	Modern	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@Gulim	Swiss	Regular	Central European	16 x 32	40 %
@Gulim	Swiss	Regular	Cyrillic	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@Gulim	Swiss	Regular	Hangul	16 x 32	40 %
@Gulim	Swiss	Regular	Turkish	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@GulimChe	Modern	Regular	Baltic	16 x 32	40 %
@GulimChe	Modern	Regular	Central European	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@GulimChe	Modern	Regular	Greek	16 x 32	40 %
@GulimChe	Modern	Regular	Hangul	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@GulimChe	Modern	Regular	Western	16 x 32	40 %
@Gungsuh	Roman	Regular	Baltic	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@Gungsuh	Roman	Regular	Cyrillic	16 x 32	40 %
@Gungsuh	Roman	Regular	Greek	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@Gungsuh	Roman	Regular	Turkish	16 x 32	40 %
@Gungsuh	Roman	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@GungsuhChe	Modern	Regular	Central European	16 x 32	40 %
@GungsuhChe	Modern	Regular	Cyrillic	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@GungsuhChe	Modern	Regular	Hangul	16 x 32	40 %
@GungsuhChe	Modern	Regular	Turkish	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@KaiTi	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
@KaiTi	Modern	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 59	70 %
@Kozuka Gothic Pr6N B	Swiss	B	Central European	31 x 59	70 %
@Kozuka Gothic Pr6N B	Swiss	B	Cyrillic	31 x 59	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 59	70 %
@Kozuka Gothic Pr6N B	Swiss	B	Japanese	31 x 59	70 %
@Kozuka Gothic Pr6N B	Swiss	B	Mac	31 x 59	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 59	70 %
@Kozuka Gothic Pr6N B	Swiss	B	Western	31 x 59	70 %
@Kozuka Gothic Pr6N EL	Swiss	EL	Baltic	31 x 53	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	25 %
@Kozuka Gothic Pr6N EL	Swiss	EL	Cyrillic	31 x 53	25 %
@Kozuka Gothic Pr6N EL	Swiss	EL	Greek	31 x 53	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	25 %
@Kozuka Gothic Pr6N EL	Swiss	EL	Mac	31 x 53	25 %
@Kozuka Gothic Pr6N EL	Swiss	EL	Turkish	31 x 53	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	25 %
@Kozuka Gothic Pr6N H	Swiss	H	Baltic	31 x 59	90 %
@Kozuka Gothic Pr6N H	Swiss	H	Central European	31 x 59	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 59	90 %
@Kozuka Gothic Pr6N H	Swiss	H	Greek	31 x 59	90 %
@Kozuka Gothic Pr6N H	Swiss	H	Japanese	31 x 59	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 59	90 %
@Kozuka Gothic Pr6N H	Swiss	H	Turkish	31 x 59	90 %
@Kozuka Gothic Pr6N H	Swiss	H	Western	31 x 59	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 55	30 %
@Kozuka Gothic Pr6N L	Swiss	L	Central European	31 x 55	30 %
@Kozuka Gothic Pr6N L	Swiss	L	Cyrillic	31 x 55	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 55	30 %
@Kozuka Gothic Pr6N L	Swiss	L	Japanese	31 x 55	30 %
@Kozuka Gothic Pr6N L	Swiss	L	Mac	31 x 55	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 55	30 %
@Kozuka Gothic Pr6N L	Swiss	L	Western	31 x 55	30 %
@Kozuka Gothic Pr6N M	Swiss	M	Baltic	31 x 57	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 57	50 %
@Kozuka Gothic Pr6N M	Swiss	M	Cyrillic	31 x 57	50 %
@Kozuka Gothic Pr6N M	Swiss	M	Greek	31 x 57	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 57	50 %
@Kozuka Gothic Pr6N M	Swiss	M	Mac	31 x 57	50 %
@Kozuka Gothic Pr6N M	Swiss	M	Turkish	31 x 57	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 57	50 %
@Kozuka Gothic Pr6N R	Swiss	R	Baltic	31 x 56	40 %
@Kozuka Gothic Pr6N R	Swiss	R	Central European	31 x 56	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 56	40 %
@Kozuka Gothic Pr6N R	Swiss	R	Greek	31 x 56	40 %
@Kozuka Gothic Pr6N R	Swiss	R	Japanese	31 x 56	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 56	40 %
@Kozuka Gothic Pr6N R	Swiss	R	Turkish	31 x 56	40 %
@Kozuka Gothic Pr6N R	Swiss	R	Western	31 x 56	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	70 %
@Kozuka Mincho Pr6N B	Roman	B	Central European	31 x 53	70 %
@Kozuka Mincho Pr6N B	Roman	B	Cyrillic	31 x 53	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	70 %
@Kozuka Mincho Pr6N B	Roman	B	Japanese	31 x 53	70 %
@Kozuka Mincho Pr6N B	Roman	B	Mac	31 x 53	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	70 %
@Kozuka Mincho Pr6N B	Roman	B	Western	31 x 53	70 %
@Kozuka Mincho Pr6N EL	Roman	EL	Baltic	31 x 50	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 50	25 %
@Kozuka Mincho Pr6N EL	Roman	EL	Cyrillic	31 x 50	25 %
@Kozuka Mincho Pr6N EL	Roman	EL	Greek	31 x 50	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 50	25 %
@Kozuka Mincho Pr6N EL	Roman	EL	Mac	31 x 50	25 %
@Kozuka Mincho Pr6N EL	Roman	EL	Turkish	31 x 50	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 50	25 %
@Kozuka Mincho Pr6N H	Roman	H	Baltic	31 x 56	90 %
@Kozuka Mincho Pr6N H	Roman	H	Central European	31 x 56	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 56	90 %
@Kozuka Mincho Pr6N H	Roman	H	Greek	31 x 56	90 %
@Kozuka Mincho Pr6N H	Roman	H	Japanese	31 x 56	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 56	90 %
@Kozuka Mincho Pr6N H	Roman	H	Turkish	31 x 56	90 %
@Kozuka Mincho Pr6N H	Roman	H	Western	31 x 56	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 50	30 %
@Kozuka Mincho Pr6N L	Roman	L	Central European	31 x 50	30 %
@Kozuka Mincho Pr6N L	Roman	L	Cyrillic	31 x 50	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 50	30 %
@Kozuka Mincho Pr6N L	Roman	L	Japanese	31 x 50	30 %
@Kozuka Mincho Pr6N L	Roman	L	Mac	31 x 50	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 50	30 %
@Kozuka Mincho Pr6N L	Roman	L	Western	31 x 50	30 %
@Kozuka Mincho Pr6N M	Roman	M	Baltic	31 x 52	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 52	50 %
@Kozuka Mincho Pr6N M	Roman	M	Cyrillic	31 x 52	50 %
@Kozuka Mincho Pr6N M	Roman	M	Greek	31 x 52	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 52	50 %
@Kozuka Mincho Pr6N M	Roman	M	Mac	31 x 52	50 %
@Kozuka Mincho Pr6N M	Roman	M	Turkish	31 x 52	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 52	50 %
@Kozuka Mincho Pr6N R	Roman	R	Baltic	31 x 51	40 %
@Kozuka Mincho Pr6N R	Roman	R	Central European	31 x 51	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 51	40 %
@Kozuka Mincho Pr6N R	Roman	R	Greek	31 x 51	40 %
@Kozuka Mincho Pr6N R	Roman	R	Japanese	31 x 51	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 51	40 %
@Kozuka Mincho Pr6N R	Roman	R	Turkish	31 x 51	40 %
@Kozuka Mincho Pr6N R	Roman	R	Western	31 x 51	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 43	40 %
@Malgun Gothic	Swiss	Regular	Cyrillic	15 x 43	40 %
@Malgun Gothic	Swiss	Regular	Greek	15 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 43	40 %
@Malgun Gothic	Swiss	Regular	Western	15 x 43	40 %
@Meiryo UI	Swiss	Regular	Baltic	17 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 41	40 %
@Meiryo UI	Swiss	Regular	Cyrillic	17 x 41	40 %
@Meiryo UI	Swiss	Regular	Greek	17 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 41	40 %
@Meiryo UI	Swiss	Regular	Turkish	17 x 41	40 %
@Meiryo UI	Swiss	Regular	Western	17 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 48	40 %
@Meiryo	Swiss	Regular	Central European	31 x 48	40 %
@Meiryo	Swiss	Regular	Cyrillic	31 x 48	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 48	40 %
@Meiryo	Swiss	Regular	Japanese	31 x 48	40 %
@Meiryo	Swiss	Regular	Turkish	31 x 48	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 48	40 %
@Microsoft JhengHei UI	Swiss	Regular	CHINESE_BIG5	15 x 41	40 %
@Microsoft JhengHei UI	Swiss	Regular	Greek	15 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 41	40 %
@Microsoft JhengHei	Swiss	Regular	CHINESE_BIG5	15 x 43	40 %
@Microsoft JhengHei	Swiss	Regular	Greek	15 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 43	40 %
@Microsoft YaHei UI	Swiss	Regular	Central European	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	CHINESE_GB2312	15 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	Greek	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	Turkish	15 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 41	40 %
@Microsoft YaHei	Swiss	Regular	Central European	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	CHINESE_GB2312	15 x 42	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Greek	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Turkish	15 x 42	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 42	40 %
@MingLiU_HKSCS	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@MingLiU_HKSCS	Roman	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@MingLiU_HKSCS-ExtB	Roman	Regular	Western	16 x 32	40 %
@MingLiU	Modern	Regular	CHINESE_BIG5	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@MingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@MingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@MS Gothic	Modern	Regular	Central European	16 x 32	40 %
@MS Gothic	Modern	Regular	Cyrillic	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@MS Gothic	Modern	Regular	Japanese	16 x 32	40 %
@MS Gothic	Modern	Regular	Turkish	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@MS Mincho	Modern	Regular	Baltic	16 x 32	40 %
@MS Mincho	Modern	Regular	Central European	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@MS Mincho	Modern	Regular	Greek	16 x 32	40 %
@MS Mincho	Modern	Regular	Japanese	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@MS Mincho	Modern	Regular	Western	16 x 32	40 %
@MS PGothic	Swiss	Regular	Baltic	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
@MS PGothic	Swiss	Regular	Cyrillic	13 x 32	40 %
@MS PGothic	Swiss	Regular	Greek	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
@MS PGothic	Swiss	Regular	Turkish	13 x 32	40 %
@MS PGothic	Swiss	Regular	Western	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
@MS PMincho	Roman	Regular	Central European	13 x 32	40 %
@MS PMincho	Roman	Regular	Cyrillic	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
@MS PMincho	Roman	Regular	Japanese	13 x 32	40 %
@MS PMincho	Roman	Regular	Turkish	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
@MS UI Gothic	Swiss	Regular	Baltic	13 x 32	40 %
@MS UI Gothic	Swiss	Regular	Central European	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
@MS UI Gothic	Swiss	Regular	Greek	13 x 32	40 %
@MS UI Gothic	Swiss	Regular	Japanese	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
@MS UI Gothic	Swiss	Regular	Western	13 x 32	40 %
@NSimSun	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@PMingLiU	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@PMingLiU	Roman	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@PMingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
@SimHei	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@SimSun	Special	Regular	CHINESE_GB2312	16 x 32	40 %
@SimSun	Special	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@SimSun-ExtB	Modern	Regular	Western	16 x 32	40 %
ADMUI3Lg	Special		Western	6 x 13	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	5 x 12	40 %
Adobe Arabic	Roman	Regular	Arabic	20 x 35	40 %
Adobe Arabic	Roman	Regular	Mac	20 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 35	40 %
Adobe Caslon Pro Bold	Roman	Bold	Baltic	17 x 54	70 %
Adobe Caslon Pro Bold	Roman	Bold	Central European	17 x 54	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 54	70 %
Adobe Caslon Pro Bold	Roman	Bold	Turkish	17 x 54	70 %
Adobe Caslon Pro Bold	Roman	Bold	Western	17 x 54	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 54	40 %
Adobe Caslon Pro	Roman	Regular	Central European	17 x 54	40 %
Adobe Caslon Pro	Roman	Regular	Mac	17 x 54	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 54	40 %
Adobe Caslon Pro	Roman	Regular	Western	17 x 54	40 %
Adobe Fan Heiti Std B	Swiss	B	CHINESE_BIG5	32 x 40	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 40	60 %
Adobe Fan Heiti Std B	Swiss	B	Japanese	32 x 40	60 %
Adobe Fan Heiti Std B	Swiss	B	Western	32 x 40	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 38	70 %
Adobe Garamond Pro Bold	Roman	Bold	Central European	16 x 38	70 %
Adobe Garamond Pro Bold	Roman	Bold	Mac	16 x 38	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 38	70 %
Adobe Garamond Pro Bold	Roman	Bold	Western	16 x 38	70 %
Adobe Garamond Pro	Roman	Regular	Baltic	16 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 41	40 %
Adobe Garamond Pro	Roman	Regular	Mac	16 x 41	40 %
Adobe Garamond Pro	Roman	Regular	Turkish	16 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 41	40 %
Adobe Gothic Std B	Swiss	B	Cyrillic	32 x 40	70 %
Adobe Gothic Std B	Swiss	B	Hangul(Johab)	32 x 40	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 40	70 %
Adobe Gothic Std B	Swiss	B	Japanese	32 x 40	70 %
Adobe Gothic Std B	Swiss	B	Mac	32 x 40	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 40	70 %
Adobe Hebrew	Roman	Regular	Hebrew	15 x 40	40 %
Adobe Hebrew	Roman	Regular	Mac	15 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 40	40 %
Adobe Heiti Std R	Swiss	R	Central European	31 x 40	40 %
Adobe Heiti Std R	Swiss	R	CHINESE_GB2312	31 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 40	40 %
Adobe Heiti Std R	Swiss	R	Japanese	31 x 40	40 %
Adobe Heiti Std R	Swiss	R	Western	31 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 33	30 %
Adobe Ming Std L	Roman	L	Cyrillic	32 x 33	30 %
Adobe Ming Std L	Roman	L	Japanese	32 x 33	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 33	30 %
Adobe Myungjo Std M	Roman	M	Cyrillic	32 x 33	50 %
Adobe Myungjo Std M	Roman	M	Hangul(Johab)	32 x 33	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 33	50 %
Adobe Myungjo Std M	Roman	M	Japanese	32 x 33	50 %
Adobe Myungjo Std M	Roman	M	Mac	32 x 33	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 33	50 %
Adobe Pi Std	Decorative	Regular	Western	24 x 33	40 %
Adobe Song Std L	Roman	L	Central European	31 x 37	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 37	30 %
Adobe Song Std L	Roman	L	Cyrillic	31 x 37	30 %
Adobe Song Std L	Roman	L	Japanese	31 x 37	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 37	30 %
Adobe Thai	Roman	Regular	Mac	13 x 40	40 %
Adobe Thai	Roman	Regular	Thai	13 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 40	40 %
Aharoni	Special	Bold	Hebrew	15 x 32	70 %
Aldhabi	Special	Regular	Arabic	16 x 56	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 56	40 %
Andalus	Roman	Regular	Arabic	15 x 49	40 %
Andalus	Roman	Regular	Western	15 x 49	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	8 x 43	40 %
Angsana New	Roman	Regular	Western	8 x 43	40 %
AngsanaUPC	Roman	Regular	Thai	8 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	8 x 43	40 %
Aparajita	Swiss	Regular	Western	16 x 38	40 %
Arabic Typesetting	Script	Regular	Arabic	9 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	9 x 36	40 %
Arabic Typesetting	Script	Regular	Central European	9 x 36	40 %
Arabic Typesetting	Script	Regular	Turkish	9 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	9 x 36	40 %
Arial Black	Swiss	Regular	Baltic	18 x 45	90 %
Arial Black	Swiss	Regular	Central European	18 x 45	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 45	90 %
Arial Black	Swiss	Regular	Greek	18 x 45	90 %
Arial Black	Swiss	Regular	Turkish	18 x 45	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 45	90 %
Arial Narrow	Swiss	Regular	Baltic	12 x 36	40 %
Arial Narrow	Swiss	Regular	Central European	12 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 36	40 %
Arial Narrow	Swiss	Regular	Greek	12 x 36	40 %
Arial Narrow	Swiss	Regular	Turkish	12 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 36	40 %
Arial	Swiss	Regular	Arabic	14 x 36	40 %
Arial	Swiss	Regular	Baltic	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Arial	Swiss	Regular	Cyrillic	14 x 36	40 %
Arial	Swiss	Regular	Greek	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Arial	Swiss	Regular	Turkish	14 x 36	40 %
Arial	Swiss	Regular	Vietnamese	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Batang	Roman	Regular	Baltic	16 x 32	40 %
Batang	Roman	Regular	Central European	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
Batang	Roman	Regular	Greek	16 x 32	40 %
Batang	Roman	Regular	Hangul	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
Batang	Roman	Regular	Western	16 x 32	40 %
BatangChe	Modern	Regular	Baltic	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
BatangChe	Modern	Regular	Cyrillic	16 x 32	40 %
BatangChe	Modern	Regular	Greek	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
BatangChe	Modern	Regular	Turkish	16 x 32	40 %
BatangChe	Modern	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 75	40 %
Bickham Script Pro Regular	Script	Regular	Central European	15 x 75	40 %
Bickham Script Pro Regular	Script	Regular	Mac	15 x 75	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 75	40 %
Bickham Script Pro Regular	Script	Regular	Western	15 x 75	40 %
Birch Std	Script	Regular	Mac	10 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	10 x 38	40 %
Blackoak Std	Decorative	Regular	Mac	39 x 43	90 %
Blackoak Std	Decorative	Regular	Western	39 x 43	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 40	40 %
Book Antiqua	Roman	Regular	Central European	14 x 40	40 %
Book Antiqua	Roman	Regular	Cyrillic	14 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 40	40 %
Book Antiqua	Roman	Regular	Turkish	14 x 40	40 %
Book Antiqua	Roman	Regular	Western	14 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 36	30 %
Bookman Old Style	Roman	Regular	Central European	16 x 36	30 %
Bookman Old Style	Roman	Regular	Cyrillic	16 x 36	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 36	30 %
Bookman Old Style	Roman	Regular	Turkish	16 x 36	30 %
Bookman Old Style	Roman	Regular	Western	16 x 36	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	21 x 32	40 %
Browallia New	Swiss	Regular	Thai	9 x 40	40 %
Browallia New	Swiss	Regular	Western	9 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	9 x 40	40 %
BrowalliaUPC	Swiss	Regular	Western	9 x 40	40 %
Brush Script Std	Script	Medium	Mac	17 x 37	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 37	50 %
Caflisch Script Pro Light	Swiss	Light	Baltic	16 x 40	30 %
Caflisch Script Pro Light	Swiss	Light	Central European	16 x 40	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 40	30 %
Caflisch Script Pro Light	Swiss	Light	Turkish	16 x 40	30 %
Caflisch Script Pro Light	Swiss	Light	Western	16 x 40	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 40	40 %
Caflisch Script Pro Regular	Swiss	Regular	Central European	17 x 40	40 %
Caflisch Script Pro Regular	Swiss	Regular	Mac	17 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 40	40 %
Caflisch Script Pro Regular	Swiss	Regular	Western	17 x 40	40 %
Calibri Light	Swiss	Regular	Baltic	17 x 39	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	30 %
Calibri Light	Swiss	Regular	Cyrillic	17 x 39	30 %
Calibri Light	Swiss	Regular	Greek	17 x 39	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	30 %
Calibri Light	Swiss	Regular	Vietnamese	17 x 39	30 %
Calibri Light	Swiss	Regular	Western	17 x 39	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Calibri	Swiss	Regular	Central European	17 x 39	40 %
Calibri	Swiss	Regular	Cyrillic	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Calibri	Swiss	Regular	Turkish	17 x 39	40 %
Calibri	Swiss	Regular	Vietnamese	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Cambria Math	Roman	Regular	Baltic	20 x 179	40 %
Cambria Math	Roman	Regular	Central European	20 x 179	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 179	40 %
Cambria Math	Roman	Regular	Greek	20 x 179	40 %
Cambria Math	Roman	Regular	Turkish	20 x 179	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 179	40 %
Cambria Math	Roman	Regular	Western	20 x 179	40 %
Cambria	Roman	Regular	Baltic	20 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 38	40 %
Cambria	Roman	Regular	Cyrillic	20 x 38	40 %
Cambria	Roman	Regular	Greek	20 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 38	40 %
Cambria	Roman	Regular	Vietnamese	20 x 38	40 %
Cambria	Roman	Regular	Western	20 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Candara	Swiss	Regular	Central European	17 x 39	40 %
Candara	Swiss	Regular	Cyrillic	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Candara	Swiss	Regular	Turkish	17 x 39	40 %
Candara	Swiss	Regular	Vietnamese	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Century	Roman	Regular	Baltic	15 x 38	40 %
Century	Roman	Regular	Central European	15 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 38	40 %
Century	Roman	Regular	Greek	15 x 38	40 %
Century	Roman	Regular	Turkish	15 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 38	40 %
Chaparral Pro	Roman	Regular	Baltic	16 x 38	40 %
Chaparral Pro	Roman	Regular	Central European	16 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 38	40 %
Chaparral Pro	Roman	Regular	Turkish	16 x 38	40 %
Chaparral Pro	Roman	Regular	Western	16 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 38	40 %
Charlemagne Std	Decorative	Regular	Western	20 x 38	40 %
Comic Sans MS	Script	Regular	Baltic	15 x 45	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 45	40 %
Comic Sans MS	Script	Regular	Cyrillic	15 x 45	40 %
Comic Sans MS	Script	Regular	Greek	15 x 45	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 45	40 %
Comic Sans MS	Script	Regular	Western	15 x 45	40 %
Consolas	Modern	Regular	Baltic	18 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 37	40 %
Consolas	Modern	Regular	Cyrillic	18 x 37	40 %
Consolas	Modern	Regular	Greek	18 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 37	40 %
Consolas	Modern	Regular	Vietnamese	18 x 37	40 %
Consolas	Modern	Regular	Western	18 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Constantia	Roman	Regular	Central European	17 x 39	40 %
Constantia	Roman	Regular	Cyrillic	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Constantia	Roman	Regular	Turkish	17 x 39	40 %
Constantia	Roman	Regular	Vietnamese	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Cooper Std Black	Roman	Black	Mac	20 x 38	90 %
Cooper Std Black	Roman	Black	Western	20 x 38	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Corbel	Swiss	Regular	Central European	17 x 39	40 %
Corbel	Swiss	Regular	Cyrillic	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Corbel	Swiss	Regular	Turkish	17 x 39	40 %
Corbel	Swiss	Regular	Vietnamese	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Cordia New	Swiss	Regular	Thai	9 x 44	40 %
Cordia New	Swiss	Regular	Western	9 x 44	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	9 x 44	40 %
CordiaUPC	Swiss	Regular	Western	9 x 44	40 %
Courier New	Modern	Regular	Arabic	19 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 36	40 %
Courier New	Modern	Regular	Central European	19 x 36	40 %
Courier New	Modern	Regular	Cyrillic	19 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 36	40 %
Courier New	Modern	Regular	Hebrew	19 x 36	40 %
Courier New	Modern	Regular	Turkish	19 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 36	40 %
Courier New	Modern	Regular	Western	19 x 36	40 %
Courier Std	Modern	Medium	Mac	19 x 35	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 35	50 %
Courier	Modern		Western	8 x 13	40 %
DaunPenh	Special	Regular	Western	12 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 31	40 %
DFKai-SB	Script	Regular	CHINESE_BIG5	16 x 32	40 %
DFKai-SB	Script	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	9 x 42	40 %
DilleniaUPC	Roman	Regular	Western	9 x 42	40 %
DokChampa	Swiss	Regular	Thai	19 x 62	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 62	40 %
Dotum	Swiss	Regular	Baltic	16 x 32	40 %
Dotum	Swiss	Regular	Central European	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
Dotum	Swiss	Regular	Greek	16 x 32	40 %
Dotum	Swiss	Regular	Hangul	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
Dotum	Swiss	Regular	Western	16 x 32	40 %
DotumChe	Modern	Regular	Baltic	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
DotumChe	Modern	Regular	Cyrillic	16 x 32	40 %
DotumChe	Modern	Regular	Greek	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
DotumChe	Modern	Regular	Turkish	16 x 32	40 %
DotumChe	Modern	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 43	40 %
Ebrima	Special	Regular	Central European	19 x 43	40 %
Ebrima	Special	Regular	Turkish	19 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 43	40 %
Estrangelo Edessa	Script	Regular	Western	16 x 36	40 %
EucrosiaUPC	Roman	Regular	Thai	9 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	9 x 39	40 %
Euphemia	Swiss	Regular	Western	22 x 42	40 %
FangSong	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
Fixedsys	Modern		Western	8 x 15	40 %
Franklin Gothic Medium	Swiss	Regular	Baltic	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Cyrillic	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Greek	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Western	14 x 36	40 %
FrankRuehl	Swiss	Regular	Hebrew	13 x 30	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	9 x 38	40 %
FreesiaUPC	Swiss	Regular	Western	9 x 38	40 %
Gabriola	Decorative	Regular	Baltic	16 x 59	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 59	40 %
Gabriola	Decorative	Regular	Cyrillic	16 x 59	40 %
Gabriola	Decorative	Regular	Greek	16 x 59	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 59	40 %
Gabriola	Decorative	Regular	Western	16 x 59	40 %
Gadugi	Swiss	Regular	Western	18 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 36	40 %
Garamond	Roman	Regular	Central European	12 x 36	40 %
Garamond	Roman	Regular	Cyrillic	12 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 36	40 %
Garamond	Roman	Regular	Turkish	12 x 36	40 %
Garamond	Roman	Regular	Western	12 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 56	40 %
Georgia	Roman	Regular	Baltic	14 x 36	40 %
Georgia	Roman	Regular	Central European	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Georgia	Roman	Regular	Greek	14 x 36	40 %
Georgia	Roman	Regular	Turkish	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Giddyup Std	Script	Regular	Mac	14 x 38	40 %
Giddyup Std	Script	Regular	Western	14 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 38	40 %
Gisha	Swiss	Regular	Western	16 x 38	40 %
Graphite Std Light Narrow	Script	Light Narrow	Mac	11 x 35	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	11 x 35	30 %
Graphite Std Light Wide	Script	Light Wide	Mac	17 x 35	30 %
Graphite Std Light Wide	Script	Light Wide	Western	17 x 35	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 35	30 %
Graphite Std Light	Script	Light	Western	14 x 35	30 %
Graphite Std Narrow	Script	Narrow	Mac	12 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 36	40 %
Graphite Std Wide	Script	Wide	Mac	18 x 35	40 %
Graphite Std Wide	Script	Wide	Western	18 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 36	40 %
Graphite Std	Script	Regular	Western	15 x 36	40 %
Gulim	Swiss	Regular	Baltic	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
Gulim	Swiss	Regular	Cyrillic	16 x 32	40 %
Gulim	Swiss	Regular	Greek	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
Gulim	Swiss	Regular	Turkish	16 x 32	40 %
Gulim	Swiss	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
GulimChe	Modern	Regular	Central European	16 x 32	40 %
GulimChe	Modern	Regular	Cyrillic	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
GulimChe	Modern	Regular	Hangul	16 x 32	40 %
GulimChe	Modern	Regular	Turkish	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
Gungsuh	Roman	Regular	Baltic	16 x 32	40 %
Gungsuh	Roman	Regular	Central European	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
Gungsuh	Roman	Regular	Greek	16 x 32	40 %
Gungsuh	Roman	Regular	Hangul	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
Gungsuh	Roman	Regular	Western	16 x 32	40 %
GungsuhChe	Modern	Regular	Baltic	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
GungsuhChe	Modern	Regular	Cyrillic	16 x 32	40 %
GungsuhChe	Modern	Regular	Greek	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
GungsuhChe	Modern	Regular	Turkish	16 x 32	40 %
GungsuhChe	Modern	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	10 x 33	40 %
Haettenschweiler	Swiss	Regular	Central European	10 x 33	40 %
Haettenschweiler	Swiss	Regular	Cyrillic	10 x 33	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	10 x 33	40 %
Haettenschweiler	Swiss	Regular	Turkish	10 x 33	40 %
Haettenschweiler	Swiss	Regular	Western	10 x 33	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 45	50 %
Hobo Std	Swiss	Medium	Western	18 x 45	50 %
Impact	Swiss	Regular	Baltic	19 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 39	40 %
Impact	Swiss	Regular	Cyrillic	19 x 39	40 %
Impact	Swiss	Regular	Greek	19 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 39	40 %
Impact	Swiss	Regular	Western	19 x 39	40 %
IrisUPC	Swiss	Regular	Thai	9 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	9 x 40	40 %
Iskoola Pota	Swiss	Regular	Western	22 x 36	40 %
JasmineUPC	Roman	Regular	Thai	9 x 34	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	9 x 34	40 %
KaiTi	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
KaiTi	Modern	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 48	40 %
Kartika	Roman	Regular	Western	27 x 46	40 %
Khmer UI	Swiss	Regular	Western	21 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	9 x 31	40 %
KodchiangUPC	Roman	Regular	Western	9 x 31	40 %
Kokila	Swiss	Regular	Western	13 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 59	70 %
Kozuka Gothic Pr6N B	Swiss	B	Central European	31 x 59	70 %
Kozuka Gothic Pr6N B	Swiss	B	Cyrillic	31 x 59	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 59	70 %
Kozuka Gothic Pr6N B	Swiss	B	Japanese	31 x 59	70 %
Kozuka Gothic Pr6N B	Swiss	B	Mac	31 x 59	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 59	70 %
Kozuka Gothic Pr6N B	Swiss	B	Western	31 x 59	70 %
Kozuka Gothic Pr6N EL	Swiss	EL	Baltic	31 x 55	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 55	25 %
Kozuka Gothic Pr6N EL	Swiss	EL	Cyrillic	31 x 55	25 %
Kozuka Gothic Pr6N EL	Swiss	EL	Greek	31 x 55	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 55	25 %
Kozuka Gothic Pr6N EL	Swiss	EL	Mac	31 x 55	25 %
Kozuka Gothic Pr6N EL	Swiss	EL	Turkish	31 x 55	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 55	25 %
Kozuka Gothic Pr6N H	Swiss	H	Baltic	31 x 59	90 %
Kozuka Gothic Pr6N H	Swiss	H	Central European	31 x 59	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 59	90 %
Kozuka Gothic Pr6N H	Swiss	H	Greek	31 x 59	90 %
Kozuka Gothic Pr6N H	Swiss	H	Japanese	31 x 59	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 59	90 %
Kozuka Gothic Pr6N H	Swiss	H	Turkish	31 x 59	90 %
Kozuka Gothic Pr6N H	Swiss	H	Western	31 x 59	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 56	30 %
Kozuka Gothic Pr6N L	Swiss	L	Central European	31 x 56	30 %
Kozuka Gothic Pr6N L	Swiss	L	Cyrillic	31 x 56	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 56	30 %
Kozuka Gothic Pr6N L	Swiss	L	Japanese	31 x 56	30 %
Kozuka Gothic Pr6N L	Swiss	L	Mac	31 x 56	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 56	30 %
Kozuka Gothic Pr6N L	Swiss	L	Western	31 x 56	30 %
Kozuka Gothic Pr6N M	Swiss	M	Baltic	31 x 57	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 57	50 %
Kozuka Gothic Pr6N M	Swiss	M	Cyrillic	31 x 57	50 %
Kozuka Gothic Pr6N M	Swiss	M	Greek	31 x 57	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 57	50 %
Kozuka Gothic Pr6N M	Swiss	M	Mac	31 x 57	50 %
Kozuka Gothic Pr6N M	Swiss	M	Turkish	31 x 57	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 57	50 %
Kozuka Gothic Pr6N R	Swiss	R	Baltic	31 x 56	40 %
Kozuka Gothic Pr6N R	Swiss	R	Central European	31 x 56	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 56	40 %
Kozuka Gothic Pr6N R	Swiss	R	Greek	31 x 56	40 %
Kozuka Gothic Pr6N R	Swiss	R	Japanese	31 x 56	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 56	40 %
Kozuka Gothic Pr6N R	Swiss	R	Turkish	31 x 56	40 %
Kozuka Gothic Pr6N R	Swiss	R	Western	31 x 56	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 54	70 %
Kozuka Mincho Pr6N B	Roman	B	Central European	31 x 54	70 %
Kozuka Mincho Pr6N B	Roman	B	Cyrillic	31 x 54	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 54	70 %
Kozuka Mincho Pr6N B	Roman	B	Japanese	31 x 54	70 %
Kozuka Mincho Pr6N B	Roman	B	Mac	31 x 54	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 54	70 %
Kozuka Mincho Pr6N B	Roman	B	Western	31 x 54	70 %
Kozuka Mincho Pr6N EL	Roman	EL	Baltic	31 x 52	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 52	25 %
Kozuka Mincho Pr6N EL	Roman	EL	Cyrillic	31 x 52	25 %
Kozuka Mincho Pr6N EL	Roman	EL	Greek	31 x 52	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 52	25 %
Kozuka Mincho Pr6N EL	Roman	EL	Mac	31 x 52	25 %
Kozuka Mincho Pr6N EL	Roman	EL	Turkish	31 x 52	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 52	25 %
Kozuka Mincho Pr6N H	Roman	H	Baltic	31 x 55	90 %
Kozuka Mincho Pr6N H	Roman	H	Central European	31 x 55	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 55	90 %
Kozuka Mincho Pr6N H	Roman	H	Greek	31 x 55	90 %
Kozuka Mincho Pr6N H	Roman	H	Japanese	31 x 55	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 55	90 %
Kozuka Mincho Pr6N H	Roman	H	Turkish	31 x 55	90 %
Kozuka Mincho Pr6N H	Roman	H	Western	31 x 55	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	30 %
Kozuka Mincho Pr6N L	Roman	L	Central European	31 x 53	30 %
Kozuka Mincho Pr6N L	Roman	L	Cyrillic	31 x 53	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	30 %
Kozuka Mincho Pr6N L	Roman	L	Japanese	31 x 53	30 %
Kozuka Mincho Pr6N L	Roman	L	Mac	31 x 53	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	30 %
Kozuka Mincho Pr6N L	Roman	L	Western	31 x 53	30 %
Kozuka Mincho Pr6N M	Roman	M	Baltic	31 x 53	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	50 %
Kozuka Mincho Pr6N M	Roman	M	Cyrillic	31 x 53	50 %
Kozuka Mincho Pr6N M	Roman	M	Greek	31 x 53	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	50 %
Kozuka Mincho Pr6N M	Roman	M	Mac	31 x 53	50 %
Kozuka Mincho Pr6N M	Roman	M	Turkish	31 x 53	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	50 %
Kozuka Mincho Pr6N R	Roman	R	Baltic	31 x 53	40 %
Kozuka Mincho Pr6N R	Roman	R	Central European	31 x 53	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	40 %
Kozuka Mincho Pr6N R	Roman	R	Greek	31 x 53	40 %
Kozuka Mincho Pr6N R	Roman	R	Japanese	31 x 53	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	40 %
Kozuka Mincho Pr6N R	Roman	R	Turkish	31 x 53	40 %
Kozuka Mincho Pr6N R	Roman	R	Western	31 x 53	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 43	40 %
Latha	Swiss	Regular	Western	23 x 44	40 %
Leelawadee	Swiss	Regular	Thai	17 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 38	40 %
Levenim MT	Special	Regular	Hebrew	16 x 42	40 %
LilyUPC	Swiss	Regular	Thai	9 x 30	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	9 x 30	40 %
Lithos Pro Regular	Decorative	Regular	Baltic	20 x 38	40 %
Lithos Pro Regular	Decorative	Regular	Central European	20 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 38	40 %
Lithos Pro Regular	Decorative	Regular	Mac	20 x 38	40 %
Lithos Pro Regular	Decorative	Regular	Turkish	20 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 38	40 %
Lucida Console	Modern	Regular	Central European	19 x 32	40 %
Lucida Console	Modern	Regular	Cyrillic	19 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 32	40 %
Lucida Console	Modern	Regular	Turkish	19 x 32	40 %
Lucida Console	Modern	Regular	Western	19 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Central European	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Cyrillic	16 x 49	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Hebrew	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Turkish	16 x 49	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 49	40 %
Malgun Gothic	Swiss	Regular	Baltic	15 x 43	40 %
Malgun Gothic	Swiss	Regular	Cyrillic	15 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 43	40 %
Malgun Gothic	Swiss	Regular	Hangul	15 x 43	40 %
Malgun Gothic	Swiss	Regular	Western	15 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 54	40 %
Marlett	Special	Regular	Symbol	31 x 32	50 %
Meiryo UI	Swiss	Regular	Baltic	17 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 41	40 %
Meiryo UI	Swiss	Regular	Cyrillic	17 x 41	40 %
Meiryo UI	Swiss	Regular	Greek	17 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 41	40 %
Meiryo UI	Swiss	Regular	Turkish	17 x 41	40 %
Meiryo UI	Swiss	Regular	Western	17 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 48	40 %
Meiryo	Swiss	Regular	Central European	31 x 48	40 %
Meiryo	Swiss	Regular	Cyrillic	31 x 48	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 48	40 %
Meiryo	Swiss	Regular	Japanese	31 x 48	40 %
Meiryo	Swiss	Regular	Turkish	31 x 48	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 48	40 %
Mesquite Std	Decorative	Medium	Mac	9 x 38	50 %
Mesquite Std	Decorative	Medium	Western	9 x 38	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
Microsoft JhengHei UI	Swiss	Regular	CHINESE_BIG5	15 x 41	40 %
Microsoft JhengHei UI	Swiss	Regular	Greek	15 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 41	40 %
Microsoft JhengHei	Swiss	Regular	CHINESE_BIG5	15 x 43	40 %
Microsoft JhengHei	Swiss	Regular	Greek	15 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 43	40 %
Microsoft New Tai Lue	Swiss	Regular	Western	19 x 42	40 %
Microsoft PhagsPa	Swiss	Regular	Western	24 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Baltic	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Central European	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Greek	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Hebrew	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Turkish	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Vietnamese	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Microsoft Tai Le	Swiss	Regular	Western	19 x 41	40 %
Microsoft Uighur	Special	Regular	Arabic	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
Microsoft YaHei UI	Swiss	Regular	Central European	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	CHINESE_GB2312	15 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	Greek	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	Turkish	15 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 41	40 %
Microsoft YaHei	Swiss	Regular	Central European	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	CHINESE_GB2312	15 x 42	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Greek	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Turkish	15 x 42	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 42	40 %
Microsoft Yi Baiti	Script	Regular	Western	21 x 32	40 %
MingLiU_HKSCS	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
MingLiU_HKSCS-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
MingLiU_HKSCS-ExtB	Roman	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
MingLiU	Modern	Regular	Western	16 x 32	40 %
MingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
Minion Pro Cond	Roman	Bold Cond	Baltic	17 x 44	70 %
Minion Pro Cond	Roman	Bold Cond	Central European	17 x 44	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 44	70 %
Minion Pro Cond	Roman	Bold Cond	Greek	17 x 44	70 %
Minion Pro Cond	Roman	Bold Cond	Mac	17 x 44	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 44	70 %
Minion Pro Cond	Roman	Bold Cond	Western	17 x 44	70 %
Minion Pro Med	Roman	Medium	Baltic	17 x 43	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	50 %
Minion Pro Med	Roman	Medium	Cyrillic	17 x 43	50 %
Minion Pro Med	Roman	Medium	Greek	17 x 43	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	50 %
Minion Pro Med	Roman	Medium	Turkish	17 x 43	50 %
Minion Pro Med	Roman	Medium	Western	17 x 43	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
Minion Pro	Roman	Regular	Central European	17 x 43	40 %
Minion Pro	Roman	Regular	Cyrillic	17 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
Minion Pro	Roman	Regular	Mac	17 x 43	40 %
Minion Pro	Roman	Regular	Turkish	17 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
Miriam Fixed	Modern	Regular	Hebrew	19 x 32	40 %
Miriam	Swiss	Regular	Hebrew	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 37	40 %
Mongolian Baiti	Script	Regular	Western	14 x 34	40 %
Monotype Corsiva	Script	Regular	Baltic	11 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	11 x 35	40 %
Monotype Corsiva	Script	Regular	Cyrillic	11 x 35	40 %
Monotype Corsiva	Script	Regular	Greek	11 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	11 x 35	40 %
Monotype Corsiva	Script	Regular	Western	11 x 35	40 %
MoolBoran	Swiss	Regular	Western	13 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
MS Gothic	Modern	Regular	Central European	16 x 32	40 %
MS Gothic	Modern	Regular	Cyrillic	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
MS Gothic	Modern	Regular	Japanese	16 x 32	40 %
MS Gothic	Modern	Regular	Turkish	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
MS Mincho	Modern	Regular	Baltic	16 x 32	40 %
MS Mincho	Modern	Regular	Central European	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
MS Mincho	Modern	Regular	Greek	16 x 32	40 %
MS Mincho	Modern	Regular	Japanese	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
MS Mincho	Modern	Regular	Western	16 x 32	40 %
MS Outlook	Special	Regular	Symbol	31 x 33	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
MS PGothic	Swiss	Regular	Central European	13 x 32	40 %
MS PGothic	Swiss	Regular	Cyrillic	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
MS PGothic	Swiss	Regular	Japanese	13 x 32	40 %
MS PGothic	Swiss	Regular	Turkish	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
MS PMincho	Roman	Regular	Baltic	13 x 32	40 %
MS PMincho	Roman	Regular	Central European	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
MS PMincho	Roman	Regular	Greek	13 x 32	40 %
MS PMincho	Roman	Regular	Japanese	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
MS PMincho	Roman	Regular	Western	13 x 32	40 %
MS Reference Sans Serif	Swiss	Regular	Baltic	16 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 39	40 %
MS Reference Sans Serif	Swiss	Regular	Cyrillic	16 x 39	40 %
MS Reference Sans Serif	Swiss	Regular	Greek	16 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 39	40 %
MS Reference Sans Serif	Swiss	Regular	Vietnamese	16 x 39	40 %
MS Reference Sans Serif	Swiss	Regular	Western	16 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	23 x 39	40 %
MS Sans Serif	Swiss		Western	5 x 13	40 %
MS Serif	Roman		Western	5 x 13	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
MS UI Gothic	Swiss	Regular	Central European	13 x 32	40 %
MS UI Gothic	Swiss	Regular	Cyrillic	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
MS UI Gothic	Swiss	Regular	Japanese	13 x 32	40 %
MS UI Gothic	Swiss	Regular	Turkish	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
MT Extra	Roman	Regular	Symbol	20 x 32	40 %
MV Boli	Special	Regular	Western	18 x 52	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 60	40 %
Myriad Pro Cond	Swiss	Condensed	Baltic	12 x 38	40 %
Myriad Pro Cond	Swiss	Condensed	Central European	12 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 38	40 %
Myriad Pro Cond	Swiss	Condensed	Greek	12 x 38	40 %
Myriad Pro Cond	Swiss	Condensed	Mac	12 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 38	40 %
Myriad Pro Cond	Swiss	Condensed	Western	12 x 38	40 %
Myriad Pro Light Cond	Swiss	Light Condensed	Baltic	11 x 37	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	11 x 37	30 %
Myriad Pro Light Cond	Swiss	Light Condensed	Cyrillic	11 x 37	30 %
Myriad Pro Light Cond	Swiss	Light Condensed	Greek	11 x 37	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	11 x 37	30 %
Myriad Pro Light Cond	Swiss	Light Condensed	Turkish	11 x 37	30 %
Myriad Pro Light Cond	Swiss	Light Condensed	Western	11 x 37	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 38	30 %
Myriad Pro Light SemiCond	Swiss	Light SemiCondensed	Central European	14 x 38	30 %
Myriad Pro Light SemiCond	Swiss	Light SemiCondensed	Cyrillic	14 x 38	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 38	30 %
Myriad Pro Light SemiCond	Swiss	Light SemiCondensed	Mac	14 x 38	30 %
Myriad Pro Light SemiCond	Swiss	Light SemiCondensed	Turkish	14 x 38	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 38	30 %
Myriad Pro Light SemiExt	Swiss	Light SemiExtended	Baltic	16 x 38	30 %
Myriad Pro Light SemiExt	Swiss	Light SemiExtended	Central European	16 x 38	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 38	30 %
Myriad Pro Light SemiExt	Swiss	Light SemiExtended	Greek	16 x 38	30 %
Myriad Pro Light SemiExt	Swiss	Light SemiExtended	Mac	16 x 38	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 38	30 %
Myriad Pro Light SemiExt	Swiss	Light SemiExtended	Western	16 x 38	30 %
Myriad Pro Light	Swiss	Light	Baltic	15 x 38	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 38	30 %
Myriad Pro Light	Swiss	Light	Cyrillic	15 x 38	30 %
Myriad Pro Light	Swiss	Light	Greek	15 x 38	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 38	30 %
Myriad Pro Light	Swiss	Light	Turkish	15 x 38	30 %
Myriad Pro Light	Swiss	Light	Western	15 x 38	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 38	40 %
Myriad Pro SemiCond	Swiss	SemiCondensed	Central European	14 x 38	40 %
Myriad Pro SemiCond	Swiss	SemiCondensed	Cyrillic	14 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 38	40 %
Myriad Pro SemiCond	Swiss	SemiCondensed	Mac	14 x 38	40 %
Myriad Pro SemiCond	Swiss	SemiCondensed	Turkish	14 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 38	40 %
Myriad Pro SemiExt	Swiss	SemiExtended	Baltic	17 x 39	40 %
Myriad Pro SemiExt	Swiss	SemiExtended	Central European	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Myriad Pro SemiExt	Swiss	SemiExtended	Greek	17 x 39	40 %
Myriad Pro SemiExt	Swiss	SemiExtended	Mac	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Myriad Pro SemiExt	Swiss	SemiExtended	Western	17 x 39	40 %
Myriad Pro	Swiss	Regular	Baltic	15 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 38	40 %
Myriad Pro	Swiss	Regular	Cyrillic	15 x 38	40 %
Myriad Pro	Swiss	Regular	Greek	15 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 38	40 %
Myriad Pro	Swiss	Regular	Turkish	15 x 38	40 %
Myriad Pro	Swiss	Regular	Western	15 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 36	40 %
Myriad Web Pro Condensed	Swiss	Regular	Central European	12 x 36	40 %
Myriad Web Pro Condensed	Swiss	Regular	Turkish	12 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 36	40 %
Myriad Web Pro	Swiss	Regular	Baltic	14 x 36	40 %
Myriad Web Pro	Swiss	Regular	Central European	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Myriad Web Pro	Swiss	Regular	Western	14 x 36	40 %
Narkisim	Swiss	Regular	Hebrew	12 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 43	40 %
NSimSun	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
NSimSun	Modern	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	10 x 32	40 %
Nueva Std Cond	Swiss	Condensed	Western	10 x 32	40 %
Nueva Std	Swiss	Regular	Mac	14 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 32	40 %
Nyala	Special	Regular	Baltic	18 x 33	40 %
Nyala	Special	Regular	Central European	18 x 33	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 33	40 %
Nyala	Special	Regular	Western	18 x 33	40 %
OCR A Std	Modern	Regular	Mac	23 x 34	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	23 x 34	40 %
Orator Std	Modern	Medium	Mac	19 x 43	40 %
Orator Std	Modern	Medium	Western	19 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 43	40 %
Palatino Linotype	Roman	Regular	Central European	14 x 43	40 %
Palatino Linotype	Roman	Regular	Cyrillic	14 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 43	40 %
Palatino Linotype	Roman	Regular	Turkish	14 x 43	40 %
Palatino Linotype	Roman	Regular	Vietnamese	14 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 43	40 %
Plantagenet Cherokee	Roman	Regular	Western	14 x 41	40 %
PMingLiU	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
PMingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
PMingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 38	70 %
Poplar Std	Decorative	Black	Western	13 x 38	70 %
Postino Std	Roman	Regular	Mac	24 x 41	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	24 x 41	50 %
Prestige Elite Std	Modern	Regular	Mac	19 x 36	40 %
Prestige Elite Std	Modern	Regular	Western	19 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 53	40 %
Rod	Modern	Regular	Hebrew	19 x 31	40 %
Roman	Roman		OEM/DOS	22 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 37	70 %
Rosewood Std Regular	Decorative	Regular	Western	16 x 37	70 %
Sakkal Majalla	Special	Regular	Arabic	16 x 45	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 45	40 %
Sakkal Majalla	Special	Regular	Central European	16 x 45	40 %
Sakkal Majalla	Special	Regular	Turkish	16 x 45	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 45	40 %
Sanvito Pro Light	Script	Light	Baltic	12 x 35	30 %
Sanvito Pro Light	Script	Light	Central European	12 x 35	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 35	30 %
Sanvito Pro Light	Script	Light	Turkish	12 x 35	30 %
Sanvito Pro Light	Script	Light	Western	12 x 35	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 35	40 %
Sanvito Pro	Script	Regular	Central European	13 x 35	40 %
Sanvito Pro	Script	Regular	Mac	13 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 35	40 %
Sanvito Pro	Script	Regular	Western	13 x 35	40 %
Script	Script		OEM/DOS	16 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	21 x 56	40 %
Segoe Print	Special	Regular	Central European	21 x 56	40 %
Segoe Print	Special	Regular	Cyrillic	21 x 56	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	21 x 56	40 %
Segoe Print	Special	Regular	Turkish	21 x 56	40 %
Segoe Print	Special	Regular	Western	21 x 56	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	22 x 51	40 %
Segoe Script	Swiss	Regular	Central European	22 x 51	40 %
Segoe Script	Swiss	Regular	Cyrillic	22 x 51	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	22 x 51	40 %
Segoe Script	Swiss	Regular	Turkish	22 x 51	40 %
Segoe Script	Swiss	Regular	Western	22 x 51	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Baltic	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Central European	17 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Greek	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Hebrew	17 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Vietnamese	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Western	17 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Baltic	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Central European	18 x 43	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Greek	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Hebrew	18 x 43	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Vietnamese	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Western	18 x 43	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Baltic	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Central European	17 x 43	35 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Greek	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Hebrew	17 x 43	35 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Vietnamese	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Western	17 x 43	35 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	23 x 43	40 %
Segoe UI	Swiss	Regular	Arabic	17 x 43	40 %
Segoe UI	Swiss	Regular	Baltic	17 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
Segoe UI	Swiss	Regular	Cyrillic	17 x 43	40 %
Segoe UI	Swiss	Regular	Greek	17 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
Segoe UI	Swiss	Regular	Turkish	17 x 43	40 %
Segoe UI	Swiss	Regular	Vietnamese	17 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
Shonar Bangla	Swiss	Regular	Western	16 x 41	40 %
Shruti	Swiss	Regular	Western	14 x 54	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
SimHei	Modern	Regular	Western	16 x 32	40 %
Simplified Arabic Fixed	Modern	Regular	Arabic	19 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 35	40 %
Simplified Arabic	Roman	Regular	Arabic	13 x 53	40 %
Simplified Arabic	Roman	Regular	Western	13 x 53	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
SimSun	Special	Regular	Western	16 x 32	40 %
SimSun-ExtB	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
Small Fonts	Swiss		Western	1 x 3	40 %
Stencil Std	Decorative	Bold	Mac	20 x 42	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 42	70 %
Sylfaen	Roman	Regular	Baltic	13 x 42	40 %
Sylfaen	Roman	Regular	Central European	13 x 42	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 42	40 %
Sylfaen	Roman	Regular	Greek	13 x 42	40 %
Sylfaen	Roman	Regular	Turkish	13 x 42	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 42	40 %
Symbol	Roman	Regular	Symbol	19 x 39	40 %
System	Swiss		Western	7 x 16	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 39	40 %
Tahoma	Swiss	Regular	Baltic	14 x 39	40 %
Tahoma	Swiss	Regular	Central European	14 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 39	40 %
Tahoma	Swiss	Regular	Greek	14 x 39	40 %
Tahoma	Swiss	Regular	Hebrew	14 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 39	40 %
Tahoma	Swiss	Regular	Turkish	14 x 39	40 %
Tahoma	Swiss	Regular	Vietnamese	14 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 39	40 %
Tekton Pro Cond	Swiss	Bold Condensed	Baltic	12 x 39	70 %
Tekton Pro Cond	Swiss	Bold Condensed	Central European	12 x 39	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 39	70 %
Tekton Pro Cond	Swiss	Bold Condensed	Turkish	12 x 39	70 %
Tekton Pro Cond	Swiss	Bold Condensed	Western	12 x 39	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 39	70 %
Tekton Pro Ext	Swiss	Bold Extended	Central European	19 x 39	70 %
Tekton Pro Ext	Swiss	Bold Extended	Mac	19 x 39	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 39	70 %
Tekton Pro Ext	Swiss	Bold Extended	Western	19 x 39	70 %
Tekton Pro	Swiss	Regular	Baltic	15 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 38	40 %
Tekton Pro	Swiss	Regular	Mac	15 x 38	40 %
Tekton Pro	Swiss	Regular	Turkish	15 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 38	40 %
Terminal	Modern		OEM/DOS	4 x 6	40 %
Times New Roman	Roman	Regular	Arabic	13 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 35	40 %
Times New Roman	Roman	Regular	Central European	13 x 35	40 %
Times New Roman	Roman	Regular	Cyrillic	13 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 35	40 %
Times New Roman	Roman	Regular	Hebrew	13 x 35	40 %
Times New Roman	Roman	Regular	Turkish	13 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 35	40 %
Times New Roman	Roman	Regular	Western	13 x 35	40 %
Traditional Arabic	Roman	Regular	Arabic	15 x 48	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 48	40 %
Trajan Pro	Roman	Regular	Baltic	20 x 40	40 %
Trajan Pro	Roman	Regular	Central European	20 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 40	40 %
Trajan Pro	Roman	Regular	Turkish	20 x 40	40 %
Trajan Pro	Roman	Regular	Western	20 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Central European	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Cyrillic	15 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Turkish	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Western	15 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 53	40 %
Urdu Typesetting	Script	Regular	Arabic	13 x 55	40 %
Urdu Typesetting	Script	Regular	Baltic	13 x 55	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 55	40 %
Urdu Typesetting	Script	Regular	Turkish	13 x 55	40 %
Urdu Typesetting	Script	Regular	Western	13 x 55	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 36	40 %
Vani	Swiss	Regular	Western	23 x 54	40 %
Verdana	Swiss	Regular	Baltic	16 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 39	40 %
Verdana	Swiss	Regular	Cyrillic	16 x 39	40 %
Verdana	Swiss	Regular	Greek	16 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 39	40 %
Verdana	Swiss	Regular	Vietnamese	16 x 39	40 %
Verdana	Swiss	Regular	Western	16 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 32	40 %
Vrinda	Swiss	Regular	Western	20 x 44	40 %
Webdings	Roman	Regular	Symbol	31 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	27 x 34	40 %
Wingdings 3	Roman	Regular	Symbol	25 x 36	40 %
Wingdings	Special	Regular	Symbol	28 x 36	40 %

Audio Codecs


[ Fraunhofer IIS MPEG Layer-3 Codec (decode only) ]

	ACM Driver Properties:
		Driver Description	Fraunhofer IIS MPEG Layer-3 Codec (decode only)
		Copyright Notice	Copyright © 1996-1999 Fraunhofer Institut Integrierte Schaltungen IIS
		Driver Features	decoder only version
		Driver Version	1.09

[ Microsoft ADPCM CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft ADPCM CODEC
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses Microsoft ADPCM audio data.
		Driver Version	4.00

[ Microsoft CCITT G.711 A-Law and u-Law CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft CCITT G.711 A-Law and u-Law CODEC
		Copyright Notice	Copyright (c) 1993-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses CCITT G.711 A-Law and u-Law audio data.
		Driver Version	4.00

[ Microsoft GSM 6.10 Audio CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft GSM 6.10 Audio CODEC
		Copyright Notice	Copyright (C) 1993-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses audio data conforming to the ETSI-GSM (European Telecommunications Standards Institute-Groupe Special Mobile) recommendation 6.10.
		Driver Version	4.00

[ Microsoft IMA ADPCM CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft IMA ADPCM CODEC
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses IMA ADPCM audio data.
		Driver Version	4.00

[ Microsoft PCM Converter ]

	ACM Driver Properties:
		Driver Description	Microsoft PCM Converter
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Converts frequency and bits per sample of PCM audio data.
		Driver Version	5.00

Video Codecs


Driver	Version	Description
iccvid.dll	1.10.0.11	Cinepak® Codec
iyuv_32.dll	6.2.9200.16384 (win8_rtm.120725-1247)	Intel Indeo(R) Video YUV Codec
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
msvidc32.dll	6.2.9200.16384 (win8_rtm.120725-1247)	Microsoft Video 1 Compressor
msyuv.dll	6.2.9200.16384 (win8_rtm.120725-1247)	Microsoft UYVY Video Decompressor
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]

MCI


[ AVIVideo ]

	MCI Device Properties:
		Device	AVIVideo
		Name	Video for Windows
		Description	Video For Windows MCI driver
		Type	Digital Video Device
		Driver	mciavi32.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Play In Reverse	Yes
		Can Record	No
		Can Save Data	No
		Can Freeze Data	No
		Can Lock Data	No
		Can Stretch Frame	Yes
		Can Stretch Input	No
		Can Test	Yes
		Audio Capable	Yes
		Video Capable	Yes
		Still Image Capable	No

[ CDAudio ]

	MCI Device Properties:
		Device	CDAudio
		Name	CD Audio
		Description	MCI driver for cdaudio devices
		Type	CD Audio Device
		Driver	mcicda.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	No
		File Based Device	No
		Can Eject	Yes
		Can Play	Yes
		Can Record	No
		Can Save Data	No
		Audio Capable	Yes
		Video Capable	No

[ MPEGVideo ]

	MCI Device Properties:
		Device	MPEGVideo
		Name	DirectShow
		Description	DirectShow MCI Driver
		Type	Digital Video Device
		Driver	mciqtz32.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Play In Reverse	No
		Can Record	No
		Can Save Data	No
		Can Freeze Data	No
		Can Lock Data	No
		Can Stretch Frame	Yes
		Can Stretch Input	No
		Can Test	Yes
		Audio Capable	Yes
		Video Capable	Yes
		Still Image Capable	No

[ Sequencer ]

	MCI Device Properties:
		Device	Sequencer
		Name	MIDI Sequencer
		Description	MCI driver for MIDI sequencer
		Type	Sequencer Device
		Driver	mciseq.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Record	No
		Can Save Data	No
		Audio Capable	Yes
		Video Capable	No

[ WaveAudio ]

	MCI Device Properties:
		Device	WaveAudio
		Name	Sound
		Description	MCI driver for waveform audio
		Type	Waveform Audio Device
		Driver	mciwave.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Record	Yes
		Can Save Data	Yes
		Audio Capable	Yes
		Video Capable	No

SAPI


SAPI Properties:
	SAPI4 Version	-
	SAPI5 Version	5.3.15125.0

Voice (SAPI5):
	Name	Microsoft David Desktop - English (United States)
	Voice Path	C:\windows\Speech\Engines\TTS\en-US\M1033DAV
	Age	Adult
	Gender	Male
	Language	English (United States)
	Vendor	Microsoft
	Version	10.4
	DLL File	C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll (x86)
	CLSID	{C64501F6-E6E6-451f-A150-25D0839BC510}

Voice (SAPI5):
	Name	Microsoft Hazel Desktop - English (Great Britain)
	Voice Path	C:\windows\Speech\Engines\TTS\en-GB\M2057HAZ
	Age	Adult
	Gender	Female
	Language	English (United Kingdom)
	Vendor	Microsoft
	Version	10.4
	DLL File	C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll (x86)
	CLSID	{C64501F6-E6E6-451f-A150-25D0839BC510}

Voice (SAPI5):
	Name	Microsoft Helena Desktop - Spanish
	Voice Path	C:\windows\Speech\Engines\TTS\es-ES\M3082HEL
	Age	Adult
	Gender	Female
	Language	Spanish (Spain, International Sort)
	Vendor	Microsoft
	Version	10.4
	DLL File	C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll (x86)
	CLSID	{C64501F6-E6E6-451f-A150-25D0839BC510}

Voice (SAPI5):
	Name	Microsoft Hortense Desktop - French
	Voice Path	C:\windows\Speech\Engines\TTS\fr-FR\M1036HOR
	Age	Adult
	Gender	Female
	Language	French (France)
	Vendor	Microsoft
	Version	10.4
	DLL File	C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll (x86)
	CLSID	{C64501F6-E6E6-451f-A150-25D0839BC510}

Voice (SAPI5):
	Name	Microsoft Zira Desktop - English (United States)
	Voice Path	C:\windows\Speech\Engines\TTS\en-US\M1033ZIR
	Age	Adult
	Gender	Female
	Language	English (United States)
	Vendor	Microsoft
	Version	10.4
	DLL File	C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll (x86)
	CLSID	{C64501F6-E6E6-451f-A150-25D0839BC510}

Speech Recognizer (SAPI5):
	Name	Microsoft Speech Recognizer 8.0 for Windows (English - UK)
	Description	Microsoft Speech Recognizer 8.0 for Windows (English - UK)
	FE Config Data File	C:\windows\Speech\Engines\SR\en-GB\c2057dsk.fe
	Language	English (United Kingdom)
	Speaking Style	Discrete;Continuous
	Supported Locales	English (United Kingdom); English (Australia); English (New Zealand); English (Ireland); English (South Africa); English (Jamaica); English (Caribbean); English (Belize); English (Trinidad and Tobago); English (Zimbabwe); English (India); English (Malaysia); English (Singapore); English
	Vendor	Microsoft
	Version	8.0
	DLL File	C:\windows\System32\Speech\Engines\SR\spsreng.dll (x64)
	CLSID	{DAC9F469-0C67-4643-9258-87EC128C5941}
	RecoExtension	{4F4DB904-CA35-4A3A-90AF-C9D8BE7532AC}

Speech Recognizer (SAPI5):
	Name	Microsoft Speech Recognizer 8.0 for Windows (English - US)
	Description	Microsoft Speech Recognizer 8.0 for Windows (English - US)
	FE Config Data File	C:\windows\Speech\Engines\SR\en-US\c1033dsk.fe
	Language	English (United States); English
	Speaking Style	Discrete;Continuous
	Supported Locales	English (United States); English (Canada); English (Philippines); English
	Vendor	Microsoft
	Version	8.0
	DLL File	C:\windows\System32\Speech\Engines\SR\spsreng.dll (x64)
	CLSID	{DAC9F469-0C67-4643-9258-87EC128C5941}
	RecoExtension	{4F4DB904-CA35-4A3A-90AF-C9D8BE7532AC}

Speech Recognizer (SAPI5):
	Name	Microsoft Speech Recognizer 8.0 for Windows (French - France)
	Description	Microsoft Speech Recognizer 8.0 for Windows (French - France)
	FE Config Data File	C:\windows\Speech\Engines\SR\fr-FR\c1036dsk.fe
	Language	French (France)
	Speaking Style	Discrete;Continuous
	Supported Locales	French (France); French
	Vendor	Microsoft
	Version	8.0
	DLL File	C:\windows\System32\Speech\Engines\SR\spsreng.dll (x64)
	CLSID	{DAC9F469-0C67-4643-9258-87EC128C5941}
	RecoExtension	{4F4DB904-CA35-4A3A-90AF-C9D8BE7532AC}

Speech Recognizer (SAPI5):
	Name	Microsoft Speech Recognizer 8.0 for Windows (Spanish - Spain)
	Description	Microsoft Speech Recognizer 8.0 for Windows (Spanish - Spain)
	FE Config Data File	C:\windows\Speech\Engines\SR\es-ES\c3082dsk.fe
	Language	Spanish (Spain, International Sort); Spanish (Spain, Traditional Sort)
	Speaking Style	Discrete;Continuous
	Supported Locales	Spanish (Spain, International Sort); Spanish (Spain, Traditional Sort); Spanish
	Vendor	Microsoft
	Version	8.0
	DLL File	C:\windows\System32\Speech\Engines\SR\spsreng.dll (x64)
	CLSID	{DAC9F469-0C67-4643-9258-87EC128C5941}
	RecoExtension	{4F4DB904-CA35-4A3A-90AF-C9D8BE7532AC}

Internet


Internet Settings:
	Start Page	http://samsung13.msn.com/?pc=smjb
	Search Page	http://go.microsoft.com/fwlink/?LinkId=54896
	Local Page	C:\windows\system32\blank.htm
	Download Folder

Current Proxy:
	Proxy Status	Disabled

LAN Proxy:
	Proxy Status	Disabled

Routes


Type	Net Destination	Netmask	Gateway	Metric	Interface
Active	0.0.0.0	0.0.0.0	192.168.100.1	25	192.168.100.19 (Intel(R) Centrino(R) Advanced-N 6235)
Active	127.0.0.0	255.0.0.0	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	306	[ TRIAL VERSION ]
Active	127.255.255.255	255.255.255.255	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	192.168.100.0	255.255.255.0	192.168.100.19	281	192.168.100.19 (Intel(R) Centrino(R) Advanced-N 6235)
Active	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	281	[ TRIAL VERSION ]
Active	192.168.100.255	255.255.255.255	192.168.100.19	281	192.168.100.19 (Intel(R) Centrino(R) Advanced-N 6235)
Active	224.0.0.0	240.0.0.0	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	281	[ TRIAL VERSION ]
Active	255.255.255.255	255.255.255.255	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	255.255.255.255	255.255.255.255	192.168.100.19	281	192.168.100.19 (Intel(R) Centrino(R) Advanced-N 6235)

IE Cookie


		Last Access	URL
		2016-02-28 00:10:17	home@org.downloadcenter.samsung.com/
		2016-02-28 14:33:17	home@microsoft.com/
		2016-02-28 14:33:22	home@ieonline.microsoft.com/

Browser History


		Last Access	URL
		2016-02-27 18:48:00	home@file:///C:/Users/home/Downloads/SW_DVD5_Office_Professional_Plus_2013_W32_English_MLF_X18-55138.ISO
		2016-02-27 18:53:09	home@file:///C:/Users/home/Downloads/[PBM]%20KMSnano.24.Automatic/ReadMe%20KMSnano.txt
		2016-02-27 19:57:32	[ TRIAL VERSION ]
		2016-02-27 19:57:37	home@res://wdc.dll/home.htm?FILE:///C:/Users/home/AppData/Local/resmon.resmoncfg
		2016-02-28 00:10:07	home@file:///C:/Users/Public/Videos/SamsungStory01.wmv
		2016-02-28 00:18:57	[ TRIAL VERSION ]
		2016-02-28 00:19:28	home@http://www.passmark.com/products/pt.htm
		2016-02-28 14:32:17	home@http://www.msn.com/?cobrand=samsung13.msn.com&ocid=SMSDHP&pc=MASMJS
		2016-02-28 14:32:18	[ TRIAL VERSION ]
		2016-02-28 14:34:04	home@file:///C:/Users/home/Documents/aida64extreme560.zip
		2016-02-28 14:37:19	home@file:///C:/Users/home/AppData/Local/Temp/rpt-1.htm
		2016-02-28 14:39:35	[ TRIAL VERSION ]
		2016-02-28 14:40:35	home@http://www.microsoft.com/en-us/windows/windows-10-upgrade?pm=MSN
		2016-02-28 14:40:35	home@http://www.msn.com/vi-vn/?cobrand=samsung13.msn.com&ocid=SMSDHP&pc=MASMJS
		2016-02-28 14:40:35	[ TRIAL VERSION ]
		2016-02-28 14:40:35	home@https://www.google.com/?gws_rd=ssl

DirectX Files


Name	Version	Type	Language	Size	Date
amstream.dll	6.06.9200.16384	Final Retail	English	64512	7/26/2012 10:17:50 AM
bdaplgin.ax	6.02.9200.16384	Final Retail	English	74752	7/26/2012 10:17:41 AM
d2d1.dll	6.02.9200.16420	Final Retail	English	3296256	9/20/2012 12:53:40 PM
d3d10.dll	6.02.9200.16384	Final Retail	English	1081344	7/26/2012 10:18:12 AM
d3d10_1.dll	6.02.9200.16384	Final Retail	English	145920	7/26/2012 10:18:12 AM
d3d10_1core.dll	6.02.9200.16384	Final Retail	English	238080	7/26/2012 10:18:12 AM
d3d10core.dll	6.02.9200.16384	Final Retail	English	208896	7/26/2012 10:18:12 AM
d3d10level9.dll	6.02.9200.16384	Final Retail	English	555520	7/26/2012 10:18:12 AM
d3d10warp.dll	6.02.9200.16420	Final Retail	English	2033664	9/20/2012 12:53:42 PM
d3d11.dll	6.02.9200.16420	Final Retail	English	1701376	9/20/2012 12:53:42 PM
d3d8.dll	6.02.9200.16384	Final Retail	English	1012736	7/26/2012 10:18:12 AM
d3d8thk.dll	6.02.9200.16384	Final Retail	English	11776	7/26/2012 10:18:12 AM
d3d9.dll	6.02.9200.16384	Final Retail	English	1762304	7/26/2012 10:18:13 AM
d3dim.dll	6.02.9200.16384	Final Retail	English	390656	7/26/2012 10:18:13 AM
d3dim700.dll	6.02.9200.16384	Final Retail	English	858112	7/26/2012 10:18:13 AM
d3dramp.dll	6.02.9200.16384	Final Retail	English	594944	7/26/2012 10:18:13 AM
d3dxof.dll	6.02.9200.16384	Final Retail	English	54272	7/26/2012 10:18:13 AM
ddraw.dll	6.02.9200.16384	Final Retail	English	474624	7/26/2012 10:18:17 AM
ddrawex.dll	6.02.9200.16384	Final Retail	English	31232	7/26/2012 10:18:18 AM
devenum.dll	6.06.9200.16384	Final Retail	English	64512	7/26/2012 10:18:18 AM
dinput.dll	6.02.9200.16384	Final Retail	English	135168	7/26/2012 10:18:19 AM
dinput8.dll	6.02.9200.16384	Final Retail	English	144896	7/26/2012 10:18:19 AM
dmband.dll	6.02.9200.16384	Final Retail	English	30208	7/26/2012 10:18:20 AM
dmcompos.dll	6.02.9200.16384	Final Retail	English	65024	7/26/2012 10:18:20 AM
dmime.dll	6.02.9200.16384	Final Retail	English	180736	7/26/2012 10:18:20 AM
dmloader.dll	6.02.9200.16384	Final Retail	English	36352	7/26/2012 10:18:20 AM
dmscript.dll	6.02.9200.16384	Final Retail	English	87040	7/26/2012 10:18:20 AM
dmstyle.dll	6.02.9200.16384	Final Retail	English	107520	7/26/2012 10:18:20 AM
dmsynth.dll	6.02.9200.16384	Final Retail	English	107008	7/26/2012 10:18:20 AM
dmusic.dll	6.02.9200.16384	Final Retail	English	95744	7/26/2012 10:18:20 AM
dplaysvr.exe	6.02.9200.16384	Final Retail	English	30208	7/26/2012 10:20:45 AM
dplayx.dll	6.02.9200.16384	Final Retail	English	211968	7/26/2012 10:18:21 AM
dpmodemx.dll	6.02.9200.16384	Final Retail	English	23552	7/26/2012 10:18:21 AM
dpnaddr.dll	6.02.9200.16450	Final Retail	English	2560	11/3/2012 12:00:53 PM
dpnathlp.dll	6.02.9200.16450	Final Retail	English	58880	11/3/2012 12:24:36 PM
dpnet.dll	6.02.9200.16450	Final Retail	English	375808	11/3/2012 12:24:34 PM
dpnhpast.dll	6.02.9200.16450	Final Retail	English	8192	11/3/2012 12:24:34 PM
dpnhupnp.dll	6.02.9200.16450	Final Retail	English	8192	11/3/2012 12:24:34 PM
dpnlobby.dll	6.02.9200.16450	Final Retail	English	3072	11/3/2012 12:00:54 PM
dpnsvr.exe	6.02.9200.16450	Final Retail	English	32256	11/3/2012 12:26:12 PM
dpwsockx.dll	6.02.9200.16384	Final Retail	English	44544	7/26/2012 10:18:21 AM
dsdmo.dll	6.02.9200.16384	Final Retail	English	172032	7/26/2012 10:18:22 AM
dsound.dll	6.02.9200.16384	Final Retail	English	523776	7/26/2012 10:18:22 AM
dswave.dll	6.02.9200.16384	Final Retail	English	21504	7/26/2012 10:18:22 AM
dwrite.dll	6.02.9200.16433	Final Retail	English	1420800	10/11/2012 12:06:06 PM
dxdiagn.dll	6.02.9200.16384	Final Retail	English	247296	7/26/2012 10:18:23 AM
dxgi.dll	6.02.9200.16420	Final Retail	English	366080	9/20/2012 12:53:48 PM
dxmasf.dll	12.00.9200.16420	Final Retail	English	4608	9/20/2012 12:54:47 PM
dxtmsft.dll	10.00.9200.16384	Final Retail	English	358400	7/26/2012 10:18:24 AM
dxtrans.dll	10.00.9200.16384	Final Retail	English	226816	7/26/2012 10:18:26 AM
dxva2.dll	6.02.9200.16384	Final Retail	English	92160	7/26/2012 10:18:26 AM
encapi.dll	6.02.9200.16384	Final Retail	English	19968	7/26/2012 10:18:25 AM
gcdef.dll	6.02.9200.16384	Final Retail	English	121344	7/26/2012 10:18:32 AM
iac25_32.ax	2.00.0005.0053	Final Retail	English	197632	7/26/2012 10:17:41 AM
ir41_32.ax	6.02.9200.16384	Final Retail	English	8704	7/26/2012 10:18:44 AM
ir41_qc.dll	6.02.9200.16384	Final Retail	English	8192	7/26/2012 10:18:44 AM
ir41_qcx.dll	6.02.9200.16384	Final Retail	English	8192	7/26/2012 10:18:45 AM
ir50_32.dll	6.02.9200.16384	Final Retail	English	8704	7/26/2012 10:18:45 AM
ir50_qc.dll	6.02.9200.16384	Final Retail	English	8192	7/26/2012 10:18:45 AM
ir50_qcx.dll	6.02.9200.16384	Final Retail	English	8192	7/26/2012 10:18:45 AM
ivfsrc.ax	5.10.0002.0051	Final Retail	English	146944	7/26/2012 10:17:41 AM
joy.cpl	6.02.9200.16384	Final Retail	English	137728	7/26/2012 10:17:42 AM
ksproxy.ax	6.02.9200.16384	Final Retail	English	190464	7/26/2012 10:17:41 AM
kstvtune.ax	6.02.9200.16384	Final Retail	English	84992	7/26/2012 10:17:41 AM
ksuser.dll	6.02.9200.16384	Final Retail	English	14336	7/26/2012 10:34:26 AM
kswdmcap.ax	6.02.9200.16384	Final Retail	English	106496	7/26/2012 10:17:41 AM
ksxbar.ax	6.02.9200.16384	Final Retail	English	49664	7/26/2012 10:17:41 AM
mciqtz32.dll	6.06.9200.16384	Final Retail	English	35840	7/26/2012 10:18:55 AM
mfc40.dll	4.01.0000.6140	Final Retail	English	924944	7/26/2012 10:18:56 AM
mfc42.dll	6.06.8063.0000	Beta Retail	English	1119232	7/26/2012 10:18:57 AM
mpeg2data.ax	6.06.9200.16384	Final Retail	English	74240	7/26/2012 10:17:41 AM
mpg2splt.ax	6.06.9200.16384	Final Retail	English	197632	7/26/2012 10:17:41 AM
msdmo.dll	6.06.9200.16384	Final Retail	English	30208	7/26/2012 10:19:09 AM
msdvbnp.ax	6.06.9200.16384	Final Retail	English	60416	7/26/2012 10:17:41 AM
msvidctl.dll	6.05.9200.16384	Final Retail	English	2293248	7/26/2012 10:19:18 AM
msyuv.dll	6.02.9200.16384	Final Retail	English	22528	7/26/2012 10:19:20 AM
pid.dll	6.02.9200.16384	Final Retail	English	37376	7/26/2012 10:19:41 AM
psisdecd.dll	6.06.9200.16384	Final Retail	English	462848	7/26/2012 10:19:46 AM
psisrndr.ax	6.06.9200.16384	Final Retail	English	77824	7/26/2012 10:17:41 AM
qasf.dll	12.00.9200.16384	Final Retail	English	189440	7/26/2012 10:19:46 AM
qcap.dll	6.06.9200.16384	Final Retail	English	178688	7/26/2012 10:19:46 AM
qdv.dll	6.06.9200.16384	Final Retail	English	273920	7/26/2012 10:19:46 AM
qdvd.dll	6.06.9200.16384	Final Retail	English	468992	7/26/2012 10:19:46 AM
qedit.dll	6.06.9200.16384	Final Retail	English	496640	7/26/2012 10:19:47 AM
qedwipes.dll	6.06.9200.16384	Final Retail	English	733184	7/26/2012 9:45:50 AM
quartz.dll	6.06.9200.16384	Final Retail	English	1376768	7/26/2012 10:19:47 AM
vbisurf.ax	6.02.9200.16384	Final Retail	English	35328	7/26/2012 10:17:41 AM
vfwwdm32.dll	6.02.9200.16384	Final Retail	English	54272	7/26/2012 10:20:12 AM
wsock32.dll	6.02.9200.16384	Final Retail	English	15872	7/26/2012 10:20:39 AM

Auto Start


Application Description	Start From	Application Command
Adobe ARM	Registry\Common\Run	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
AdobeAAMUpdater-1.0	Registry\Common\Run	C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Bitcasa	Registry\Common\Run	C:\Program Files\Bitcasa\Bitcasa.exe /startup
BTMTrayAgent	Registry\Common\Run	rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
ETDCtrl	Registry\Common\Run	%ProgramFiles%\Elantech\ETDCtrl.exe
HotKeysCmds	Registry\Common\Run	C:\windows\system32\hkcmd.exe
IgfxTray	Registry\Common\Run	C:\windows\system32\igfxtray.exe
KiesTrayAgent	Registry\Common\Run	C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
Persistence	Registry\Common\Run	C:\windows\system32\igfxpers.exe
RemoteControl10	Registry\Common\Run	C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
RtHDVBg	Registry\Common\Run	C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /S3HpProtect
RtHDVCpl	Registry\Common\Run	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

Scheduled


[ advRecovery ]

	Task Properties:
		Task Name	advRecovery
		Status	Enabled
		Application Name	"C:\Program Files\Samsung\Recovery\WCScheduler.exe"
		Application Parameters
		Working Folder
		Comment	Recovery Scheduler
		Account Name
		Creator	SEC
		Last Run	2/28/2016 12:10:29 AM
		Next Run	Unknown

	Task Triggers:
		At log on	At log on of any user

[ ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d ]

	Task Properties:
		Task Name	ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d
		Status	Enabled
		Application Name	"C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe"
		Application Parameters	--domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
		Working Folder
		Comment	Intel(R) Manageability Engine Firmware Recovery Agent helps you keep your system up-to-date. Keep this task running to be notified automatically when new updates become available.
		Account Name	SYSTEM
		Creator	SYSTEM
		Last Run	Unknown
		Next Run	2/28/2016 3:55:26 PM

	Task Triggers:
		Daily	At 3:55:26 PM every day

[ ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon ]

	Task Properties:
		Task Name	ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon
		Status	Enabled
		Application Name	"C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe"
		Application Parameters	--domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
		Working Folder
		Comment	Intel(R) Manageability Engine Firmware Recovery Agent helps you keep your system up-to-date. Keep this task running to be notified automatically when new updates become available.
		Account Name	SYSTEM
		Creator	SYSTEM
		Last Run	2/28/2016 2:21:40 PM
		Next Run	Unknown

	Task Triggers:
		At log on	At log on of any user

[ Optimize Start Menu Cache Files-S-1-5-21-4148812140-3900968213-992977265-1001 ]

	Task Properties:
		Task Name	Optimize Start Menu Cache Files-S-1-5-21-4148812140-3900968213-992977265-1001
		Status	Disabled
		Application Name
		Application Parameters
		Working Folder
		Comment	This idle task reorganizes the cache files used to display the start menu. It is enabled only when the cache files are not optimally organized.
		Account Name	home
		Creator	Microsoft Corporation
		Last Run	2/27/2016 8:03:33 PM
		Next Run	Unknown

	Task Triggers:
		On idle	When computer is idle

[ Optimize Start Menu Cache Files-S-1-5-21-4148812140-3900968213-992977265-500 ]

	Task Properties:
		Task Name	Optimize Start Menu Cache Files-S-1-5-21-4148812140-3900968213-992977265-500
		Status	Enabled
		Application Name
		Application Parameters
		Working Folder
		Comment	This idle task reorganizes the cache files used to display the start menu. It is enabled only when the cache files are not optimally organized.
		Account Name	Administrator
		Creator	Microsoft Corporation
		Last Run	Unknown
		Next Run	Unknown

	Task Triggers:
		On idle	When computer is idle

[ SUPatchForW10Up ]

	Task Properties:
		Task Name	SUPatchForW10Up
		Status	Enabled
		Application Name	"%programdata%\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe"
		Application Parameters
		Working Folder
		Comment
		Account Name
		Creator	Administrator
		Last Run	Unknown
		Next Run	Unknown

	Task Triggers:
		At log on	At log on of any user

Installed Programs


Program	Version	Inst. Size	GUID	Publisher	Inst. Date
Adobe [ TRIAL VERSION ]	11.0	Unknown	Adobe P [ TRIAL VERSION ]	Adobe Systems Incorporated
Adobe [ TRIAL VERSION ]	11.0.03	Unknown	{AC76BA [ TRIAL VERSION ]	Adobe Systems Incorporated	2013-07-30
Bitcas [ TRIAL VERSION ]	0.9.20.4135	Unknown	{EDA094 [ TRIAL VERSION ]	Bitcasa Inc.	2013-07-30
CyberL [ TRIAL VERSION ]	10.0.4421.02	Unknown	Install [ TRIAL VERSION ]	CyberLink Corp.	2013-07-30
D3DX10	15.4.2368.0902	Unknown	{E09C4DB7-630C-4F06-A631-8EA7239923AF}	Microsoft	2013-07-30
Easy File Share	1.3.6	Unknown	{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}	Samsung Electronics CO.,LTD.	2013-07-30
Elements 11 Organizer	11.0	Unknown	{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}	Adobe Systems Incorporated	2013-07-30
E-POP	1.0.1	Unknown	{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}	Samsung Electronics CO., LTD.	2013-07-30
ETDWare X64 11.7.5.5_WHQL	11.7.5.5	Unknown	Elantech	ELAN Microelectronic Corp.
Galería de fotos [spanish (spain, international sort)]	16.4.3505.0912	Unknown	{8F7FECEC-088F-431D-A5FB-2B59E1E69943}	Microsoft Corporation	2013-07-30
Galerie de photos [french]	16.4.3505.0912	Unknown	{446CC8CE-0E90-44F7-ADD0-774B243EF090}	Microsoft Corporation	2013-07-30
Help Desk	1.0.9	Unknown	{22B32087-797D-4A1B-AFA7-072C87580ADC}	Samsung Electronics CO., LTD.	2013-07-30
Intel(R) Manageability Engine Firmware Recovery Agent	1.0.0.36843	Unknown	{A6C48A9F-694A-4234-B3AA-62590B668927}	Intel Corporation	2013-07-30
Intel(R) Management Engine Components	8.1.30.1349	Unknown	{65153EA5-8B6E-43B6-857B-C6E4FC25798A}	Intel Corporation
Intel(R) PRO/Wireless Driver	16.01.5000.0577	Unknown	{1334eac7-d6ef-4177-8780-05c963853cd3}	Intel Corporation	2016-02-28
Intel(R) Processor Graphics	9.17.10.2963	Unknown	{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}	Intel Corporation
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology	2.6.1212.0302	Unknown	{DA2600C1-6BDF-4FD1-1212-148929CC1385}	Intel Corporation	2013-07-30
Intel(R) Rapid Storage Technology	11.7.0.1013	Unknown	{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}	Intel Corporation
Intel(R) SDK for OpenCL - CPU Only Runtime Package	2.0.0.37149	Unknown	{FCB3772C-B7D0-4933-B1A9-3707EBACC573}	Intel Corporation
Intel(R) WiDi	3.5.40.0	Unknown	{6097158B-0184-4140-BEC3-7885794D2571}	Intel Corporation	2013-07-30
Intel® PROSet/Wireless Software	16.1.5	Unknown	{c9967fbd-e3c3-4ed0-992a-5b33260f2944}	Intel Corporation
Intel® PROSet/Wireless WiFi Software	16.01.5000.0269	Unknown	{D61F48DA-627B-404E-9315-32A651B18B64}	Intel Corporation	2016-02-28
Intel® Trusted Connect Service Client	1.27.757.1	Unknown	{FA00A3CC-7440-4938-A271-F186F50DD40D}	Intel Corporation	2013-07-30
KMSnano 24	KMSnano 24	Unknown	KMSnano 24_is1		2016-02-27
Microsoft Access MUI (English) 2013	15.0.4420.1017	Unknown	{90150000-0015-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Access Setup Metadata MUI (English) 2013	15.0.4420.1017	Unknown	{90150000-0117-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Application Error Reporting	12.0.6015.5000	Unknown	{95120000-00B9-0409-1000-0000000FF1CE}	Microsoft Corporation	2013-07-30
Microsoft DCF MUI (English) 2013	15.0.4420.1017	Unknown	{90150000-0090-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Excel MUI (English) 2013	15.0.4420.1017	Unknown	{90150000-0016-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Groove MUI (English) 2013	15.0.4420.1017	Unknown	{90150000-00BA-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft InfoPath MUI (English) 2013	15.0.4420.1017	Unknown	{90150000-0044-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Lync MUI (English) 2013	15.0.4420.1017	Unknown	{90150000-012B-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Office 64-bit Components 2013	15.0.4420.1017 - Office 2013 RTM	Unknown	{90150000-002A-0000-1000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Office OSM MUI (English) 2013	15.0.4420.1017 - Office 2013 RTM	Unknown	{90150000-00E1-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Office OSM UX MUI (English) 2013	15.0.4420.1017 - Office 2013 RTM	Unknown	{90150000-00E2-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Office Professional Plus 2013	15.0.4420.1017 - Office 2013 RTM	Unknown	{90150000-0011-0000-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Office Proofing (English) 2013	15.0.4420.1017 - Office 2013 RTM	Unknown	{90150000-002C-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Office Proofing Tools 2013 - English	15.0.4420.1017 - Office 2013 RTM	Unknown	{90150000-001F-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Office Proofing Tools 2013 - Español [spanish (spain, international sort)]	15.0.4420.1017 - Office 2013 RTM	Unknown	{90150000-001F-0C0A-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Office Shared 64-bit MUI (English) 2013	15.0.4420.1017 - Office 2013 RTM	Unknown	{90150000-002A-0409-1000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013	15.0.4420.1017 - Office 2013 RTM	Unknown	{90150000-0116-0409-1000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Office Shared MUI (English) 2013	15.0.4420.1017 - Office 2013 RTM	Unknown	{90150000-006E-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Office Shared Setup Metadata MUI (English) 2013	15.0.4420.1017 - Office 2013 RTM	Unknown	{90150000-0115-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft OneNote MUI (English) 2013	15.0.4420.1017	Unknown	{90150000-00A1-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Outlook MUI (English) 2013	15.0.4420.1017	Unknown	{90150000-001A-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft PowerPoint MUI (English) 2013	15.0.4420.1017	Unknown	{90150000-0018-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft Publisher MUI (English) 2013	15.0.4420.1017	Unknown	{90150000-0019-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Microsoft SQL Server 2005 Compact Edition [ENU]	3.1.0000	Unknown	{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}	Microsoft Corporation	2013-07-30
Microsoft Visual C++ 2005 Redistributable	8.0.59193	Unknown	{837b34e3-7c30-493c-8f6a-2b0f04e2912c}	Microsoft Corporation	2013-07-30
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	9.0.30729	Unknown	{9A25302D-30C0-39D9-BD6F-21E6EC160475}	Microsoft Corporation	2013-07-30
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219	10.0.40219	Unknown	{1D8E6291-B0D5-35EC-8441-6616F567A0F7}	Microsoft Corporation	2013-07-30
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219	10.0.40219	Unknown	{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}	Microsoft Corporation	2013-07-30
Microsoft Word MUI (English) 2013	15.0.4420.1017	Unknown	{90150000-001B-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
Movie Maker [english]	16.4.3505.0912	Unknown	{5BABDA39-61CF-41EE-992D-4054B6649A9B}	Microsoft Corporation	2013-07-30
Movie Maker [french]	16.4.3505.0912	Unknown	{A17946CA-18E5-4CF0-8D55-A56D804718F8}	Microsoft Corporation	2013-07-30
Movie Maker [spanish (spain, international sort)]	16.4.3505.0912	Unknown	{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}	Microsoft Corporation	2013-07-30
Movie Maker	16.4.3505.0912	Unknown	{ED6C77F9-4D7E-447C-9EC0-9A212D075535}	Microsoft Corporation	2013-07-30
MSVCRT	15.4.2862.0708	Unknown	{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}	Microsoft	2013-07-30
MSVCRT110_amd64	16.4.1109.0912	Unknown	{E9FA781F-3E80-4399-825A-AD3E11C28C77}	Microsoft	2013-07-30
MSVCRT110	16.4.1108.0727	Unknown	{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}	Microsoft	2013-07-30
Norton Internet Security	20.4.0.40	Unknown	NIS	Symantec Corporation	2016-02-26
Outils de vérification linguistique 2013 de Microsoft Office - Français [french (france)]	15.0.4420.1017	Unknown	{90150000-001F-040C-0000-0000000FF1CE}	Microsoft Corporation	2016-02-27
PerformanceTest v8.0	8.0.1053.0	Unknown	PerformanceTest 8_is1	Passmark Software	2016-02-28
Phone Screen Sharing	2.0.0.12	Unknown	{DF02C515-40B5-45AC-A601-5DC69D03885C}	RSUPPORT	2013-07-30
Photo Common [english]	16.4.3505.0912	Unknown	{D888F114-7537-4D48-AF03-5DA9C82D7540}	Microsoft Corporation	2013-07-30
Photo Common [french]	16.4.3505.0912	Unknown	{F54030F3-14B6-432D-9361-78DCB1473920}	Microsoft Corporation	2013-07-30
Photo Common [spanish (spain, international sort)]	16.4.3505.0912	Unknown	{061FF8F3-5226-4278-8AAB-282C1B024F58}	Microsoft Corporation	2013-07-30
Photo Gallery [english]	16.4.3505.0912	Unknown	{FC6C7107-7D72-41A1-A031-3CE751159BAB}	Microsoft Corporation	2013-07-30
Photo Gallery	16.4.3505.0912	Unknown	{30F99474-EBE3-4134-A02B-F6CD38CFE243}	Microsoft Corporation	2013-07-30
Plants vs. Zombies		Unknown	Plants vs. Zombies	PopCap Games
PSE11 STI Installer	11.0	Unknown	{98CE8819-87AA-4814-8167-ADDDD513485F}	Adobe Systems Incorporated
Realtek Ethernet Controller Driver [english]	8.4.907.2012	Unknown	{8833FFB6-5B0C-4764-81AA-06DFEED9A476}	Realtek	2013-07-30
Realtek High Definition Audio Driver [english]	6.0.1.6818	Unknown	{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}	Realtek Semiconductor Corp.	2013-07-30
Recovery [english]	6.0.9.10	Unknown	{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}	Samsung Electronics CO., LTD.	2013-07-30
S Agent	1.1.42	Unknown	{752370F1-1EDF-4990-8ED8-6E5D513C3611}	Samsung Electronics CO., LTD.	2013-07-30
Samsung Kies	2.5.2.13021_11	Unknown	InstallShield_{758C8301-2696-4855-AF45-534B1200980A}	Samsung Electronics Co., Ltd.	2013-07-30
Samsung Survey	2.0.1	Unknown	{F1F6B58E-CF23-475C-AA96-EC658E9E50F3}	Samsung Electronics Co., Ltd.	2016-02-27
SAMSUNG USB Driver for Mobile Phones	1.5.25.0	Unknown	{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}	SAMSUNG Electronics Co., Ltd.
Settings	2.0.1	Unknown	{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}	Samsung Electronics CO., LTD.	2013-07-30
SideSync	2.0.0	Unknown	{59687468-8CE9-4ABF-9C6A-5C31F0E09F8B}	Samsung Electronics CO., LTD.	2013-07-30
Support Center FAQ	1.0.11	Unknown	{E653AB36-18D7-4FB3-BDAF-024283971050}	Samsung Electronics CO., LTD.	2013-07-30
Support Center	2.1.1106	Unknown	{5C20C1A9-75F9-4B6B-AAC3-9065C2AFB918}	Samsung Electronics CO., LTD.	2013-07-30
SW Update	2.1.17	Unknown	{44C11432-BA0D-4A02-B092-78AA7A6056A0}	Samsung Electronics CO., LTD.	2013-07-30
User G [ TRIAL VERSION ]	1.4.00	Unknown	{741976 [ TRIAL VERSION ]	Samsung Electronics CO., LTD.	2013-07-30
Window [ TRIAL VERSION ]	16.4.3505.0912	Unknown	{8D813A [ TRIAL VERSION ]	Microsoft Corporation	2013-07-30
Window [ TRIAL VERSION ]	16.4.3505.0912	Unknown	{0454BB [ TRIAL VERSION ]	Microsoft Corporation	2013-07-30
Window [ TRIAL VERSION ]	16.4.3505.0912	Unknown	{C034A6 [ TRIAL VERSION ]	Microsoft Corporation	2013-07-30
Window [ TRIAL VERSION ]	16.4.3505.0912	Unknown	{1FEE19 [ TRIAL VERSION ]	Microsoft Corporation	2013-07-30
Window [ TRIAL VERSION ]	16.4.3505.0912	Unknown	{C424CD [ TRIAL VERSION ]	Microsoft Corporation	2013-07-30
Window [ TRIAL VERSION ]	16.4.3505.0912	Unknown	{C9B6EF [ TRIAL VERSION ]	Microsoft Corporation	2013-07-30
Window [ TRIAL VERSION ]	16.4.3505.0912	Unknown	{6A8DB2 [ TRIAL VERSION ]	Microsoft Corporation	2013-07-30
Window [ TRIAL VERSION ]	16.4.3505.0912	Unknown	{8A642A [ TRIAL VERSION ]	Microsoft Corporation	2013-07-30
Window [ TRIAL VERSION ]	16.4.3505.0912	Unknown	{FE7C0B [ TRIAL VERSION ]	Microsoft Corporation	2013-07-30
Window [ TRIAL VERSION ]	16.4.3505.0912	Unknown	{182728 [ TRIAL VERSION ]	Microsoft Corporation	2013-07-30
Window [ TRIAL VERSION ]	16.4.3505.0912	Unknown	{90993B [ TRIAL VERSION ]	Microsoft Corporation	2013-07-30
Window [ TRIAL VERSION ]	16.4.3505.0912	Unknown	{3C63F9 [ TRIAL VERSION ]	Microsoft Corporation	2013-07-30
Window [ TRIAL VERSION ]	16.4.3505.0912	Unknown	{4CCBD1 [ TRIAL VERSION ]	Microsoft Corporation	2013-07-30

Licenses


		Software	Product Key
		Microsoft Internet Explorer 10.0.9200.16599	DJHRX- [ TRIAL VERSION ]
		Microsoft Office Professional Plus 2013	YC7DK- [ TRIAL VERSION ]
		Microsoft Windows 8	DJHRX- [ TRIAL VERSION ]

File Types


Extension	File Type Description	Content Type
264	264 File
26L	26L File
386	Virtual Device Driver
3G2	3G2 File	video/3gpp2
3GP	3GP File	video/3gpp
3GP2	3GPP2 Audio/Video	video/3gpp2
3GPP	3GPP File	video/3gpp
8BC	8BC File
8BE	8BE File
8BF	8BF File
8BI	8BI File
8BP	8BP File
8BS	8BS File
8BX	8BX File
8BY	8BY File
8LI	8LI File
AAC	ADTS Audio	audio/vnd.dlna.adts
ABR	ABR File
AC3	AC3 File	audio/vnd.dolby.dd-raw
ACCDA	Microsoft Access Add-in	application/msaccess.addin
ACCDB	Microsoft Access Database	application/msaccess
ACCDC	Microsoft Access Signed Package	application/msaccess.cab
ACCDE	Microsoft Access ACCDE Database	application/msaccess.exec
ACCDR	Microsoft Access Runtime Application	application/msaccess.runtime
ACCDT	Microsoft Access Template	application/msaccess.template
ACCDU	Microsoft Access Add-in Data
ACCDW	Microsoft Access Web Application	application/msaccess.webapplication
ACCFT	Microsoft Access Template	application/msaccess.ftemplate
ACCOUNTPICTURE-MS	Account Picture File	application/windows-accountpicture
ACL	AutoCorrect List File
ACO	ACO File
ACROBATSECURITYSETTINGS	Adobe Acrobat Security Settings Document	application/vnd.adobe.acrobat-security-settings
ADE	Microsoft Access Project Extension	application/msaccess
ADN	Microsoft Access Blank Project Template
ADP	Microsoft Access Project	application/msaccess
ADT	ADTS Audio	audio/vnd.dlna.adts
ADTS	ADTS Audio	audio/vnd.dlna.adts
AIF	AIFF Format Sound	audio/aiff
AIFC	AIFF Format Sound	audio/aiff
AIFF	AIFF Format Sound	audio/aiff
AMP	AMP File
AMS	AMS File
ANI	Animated Cursor
API	API File
APL	APL File
APPLICATION	Application Manifest	application/x-ms-application
APPREF-MS	Application Reference
ASA	ASA File
ASF	Windows Media Audio/Video file	video/x-ms-asf
ASL	ASL File
ASP	ASP File
AST	AST File
ASV	ASV File
ASX	Windows Media Audio/Video playlist	video/x-ms-asf
ATF	ATF File
AU	AU Format Sound	audio/basic
AVA	AVA File
AVC	AVC File
AVI	Video Clip	video/avi
AW	Answer Wizard File
AXT	AXT File
BAT	Windows Batch File
BLG	Performance Monitor File
BMP	Bitmap Image	image/bmp
BSF	BSF File
CAB	Cabinet File
CAMP	WCS Viewing Condition Profile
CAT	Security Catalog	application/vnd.ms-pki.seccat
CDA	CD Audio Track
CDMP	WCS Device Profile
CDX	CDX File
CDXML	CDXML File
CER	Security Certificate	application/x-x509-ca-cert
CHA	CHA File
CHK	Recovered File Fragments
CHM	Compiled HTML Help file
CMD	Windows Command Script
COM	MS-DOS Application
COMPOSITEFONT	Composite Font File
CONTACT	Contact File	text/x-ms-contact
CPL	Control Panel Item
CRL	Certificate Revocation List	application/pkix-crl
CRT	Security Certificate	application/x-x509-ca-cert
CRTX	Microsoft Office Chart Template
CSF	CSF File
CSH	CSH File
CSS	Cascading Style Sheet Document	text/css
CSV	Microsoft Excel Comma Separated Values File	application/vnd.ms-excel
CUR	Cursor
DB	Data Base File
DCTX	Open Extended Dictionary
DCTXC	Open Extended Dictionary
DER	Security Certificate	application/x-x509-ca-cert
DESKLINK	Desktop Shortcut
DESKTHEMEPACK	Windows Desktop Theme Pack
DET	Office Data File
DIAGCAB	Diagnostic Cabinet
DIAGCFG	Diagnostic Configuration
DIAGPKG	Diagnostic Document
DIB	Bitmap Image	image/bmp
DIC	Text Document
DLL	Application Extension	application/x-msdownload
DOC	Microsoft Word 97 - 2003 Document	application/msword
DOCHTML	Microsoft Word HTML Document
DOCM	Microsoft Word Macro-Enabled Document	application/vnd.ms-word.document.macroEnabled.12
DOCMHTML	DOCMHTML File
DOCX	Microsoft Word Document	application/vnd.openxmlformats-officedocument.wordprocessingml.document
DOCXML	Microsoft Word XML Document
DOT	Microsoft Word 97 - 2003 Template	application/msword
DOTHTML	Microsoft Word HTML Template
DOTM	Microsoft Word Macro-Enabled Template	application/vnd.ms-word.template.macroEnabled.12
DOTX	Microsoft Word Template	application/vnd.openxmlformats-officedocument.wordprocessingml.template
DQY	Microsoft Excel ODBC Query File
DRV	Device Driver
DSN	Microsoft OLE DB Provider for ODBC Drivers
DTS	DTS File
DWFX	XPS Document	model/vnd.dwfx+xps
EASMX	XPS Document	model/vnd.easmx+xps
EDRWX	XPS Document	model/vnd.edrwx+xps
ELM	Microsoft Office Themes File
EMF	EMF File	image/x-emf
EML	E-mail Message
EPRTX	XPS Document	model/vnd.eprtx+xps
EVT	EVT File
EVTX	EVTX File
EXC	Text Document
EXE	Application	application/x-msdownload
FDF	Adobe Acrobat Forms Document	application/vnd.fdf
FDM	Outlook Form Definition
FFO	FFO File
FLV	FLV File
FON	Font file
GCSX	Microsoft Office SmartArt Graphic Color Variation
GIF	GIF Image	image/gif
GLOX	Microsoft Office SmartArt Graphic Layout
GMMP	WCS Gamut Mapping Profile
GQSX	Microsoft Office SmartArt Graphic Quick Style
GRA	Microsoft Graph Chart
GRD	GRD File
GROUP	Contact Group File	text/x-ms-group
GRP	Microsoft Program Group
H264	H264 File
HLP	Help File
HOL	Outlook Holidays
HTA	HTML Application	application/hta
HTM	HTML Document	text/html
HTML	HTML Document	text/html
HXA	Microsoft Help Attribute Definition File	application/xml
HXC	Microsoft Help Collection Definition File	application/xml
HXD	Microsoft Help Validator File	application/octet-stream
HXE	Microsoft Help Samples Definition File	application/xml
HXF	Microsoft Help Include File	application/xml
HXH	Microsoft Help Merged Hierarchy File	application/octet-stream
HXI	Microsoft Help Compiled Index File	application/octet-stream
HXK	Microsoft Help Index File	application/xml
HXQ	Microsoft Help Merged Query Index File	application/octet-stream
HXR	Microsoft Help Merged Attribute Index File	application/octet-stream
HXS	Microsoft Help Compiled Storage File	application/octet-stream
HXT	Microsoft Help Table of Contents File	application/xml
HXV	Microsoft Help Virtual Topic Definition File	application/xml
HXW	Microsoft Help Attribute Definition File	application/octet-stream
ICC	ICC Profile
ICL	Icon Library
ICM	ICC Profile
ICO	Icon	image/x-icon
ICS	iCalendar File	text/calendar
IFO	IFO File
IMESX	IME Search provider definition
IMG	Disc Image File
INF	Setup Information
INI	Configuration Settings
IQY	Microsoft Excel Web Query File	text/x-ms-iqy
ISO	Disc Image File
JFIF	JPEG Image	image/jpeg
JNT	Journal Document
JOB	Task Scheduler Task Object
JOD	Microsoft.Jet.OLEDB.4.0
JPE	JPEG Image	image/jpeg
JPEG	JPEG Image	image/jpeg
JPG	JPEG Image	image/jpeg
JS	JavaScript File
JSE	JScript Encoded File
JSV	JSV File
JTP	Journal Template
JTX	XPS Document	application/x-jtx+xps
JVT	JVT File
JXR	Windows Media Photo	image/vnd.ms-photo
LABEL	Property List
LACCDB	Microsoft Access Record-Locking Information
LDB	Microsoft Access Record-Locking Information
LEX	Dictionary File
LIBRARY-MS	Library Folder	application/windows-library+xml
LNK	Shortcut
LOG	Text Document
M1V	M1V File	video/mpeg
M2P	M2P File
M2T	M2T File	video/vnd.dlna.mpeg-tts
M2TS	M2TS File
M2V	M2V File	video/mpeg
M3U	M3U file	audio/x-mpegurl
M4A	MPEG-4 Audio	audio/mp4
M4V	MP4 Video	video/mp4
MAD	Microsoft Access Module Shortcut
MAF	Microsoft Access Form Shortcut
MAG	Microsoft Access Diagram Shortcut
MAM	Microsoft Access Macro Shortcut
MAPIMAIL	Mail Service
MAQ	Microsoft Access Query Shortcut
MAR	Microsoft Access Report Shortcut
MAS	Microsoft Access Stored Procedure Shortcut
MAT	Microsoft Access Table Shortcut
MAU	MAU File
MAV	Microsoft Access View Shortcut
MAW	Microsoft Access Data Access Page Shortcut
MDA	Microsoft Access Add-in	application/msaccess
MDB	Microsoft Access Database	application/msaccess
MDBHTML	Microsoft Access HTML Document
MDE	Microsoft Access MDE Database	application/msaccess
MDN	Microsoft Access Blank Database Template
MDT	Microsoft Access Add-in Data
MDW	Microsoft Access Workgroup Information
MFP	Macromedia Flash Paper	application/x-shockwave-flash
MHT	MHTML Document	message/rfc822
MHTML	MHTML Document	message/rfc822
MID	MIDI Sequence	audio/mid
MIDI	MIDI Sequence	audio/mid
MIG	Migration Store
MKV	MKV File
MLC	Language Pack File_
MOD	Movie Clip	video/mpeg
MOV	QuickTime Movie	video/quicktime
MP2	MP2 File	audio/mpeg
MP2V	Movie Clip	video/mpeg
MP3	MP3 Format Sound	audio/mpeg
MP4	MP4 Video	video/mp4
MP4V	MP4 Video	video/mp4
MPA	Movie Clip	audio/mpeg
MPE	MPE File	video/mpeg
MPEG	MPEG File
MPG	MPG File
MPO	MPO File
MPV	MPV File
MPV2	Movie Clip	video/mpeg
MSC	Microsoft Common Console Document
MSG	Outlook Item
MSI	Windows Installer Package
MSP	Windows Installer Patch
MSRCINCIDENT	Windows Remote Assistance Invitation
MSSTYLES	Windows Visual Style File
MSU	Microsoft Update Standalone Package
MTS	MTS File
MVC	MVC File
MYDOCS	MyDocs Drop Target
NFO	MSInfo Configuration File
NK2	Outlook Nickname File
OCX	ActiveX control
ODC	Microsoft Office Data Connection	text/x-ms-odc
ODCCUBEFILE	ODCCUBEFILE File
ODCDATABASEFILE	ODCDATABASEFILE File
ODCNEWFILE	ODCNEWFILE File
ODCTABLECOLLECTIONFILE	ODCTABLECOLLECTIONFILE File
ODCTABLEFILE	ODCTABLEFILE File
ODP	OpenDocument Presentation	application/vnd.oasis.opendocument.presentation
ODS	OpenDocument Spreadsheet	application/vnd.oasis.opendocument.spreadsheet
ODT	OpenDocument Text	application/vnd.oasis.opendocument.text
OFS	Outlook Form Regions
OFT	Outlook Item Template
OPC	Microsoft Clean-up Wizard File
OQY	Microsoft Excel OLAP Query File
OSDX	OpenSearch Description File	application/opensearchdescription+xml
OST	Outlook Data File
OTF	OpenType Font file
OTM	Outlook VBA Project File
OXPS	XPS Document
P10	P10 File	application/pkcs10
P12	Personal Information Exchange	application/x-pkcs12
P50	P50 File
P7B	PKCS #7 Certificates	application/x-pkcs7-certificates
P7C	Digital ID File	application/pkcs7-mime
P7M	PKCS #7 MIME Message	application/pkcs7-mime
P7R	Certificate Request Response	application/x-pkcs7-certreqresp
P7S	PKCS #7 Signature	application/pkcs7-signature
PAB	Outlook Personal Address Book
PARTIAL	Partial Download
PAT	PAT File
PBK	Dial-Up Phonebook
PCB	PCB File
PCT	PCT File
PDD	Adobe Photoshop Elements Image
PDF	Adobe Acrobat Document	application/pdf
PDFXML	Adobe Acrobat PDFXML Document	application/vnd.adobe.pdfxml
PDX	Acrobat Catalog Index	application/vnd.adobe.pdx
PERFMONCFG	Performance Monitor Configuration
PFM	Type 1 Font file
PFX	Personal Information Exchange	application/x-pkcs12
PIC	PIC File
PIF	Shortcut to MS-DOS Program
PKO	Public Key Security Object	application/vnd.ms-pki.pko
PMG	PMG File
PNF	Precompiled Setup Information
PNG	PNG Image	image/png
POT	Microsoft PowerPoint 97-2003 Template	application/vnd.ms-powerpoint
POTHTML	Microsoft PowerPoint HTML Template
POTM	Microsoft PowerPoint Macro-Enabled Design Template	application/vnd.ms-powerpoint.template.macroEnabled.12
POTX	Microsoft PowerPoint Template	application/vnd.openxmlformats-officedocument.presentationml.template
POWERDVD	POWERDVD File
PPA	Microsoft PowerPoint 97-2003 Addin	application/vnd.ms-powerpoint
PPAM	Microsoft PowerPoint Addin	application/vnd.ms-powerpoint.addin.macroEnabled.12
PPS	Microsoft PowerPoint 97-2003 Slide Show	application/vnd.ms-powerpoint
PPSM	Microsoft PowerPoint Macro-Enabled Slide Show	application/vnd.ms-powerpoint.slideshow.macroEnabled.12
PPSX	Microsoft PowerPoint Slide Show	application/vnd.openxmlformats-officedocument.presentationml.slideshow
PPT	Microsoft PowerPoint 97-2003 Presentation	application/vnd.ms-powerpoint
PPTHTML	Microsoft PowerPoint HTML Document
PPTM	Microsoft PowerPoint Macro-Enabled Presentation	application/vnd.ms-powerpoint.presentation.macroEnabled.12
PPTMHTML	PPTMHTML File
PPTX	Microsoft PowerPoint Presentation	application/vnd.openxmlformats-officedocument.presentationml.presentation
PPTXML	Microsoft PowerPoint XML Presentation
PRF	PICS Rules File	application/pics-rules
PROFILE	PROFILE File
PS1	PS1 File
PS1XML	PS1XML File
PSC1	PSC1 File	application/PowerShell
PSD	PSD File
PSD1	PSD1 File
PSE	PSE File
PSE11DB	PSE11DB File
PSF	PSF File
PSM1	PSM1 File
PSP	PSP File
PSSC	PSSC File
PST	Outlook Data File
PT	PerformanceTest Baseline
PWZ	Microsoft PowerPoint Wizard	application/vnd.ms-powerpoint
QDS	Directory Query
RAT	Rating System File	application/rat-file
RDP	Remote Desktop Connection
REG	Registration Entries
RELS	XML Document
RESMONCFG	Resource Monitor Configuration
RLE	RLE File
RLL	Application Extension
RMI	MIDI Sequence	audio/mid
RMX	Movie Remix
RQY	Microsoft Excel OLE DB Query File	text/x-ms-rqy
RTF	Rich Text Format	application/msword
SCF	File Explorer Command
SCP	Text Document
SCR	Screen saver
SCT	Windows Script Component	text/scriptlet
SDF	SQL Server Compact Edition Database File
SEARCHCONNECTOR-MS	Search Connector Folder	application/windows-search-connector+xml
SEARCH-MS	Saved Search
SECSTORE	SECSTORE File
SENDTOBLUETOOTH	Send To Bluetooth
SFCACHE	ReadyBoost Cache File
SHC	SHC File
SLDM	Microsoft PowerPoint Macro-Enabled Slide	application/vnd.ms-powerpoint.slide.macroEnabled.12
SLDX	Microsoft PowerPoint Slide	application/vnd.openxmlformats-officedocument.presentationml.slide
SLK	Microsoft Excel SLK Data Import Format	application/vnd.ms-excel
SND	AU Format Sound	audio/basic
SPC	PKCS #7 Certificates	application/x-pkcs7-certificates
SPL	Shockwave Flash Object	application/futuresplash
SST	Microsoft Serialized Certificate Store	application/vnd.ms-pki.certstore
STL	Certificate Trust List	application/vnd.ms-pki.stl
SVG	SVG Document	image/svg+xml
SWF	Shockwave Flash Object	application/x-shockwave-flash
SYS	System file
THEME	Windows Theme File
THEMEPACK	Windows Theme Pack
THMX	Microsoft Office Theme	application/vnd.ms-officetheme
TIF	TIF File	image/tiff
TIFF	TIFF File	image/tiff
TOD	TOD File	video/mpeg
TS	MPEG-2 TS Video	video/vnd.dlna.mpeg-tts
TTC	TrueType Collection Font file
TTF	TrueType Font file
TTS	MPEG-2 TS Video	video/vnd.dlna.mpeg-tts
TXT	Text Document	text/plain
UDL	Microsoft Data Link
URL	URL File
UXDC	UXDC File
VBE	VBScript Encoded File
VBS	VBScript Script File
VC1	VC1 File
VCF	vCard File	text/x-vcard
VCS	vCalendar File
VDW	Microsoft Visio Document	application/vnd.ms-visio.viewer
VDX	Microsoft Visio Document	application/vnd.ms-visio.viewer
VHD	Disc Image File
VHDX	Disc Image File
VOB	VOB File
VRO	VRO File
VSD	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSDM	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSDX	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSS	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSSM	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSSX	Microsoft Visio Document	application/vnd.ms-visio.viewer
VST	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSTM	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSTX	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSX	Microsoft Visio Document	application/vnd.ms-visio.viewer
VTX	Microsoft Visio Document	application/vnd.ms-visio.viewer
VXD	Virtual Device Driver
WAB	Address Book File
WAV	Wave Sound	audio/wav
WAX	Windows Media Audio shortcut	audio/x-ms-wax
WBCAT	Windows Backup Catalog File
WBK	Microsoft Word Backup Document	application/msword
WCX	Workspace Configuration File
WDP	Windows Media Photo	image/vnd.ms-photo
WEBPNP	Web Point And Print File
WEBSITE	Pinned Site Shortcut	application/x-mswebsite
WIZ	Microsoft Word Wizard	application/msword
WIZHTML	Microsoft Access HTML Template
WLL	WLL File
WLPGINSTALL	WLPGINSTALL File	application/x-wlpg-detect
WLPGINSTALL3	WLPGINSTALL3 File	application/x-wlpg3-detect
WM	Windows Media Audio/Video file	video/x-ms-wm
WMA	Windows Media Audio file	audio/x-ms-wma
WMD	Windows Media Player Download Package	application/x-ms-wmd
WMDB	Windows Media Library
WMF	WMF File	image/x-wmf
WMS	Windows Media Player Skin File
WMV	Windows Media Audio/Video file	video/x-ms-wmv
WMX	Windows Media Audio/Video playlist	video/x-ms-wmx
WMZ	Windows Media Player Skin Package	application/x-ms-wmz
WPL	Windows Media playlist	application/vnd.ms-wpl
WSC	Windows Script Component	text/scriptlet
WSF	Windows Script File
WSH	Windows Script Host Settings File
WTX	Text Document
WVX	Windows Media Audio/Video playlist	video/x-ms-wvx
XAML	Windows Markup File	application/xaml+xml
XBAP	XAML Browser Application	application/x-ms-xbap
XDL	XDL File
XDP	Adobe Acrobat XML Data Package File	application/vnd.adobe.xdp+xml
XEVGENXML	XEVGENXML File
XFDF	Adobe Acrobat Forms Document	application/vnd.adobe.xfdf
XHT	XHTML Document	application/xhtml+xml
XHTML	XHTML Document	application/xhtml+xml
XLA	Microsoft Excel Add-In	application/vnd.ms-excel
XLAM	Microsoft Excel Add-In	application/vnd.ms-excel.addin.macroEnabled.12
XLD	Microsoft Excel 5.0 DialogSheet	application/vnd.ms-excel
XLK	Microsoft Excel Backup File	application/vnd.ms-excel
XLL	Microsoft Excel XLL Add-In	application/vnd.ms-excel
XLM	Microsoft Excel 4.0 Macro	application/vnd.ms-excel
XLS	Microsoft Excel 97-2003 Worksheet	application/vnd.ms-excel
XLSB	Microsoft Excel Binary Worksheet	application/vnd.ms-excel.sheet.binary.macroEnabled.12
XLSHTML	Microsoft Excel HTML Document
XLSM	Microsoft Excel Macro-Enabled Worksheet	application/vnd.ms-excel.sheet.macroEnabled.12
XLSMHTML	XLSMHTML File
XLSX	Microsoft Excel Worksheet	application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
XLT	Microsoft Excel Template	application/vnd.ms-excel
XLTHTML	Microsoft Excel HTML Template
XLTM	Microsoft Excel Macro-Enabled Template	application/vnd.ms-excel.template.macroEnabled.12
XLTX	Microsoft Excel Template	application/vnd.openxmlformats-officedocument.spreadsheetml.template
XLW	Microsoft Excel Workspace	application/vnd.ms-excel
XLXML	Microsoft Excel XML Worksheet
XML	XML Document	text/xml
XPS	XPS Document	application/vnd.ms-xpsdocument
XRM-MS	XrML Digital License	text/xml
XSL	XSL Stylesheet	text/xml
ZFSENDTOTARGET	Compressed (zipped) Folder SendTo Target
ZIP	Compressed (zipped) Folder	application/x-zip-compressed

Windows Security


Operating System Properties:
	OS Name	Microsoft Windows 8
	OS Service Pack	[ TRIAL VERSION ]
	Winlogon Shell	explorer.exe
	User Account Control (UAC)	Enabled
	UAC Remote Restrictions	Enabled
	System Restore	Enabled
	Windows Update Agent	7.8.9200.16465 (win8_gdr.121126-1503)

Data Execution Prevention (DEP, NX, EDB):
	Supported by Operating System	Yes
	Supported by CPU	Yes
	Active (To Protect Applications)	Yes
	Active (To Protect Drivers)	Yes

Windows Update


Update Description	Update Type	Inst. Date
(Automatic Update)	Download:Automatic, Install:Scheduled	Every Day 0:00
Hotfix for Windows (KB2761967)	Update	7/30/2013
Hotfix for Windows (KB2761968)	Update	7/30/2013
Hotfix for Windows (KB2762576)	Update	7/30/2013
Hotfix for Windows (KB2765325)	Update	7/30/2013
Security Update for Windows (KB2727528)	Update	7/30/2013
Security Update for Windows (KB2753842)	Update	7/30/2013
Security Update for Windows (KB2757638)	Update	7/30/2013
Security Update for Windows (KB2770660)	Update	7/30/2013
Security Update for Windows (KB2781197)	Update	7/30/2013
Security Update for Windows (KB2785220)	Update	7/30/2013
Security Update for Windows (KB2807986)	Update	7/30/2013
Security Update for Windows (KB2813430)	Update	7/30/2013
Security Update for Windows (KB2820197)	Update	7/30/2013
Security Update for Windows (KB2829254)	Update	7/30/2013
Security Update for Windows (KB2829361)	Update	7/30/2013
Security Update for Windows (KB2830290)	Update	7/30/2013
Security Update for Windows (KB2838727)	Update	7/30/2013
Security Update for Windows (KB2839894)	Update	7/30/2013
Security Update for Windows (KB2845690)	Update	7/30/2013
Security Update for Windows (KB2847928)	Update	7/30/2013
Update for Windows (KB2756872)	Update	7/30/2013
Update for Windows (KB2761094)	Update	7/30/2013
Update for Windows (KB2764506)	Update	7/30/2013
Update for Windows (KB2764530)	Update	7/30/2013
Update for Windows (KB2764870)	Update	7/30/2013
Update for Windows (KB2764954)	Update	7/30/2013
Update for Windows (KB2768698)	Update	7/30/2013
Update for Windows (KB2768703)	Update	7/30/2013
Update for Windows (KB2769034)	Update	7/30/2013
Update for Windows (KB2769165)	Update	7/30/2013
Update for Windows (KB2769287)	Update	7/30/2013
Update for Windows (KB2769299)	Update	7/30/2013
Update for Windows (KB2770917)	Update	7/30/2013
Update for Windows (KB2771821)	Update	7/30/2013
Update for Windows (KB2777294)	Update	7/30/2013
Update for Windows (KB2779768)	Update	7/30/2013
Update for Windows (KB2785094)	Update	7/30/2013
Update for Windows (KB2795719)	Update	7/30/2013
Update for Windows (KB2795944)	Update	7/30/2013
Update for Windows (KB2798162)	Update	7/30/2013
Update for Windows (KB2800033)	Update	7/30/2013
Update for Windows (KB2803676)	Update	7/30/2013
Update for Windows (KB2808679)	Update	7/30/2013
Update for Windows (KB2811660)	Update	7/30/2013
Update for Windows (KB2818604)	Update	7/30/2013
Update for Windows (KB2820330)	Update	7/30/2013
Update for Windows (KB2821895)	Update	7/30/2013
Update for Windows (KB2836988)	Update	7/30/2013
Update for Windows (KB2845533)	Update	7/30/2013

Anti-Virus


Software Description	Software Version	Virus Database Date	Known Viruses
Norton AntiVirus 2013	20.4.0.40	7/14/2013	76939
Windows Defender	4.2.0223.0	5/20/2013	?

Firewall


Software Description	Software Version	Status
Norton Personal Firewall	20.4.0.40	?
Windows Firewall	6.2.9200.16384	Enabled

Regional


Time Zone:
	Current Time Zone	SE Asia Standard Time
	Current Time Zone Description	(UTC+07:00) Bangkok, Hanoi, Jakarta
	Change To Standard Time
	Change To Daylight Saving Time

Language:
	Language Name (Native)	English
	Language Name (English)	English
	Language Name (ISO 639)	en

Country/Region:
	Country Name (Native)	United States
	Country Name (English)	United States
	Country Name (ISO 3166)	US
	Country Code	1

Currency:
	Currency Name (Native)	US Dollar
	Currency Name (English)	US Dollar
	Currency Symbol (Native)	$
	Currency Symbol (ISO 4217)	USD
	Currency Format	$123,456,789.00
	Negative Currency Format	($123,456,789.00)

Formatting:
	Time Format	h:mm:ss tt
	Short Date Format	M/d/yyyy
	Long Date Format	dddd, MMMM d, yyyy
	Number Format	123,456,789.00
	Negative Number Format	-123,456,789.00
	List Format	first, second, third
	Native Digits	0123456789

Days of Week:
	Native Name for Monday	Monday / Mon
	Native Name for Tuesday	Tuesday / Tue
	Native Name for Wednesday	Wednesday / Wed
	Native Name for Thursday	Thursday / Thu
	Native Name for Friday	Friday / Fri
	Native Name for Saturday	Saturday / Sat
	Native Name for Sunday	Sunday / Sun

Months:
	Native Name for January	January / Jan
	Native Name for February	February / Feb
	Native Name for March	March / Mar
	Native Name for April	April / Apr
	Native Name for May	May / May
	Native Name for June	June / Jun
	Native Name for July	July / Jul
	Native Name for August	August / Aug
	Native Name for September	September / Sep
	Native Name for October	October / Oct
	Native Name for November	November / Nov
	Native Name for December	December / Dec

Miscellaneous:
	Calendar Type	Gregorian (localized)
	Default Paper Size	US Letter
	Measurement System	U.S.

Display Languages:
	LCID 0409h (Active)	English (United States)
	LCID 0C0Ah	Spanish (Spain, International Sort)
	LCID 040Ch	French (France)

Environment


		Variable	Value
		__COMPAT_LAYER	Installer
		ALLUSERSPROFILE	C:\ProgramData
		APPDATA	C:\Users\home\AppData\Roaming
		CommonProgramFiles(x86)	C:\Program Files (x86)\Common Files
		CommonProgramFiles	C:\Program Files (x86)\Common Files
		CommonProgramW6432	C:\Program Files\Common Files
		COMPUTERNAME	samsung-home
		ComSpec	C:\windows\system32\cmd.exe
		FP_NO_HOST_CHECK	NO
		HOMEDRIVE	C:
		HOMEPATH	\Users\home
		LOCALAPPDATA	C:\Users\home\AppData\Local
		LOGONSERVER	\\WIN-9R4OEB365TQ
		NUMBER_OF_PROCESSORS	4
		OS	Windows_NT
		Path	C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
		PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
		PROCESSOR_ARCHITECTURE	x86
		PROCESSOR_ARCHITEW6432	AMD64
		PROCESSOR_IDENTIFIER	Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
		PROCESSOR_LEVEL	6
		PROCESSOR_REVISION	3a09
		ProgramData	C:\ProgramData
		ProgramFiles(x86)	C:\Program Files (x86)
		ProgramFiles	C:\Program Files (x86)
		ProgramW6432	C:\Program Files
		PSModulePath	C:\windows\system32\WindowsPowerShell\v1.0\Modules\
		PUBLIC	C:\Users\Public
		SystemDrive	C:
		SystemRoot	C:\windows
		TEMP	C:\Users\home\AppData\Local\Temp
		TMP	C:\Users\home\AppData\Local\Temp
		USERDOMAIN_ROAMINGPROFILE	samsung-home
		USERDOMAIN	samsung-home
		USERNAME	home
		USERPROFILE	C:\Users\home
		windir	C:\windows

Control Panel


		Name	Comment
		Flash Player	Manage Flash Player Settings
		Mail	Microsoft Outlook Profiles

Recycle Bin


Drive	Items Size	Items Count	Space %	Recycle Bin
C:	1 KB	1	?	?

System Files


	[ system.ini ]

		; for 16-bit app support
		[386Enh]
		woafont=dosapp.fon
		EGA80WOA.FON=EGA80WOA.FON
		EGA40WOA.FON=EGA40WOA.FON
		CGA80WOA.FON=CGA80WOA.FON
		CGA40WOA.FON=CGA40WOA.FON

		[drivers]
		wave=mmdrv.dll
		timer=timer.drv

		[mci]

	[ win.ini ]

		; for 16-bit app support
		[fonts]
		[extensions]
		[mci extensions]
		[files]
		[Mail]
		MAPI=1
		CMCDLLNAME32=mapi32.dll
		CMC=1
		MAPIX=1
		MAPIXVER=1.0.0.1
		OLEMessaging=1

	[ hosts ]



	[ lmhosts.sam ]

System Folders


		System Folder	Path
		Administrative Tools	C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
		AppData	C:\Users\home\AppData\Roaming
		Cache	C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files
		CD Burning	C:\Users\home\AppData\Local\Microsoft\Windows\Burn\Burn
		Common Administrative Tools	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
		Common AppData	C:\ProgramData
		Common Desktop	C:\Users\Public\Desktop
		Common Documents	C:\Users\Public\Documents
		Common Favorites	C:\Users\home\Favorites
		Common Files (x86)	C:\Program Files (x86)\Common Files
		Common Files	C:\Program Files (x86)\Common Files
		Common Music	C:\Users\Public\Music
		Common Pictures	C:\Users\Public\Pictures
		Common Programs	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
		Common Start Menu	C:\ProgramData\Microsoft\Windows\Start Menu
		Common Startup	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
		Common Templates	C:\ProgramData\Microsoft\Windows\Templates
		Common Video	C:\Users\Public\Videos
		Cookies	C:\Users\home\AppData\Roaming\Microsoft\Windows\Cookies
		Desktop	C:\Users\home\Desktop
		Device	C:\windows\inf;C:\Program Files\SAMSUNG\USB Drivers\01_Simmental;C:\Program Files\SAMSUNG\USB Drivers\02_Siberian;C:\Program Files\SAMSUNG\USB Drivers\03_Swallowtail;C:\Program Files\SAMSUNG\USB Drivers\04_semseyite;C:\Program Files\SAMSUNG\USB Drivers\07_Schorl;C:\Program Files\SAMSUNG\USB Drivers\09_Hsp;C:\Program Files\SAMSUNG\USB Drivers\11_HSP_Plus_Default;C:\Program Files\SAMSUNG\USB Drivers\16_Shrewsbury;C:\Program Files\SAMSUNG\USB Drivers\20_NXP_Driver;C:\Program Files\SAMSUNG\USB Drivers\24_flashusbdriver;C:\Program Files\SAMSUNG\USB Drivers\25_escape
		Favorites	C:\Users\home\Favorites
		Fonts	C:\windows\Fonts
		History	C:\Users\home\AppData\Local\Microsoft\Windows\History
		Local AppData	C:\Users\home\AppData\Local
		My Documents	C:\Users\home\Documents
		My Music	C:\Users\home\Music
		My Pictures	C:\Users\home\Pictures
		My Video	C:\Users\home\Videos
		NetHood	C:\Users\home\AppData\Roaming\Microsoft\Windows\Network Shortcuts
		PrintHood	C:\Users\home\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
		Profile	C:\Users\home
		Program Files (x86)	C:\Program Files (x86)
		Program Files	C:\Program Files (x86)
		Programs	C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
		Recent	C:\Users\home\AppData\Roaming\Microsoft\Windows\Recent
		Resources	C:\windows\resources
		SendTo	C:\Users\home\AppData\Roaming\Microsoft\Windows\SendTo
		Start Menu	C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu
		Startup	C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
		System (x86)	C:\windows\SysWOW64
		System	C:\windows\system32
		Temp	C:\Users\home\AppData\Local\Temp\
		Templates	C:\Users\home\AppData\Roaming\Microsoft\Windows\Templates
		Windows	C:\windows

Event Logs


Log Name	Event Type	Category	Generated On	User	Source	Description
Application	Warning	None	2016-02-27 00:23:01	SYSTEM	Microsoft-Windows-User Profiles Service	1534: Profile notification of event Delete for component {DE3F3560-3032-41B4-B6CF-F703B1B95640} failed, error code is ???.
Application	Warning	None	2016-02-27 00:23:02	SYSTEM	Microsoft-Windows-User Profiles Service	1534: Profile notification of event Delete for component {D63AA156-D534-4BAC-9BF1-55359CF5EC30} failed, error code is The system cannot find the path specified. .
Application	Warning	None	2016-02-27 00:27:31		Wlclntfy	6005: The winlogon notification subscriber <AUInstallAgent> is taking long time to handle the notification event (StartShell).
Application	Warning	None	2016-02-27 00:28:50		Wlclntfy	6006: The winlogon notification subscriber <AUInstallAgent> took 138 second(s) to handle the notification event (StartShell).
Application	Warning	None	2016-02-27 00:28:52	SYSTEM	Microsoft-Windows-ApplicationExperienceInfrastructure	1: The application (Intel Bluetooth Wireless High Speed, from vendor Intel) has the following problem: To function properly, Intel Bluetooth Wireless High Speed must be reinstalled after you upgrade Windows.
Application	Error	None	2016-02-27 00:29:19		Software Protection Platform Service	8200: License acquisition failure details. hr=0x80072EE7
Application	Error	None	2016-02-27 00:29:19		Software Protection Platform Service	1014: Acquisition of End User License failed. hr=0x80072EE7 Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac
Application	Error	None	2016-02-27 00:29:19		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x80072EE7 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Application	Warning	None	2016-02-27 00:35:30	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-4148812140-3900968213-992977265-1001: Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
Application	Error	None	2016-02-27 00:51:52		Software Protection Platform Service	8200: License acquisition failure details. hr=0x80072EE7
Application	Error	None	2016-02-27 00:51:52		Software Protection Platform Service	1014: Acquisition of End User License failed. hr=0x80072EE7 Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac
Application	Error	None	2016-02-27 00:51:52		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x80072EE7 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
Application	Warning	None	2016-02-27 00:52:20	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-4148812140-3900968213-992977265-1001: Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
Application	Warning	None	2016-02-27 00:52:21	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from \Registry\User\S-1-5-21-4148812140-3900968213-992977265-1001_Classes: Process 1976 (\Device\HarddiskVolume4\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001_CLASSES Process 1976 (\Device\HarddiskVolume4\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001_CLASSES Process 1976 (\Device\HarddiskVolume4\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001_CLASSES
Application	Error	None	2016-02-27 18:45:45		Software Protection Platform Service	8200: License acquisition failure details. hr=0x80072EE7
Application	Error	None	2016-02-27 18:45:45		Software Protection Platform Service	1014: Acquisition of End User License failed. hr=0x80072EE7 Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac
Application	Error	None	2016-02-27 18:45:45		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x80072EE7 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=3
Application	Error	None	2016-02-27 18:47:41		Customer Experience Improvement Program	1008: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).
Application	Error	None	2016-02-27 18:49:40		System Restore	8193: Failed to create restore point (Process = D:\setup.exe ; Description = Installed Microsoft Office Professional Plus 2013; Error = 0x80070422).
Application	Error	None	2016-02-27 18:49:43		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:07		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:16		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:18		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:26		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:27		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:28		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:30		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:31		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:33		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:34		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:36		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:37		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:39		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:48		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:49		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:50		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:51		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:53		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:53		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:54		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:55		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:57		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:50:59		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:51:18		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:53:08		Software Protection Platform Service	1017: Installation of the Proof of Purchase failed. 0xC004E016 Partial Pkey=GVGXT ACID=? Detailed Error[?]
Application	Error	None	2016-02-27 18:53:08		Software Protection Platform Service	1017: Installation of the Proof of Purchase failed. 0xC004E016 Partial Pkey=GVGXT ACID=? Detailed Error[?]
Application	Error	None	2016-02-27 18:53:08	home	MsiInstaller	10005: Product: Microsoft Office Professional Plus 2013 -- Error 25004. The product key you entered cannot be used on this machine. This is most likely due to previous Office 2013 trials being installed. (System error: -1073422314)
Application	Error	None	2016-02-27 18:54:46		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed Microsoft Office; Error = 0x80070422).
Application	Error	None	2016-02-27 18:54:48		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed Microsoft Office; Error = 0x80070422).
Application	Error	None	2016-02-27 18:55:38		System Restore	8193: Failed to create restore point (Process = D:\setup.exe ; Description = Installed Microsoft Office Professional Plus 2013; Error = 0x80070422).
Application	Error	None	2016-02-27 18:55:40		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:55:55		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:04		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:05		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:12		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:13		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:14		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:16		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:17		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:19		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:20		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:21		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:22		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:24		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:29		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:29		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:30		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:31		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:32		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:33		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:34		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:34		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:37		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:38		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Error	None	2016-02-27 18:56:53		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUS; Error = 0x80070422).
Application	Warning	None	2016-02-27 18:58:17		Software Protection Platform Service	8233: The rules engine reported a failed VL activation attempt. Reason:0x8007267C AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=TimerEvent
Application	Warning	None	2016-02-27 19:01:33	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 59 user registry handles leaked from \Registry\User\S-1-5-21-4148812140-3900968213-992977265-1001: Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 688 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 688 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 688 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 688 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 4184 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 4184 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 4184 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 4184 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 688 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 4184 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\Root Process 688 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\Root Process 4184 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\Root Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\Root Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\trust Process 688 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\trust Process 4184 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\trust Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\trust Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\Disallowed Process 688 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\Disallowed Process 4184 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\Disallowed Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\Disallowed Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 688 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 4184 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Policies\Microsoft\SystemCertificates Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Policies\Microsoft\SystemCertificates Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Policies\Microsoft\SystemCertificates Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Policies\Microsoft\SystemCertificates Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Policies\Microsoft\SystemCertificates Process 688 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Policies\Microsoft\SystemCertificates Process 688 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Policies\Microsoft\SystemCertificates Process 688 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Policies\Microsoft\SystemCertificates Process 688 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Policies\Microsoft\SystemCertificates Process 4184 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Policies\Microsoft\SystemCertificates Process 4184 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Policies\Microsoft\SystemCertificates Process 4184 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Policies\Microsoft\SystemCertificates Process 4184 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Policies\Microsoft\SystemCertificates Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Policies\Microsoft\SystemCertificates Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Policies\Microsoft\SystemCertificates Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Policies\Microsoft\SystemCertificates Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\CA Process 688 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\CA Process 4184 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\CA Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\SystemCertificates\CA
Application	Error	None	2016-02-27 19:57:34		Perflib	1021: Windows cannot open the 32-bit extensible counter DLL Outlook in a 64-bit environment. Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe.
Application	Error	None	2016-02-27 19:57:35		Perflib	1017: Disabled performance counter data collection from the "Outlook" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.
Application	Error	100	2016-02-28 00:01:43		Application Error	1000: Faulting application name: DllHost.exe, version: 6.2.9200.16384, time stamp: 0x50108850 Faulting module name: ntdll.dll, version: 6.2.9200.16579, time stamp: 0x51637f77 Exception code: 0xc0000005 Fault offset: 0x000000000005ab00 Faulting process id: 0xb4c Faulting application start time: 0x01d171808660144f Faulting application path: C:\windows\system32\DllHost.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll Report Id: c6762954-dd73-11e5-be7a-b4b676f504b9 Faulting package full name: Faulting package-relative application ID:
Application	Error	None	2016-02-28 00:03:47		System Restore	8193: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
Application	Error	None	2016-02-28 00:03:47		System Restore	8193: Failed to create restore point (Process = C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16613_none_6273bd8950d6cae2\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
Application	Error	None	2016-02-28 00:03:55		System Restore	8193: Failed to create restore point (Process = C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16613_none_6273bd8950d6cae2\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
Application	Error	None	2016-02-28 00:04:17		System Restore	8193: Failed to create restore point (Process = C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16613_none_6273bd8950d6cae2\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
Application	Warning	None	2016-02-28 00:04:22	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-4148812140-3900968213-992977265-1001: Process 5092 (\Device\HarddiskVolume4\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001 Process 5092 (\Device\HarddiskVolume4\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Control Panel\Desktop Process 512 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 284 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4148812140-3900968213-992977265-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
Application	Error	None	2016-02-28 14:22:09		System Restore	8193: Failed to create restore point (Process = C:\Intel\Wireless\Setup.exe -s -wumode; Description = Intel® PROSet/Wireless Software; Error = 0x80070422).
Application	Error	None	2016-02-28 14:23:08	SYSTEM	Microsoft-Windows-WMI	10: Event filter with query "select * from CIntelWLANEvent" could not be reactivated in namespace "//./ROOT/default" because of error 0x80041010. Events cannot be delivered through this filter until the problem is corrected.
Application	Warning	None	2016-02-28 14:24:23	SYSTEM	Microsoft-Windows-WMI	63: A provider, IntelWLANEventProvider, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Application	Warning	None	2016-02-28 14:24:23	SYSTEM	Microsoft-Windows-WMI	63: A provider, IntelWLANEventProvider, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Application	Error	None	2016-02-28 14:25:16		System Restore	8193: Failed to create restore point (Process = C:\ProgramData\Package Cache\{e6d17d96-ddaa-476f-bb07-db601024ffb1}\Setup.exe Cache\{e6d17d96-ddaa-476f-bb07-db601024ffb1}\Setup.exe" -uninstall -quiet -burn.related.upgrade -burn.embedded BurnPipe.{88AC3813-C9FC-4B46-ACBF-F85C84407C14} {D79864A9-9481-43A0-95CF-DDA87BC827D8} 3220; Description = Intel® PROSet/Wireless Software; Error = 0x80070422).
Application	Warning	None	2016-02-28 14:25:21	SYSTEM	Microsoft-Windows-ApplicationExperienceInfrastructure	1: The application (Intel Bluetooth Wireless High Speed, from vendor Intel) has the following problem: To function properly, Intel Bluetooth Wireless High Speed must be reinstalled after you upgrade Windows.
Application	Error	2414	2016-02-28 14:34:37	home	Microsoft-Windows-Immersive-Shell	2486: App SymantecCorporation.NortonStudio_v68kp9n051hdp!App did not launch within its allotted time.
Application	Error	101	2016-02-28 14:34:42		Application Hang	1002: The program mmamain.exe version 1.0.0.114 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 8bc Start Time: 01d171fa6cccebe4 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.0.0.114_x86__v68kp9n051hdp\mmamain.exe Report Id: b87891a7-dded-11e5-be7a-b4b676f504b9 Faulting package full name: SymantecCorporation.NortonStudio_1.0.0.114_x86__v68kp9n051hdp Faulting package-relative application ID: App
Application	Error	None	2016-02-28 14:39:13		Customer Experience Improvement Program	1008: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).
Security	Audit Success	12288	2016-02-27 00:22:34		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2016-02-27 00:22:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	13568	2016-02-27 00:22:35		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xb6b0
Security	Audit Success	12544	2016-02-27 00:22:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 00:22:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-27 00:22:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 00:22:38		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-27 00:22:39		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x278 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2016-02-27 00:22:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x13217 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x278 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2016-02-27 00:22:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x13228 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x278 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 00:22:39		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x13217 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2016-02-27 00:22:39		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x13228 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12544	2016-02-27 00:22:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2016-02-27 00:22:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2016-02-27 00:22:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 00:22:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2016-02-27 00:22:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2016-02-27 00:22:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-27 00:22:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 00:22:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-27 00:23:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 00:23:00		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-27 00:23:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 00:23:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-544 Account Domain: Builtin Old Account Name: Administrators New Account Name: Administrators Additional Information: Privileges: -
Security	Audit Success	13824	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-545 Account Domain: Builtin Old Account Name: Users New Account Name: Users Additional Information: Privileges: -
Security	Audit Success	13824	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-546 Account Domain: Builtin Old Account Name: Guests New Account Name: Guests Additional Information: Privileges: -
Security	Audit Success	13824	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-558 Account Domain: Builtin Old Account Name: Performance Monitor Users New Account Name: Performance Monitor Users Additional Information: Privileges: -
Security	Audit Success	13824	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-559 Account Domain: Builtin Old Account Name: Performance Log Users New Account Name: Performance Log Users Additional Information: Privileges: -
Security	Audit Success	13824	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-562 Account Domain: Builtin Old Account Name: Distributed COM Users New Account Name: Distributed COM Users Additional Information: Privileges: -
Security	Audit Success	13824	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-568 Account Domain: Builtin Old Account Name: IIS_IUSRS New Account Name: IIS_IUSRS Additional Information: Privileges: -
Security	Audit Success	13824	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-573 Account Domain: Builtin Old Account Name: Event Log Readers New Account Name: Event Log Readers Additional Information: Privileges: -
Security	Audit Success	13824	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-580 Account Domain: Builtin Old Account Name: Remote Management Users New Account Name: Remote Management Users Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Changed Attributes: SAM Account Name: Administrators SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Changed Attributes: SAM Account Name: Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Changed Attributes: SAM Account Name: Guests SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Changed Attributes: SAM Account Name: Performance Monitor Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Changed Attributes: SAM Account Name: Performance Log Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Changed Attributes: SAM Account Name: Distributed COM Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Changed Attributes: SAM Account Name: IIS_IUSRS SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Changed Attributes: SAM Account Name: Event Log Readers SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:34		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Changed Attributes: SAM Account Name: Remote Management Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13824	2016-02-27 00:23:35		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-4148812140-3900968213-992977265-500 Account Name: Administrator Account Domain: WIN-9R4OEB365TQ Changed Attributes: SAM Account Name: Administrator Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 7/26/2012 4:27:03 PM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2016-02-27 00:23:35		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-4148812140-3900968213-992977265-500 Account Name: Administrator Account Domain: WIN-9R4OEB365TQ Changed Attributes: SAM Account Name: Administrator Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 7/26/2012 4:27:03 PM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2016-02-27 00:23:35		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-4148812140-3900968213-992977265-501 Account Name: Guest Account Domain: WIN-9R4OEB365TQ Changed Attributes: SAM Account Name: Guest Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2016-02-27 00:23:35		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-4148812140-3900968213-992977265-501 Account Name: Guest Account Domain: WIN-9R4OEB365TQ Changed Attributes: SAM Account Name: Guest Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2016-02-27 00:23:35		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-4148812140-3900968213-992977265-513 Account Domain: WIN-9R4OEB365TQ Old Account Name: None New Account Name: None Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:35		Microsoft-Windows-Security-Auditing	4737: A security-enabled global group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-21-4148812140-3900968213-992977265-513 Group Name: None Group Domain: WIN-9R4OEB365TQ Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:23:35		Microsoft-Windows-Security-Auditing	4737: A security-enabled global group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-21-4148812140-3900968213-992977265-513 Group Name: None Group Domain: WIN-9R4OEB365TQ Changed Attributes: SAM Account Name: None SID History: - Additional Information: Privileges: -
Security	Audit Success	13824	2016-02-27 00:24:30		Microsoft-Windows-Security-Auditing	4720: A user account was created. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Account: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Attributes: SAM Account Name: home Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x15 User Account Control: %%2080 %%2082 %%2084 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges -
Security	Audit Success	13826	2016-02-27 00:24:30		Microsoft-Windows-Security-Auditing	4728: A member was added to a security-enabled global group. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: - Group: Security ID: S-1-5-21-4148812140-3900968213-992977265-513 Group Name: None Group Domain: samsung-home Additional Information: Privileges: -
Security	Audit Success	13824	2016-02-27 00:24:31		Microsoft-Windows-Security-Auditing	4722: A user account was enabled. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:24:31		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Changed Attributes: SAM Account Name: home Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x15 New UAC Value: 0x14 User Account Control: %%2048 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2016-02-27 00:24:31		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Changed Attributes: SAM Account Name: home Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x14 New UAC Value: 0x214 User Account Control: %%2089 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:24:31		Microsoft-Windows-Security-Auditing	4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:24:32		Microsoft-Windows-Security-Auditing	4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: - Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Additional Information: Privileges: -
Security	Audit Success	13826	2016-02-27 00:24:32		Microsoft-Windows-Security-Auditing	4733: A member was removed from a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: -
Security	Audit Success	12544	2016-02-27 00:24:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 00:24:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12292	2016-02-27 00:25:02		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12292	2016-02-27 00:25:12		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2016-02-27 00:25:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 00:25:34		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-27 00:25:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x476d1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2016-02-27 00:26:23		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: home Account Domain: samsung-home Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x278 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2016-02-27 00:26:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x56a96 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x278 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: WIN-9R4OEB365TQ Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2016-02-27 00:26:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x56ae1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x278 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: WIN-9R4OEB365TQ Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 00:26:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x56a96 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12292	2016-02-27 00:30:09		Microsoft-Windows-Security-Auditing	6406: Norton Internet Security registered to Windows Firewall to control filtering for the following: BootTimeRuleCategory, StealthRuleCategory, FirewallRuleCategory.
Security	Audit Success	13824	2016-02-27 00:30:27		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x56ae1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:27		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x56ae1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:27		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x56ae1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:27		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x56ae1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:30:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	12544	2016-02-27 00:31:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 00:31:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-27 00:33:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2016-02-27 00:33:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 00:33:38		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2016-02-27 00:33:38		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-27 00:34:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 00:34:06		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-27 00:35:25		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-2 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x650 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2016-02-27 00:35:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x29abd7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x650 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2016-02-27 00:35:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x29abf5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x650 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 00:35:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x29abd7 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2016-02-27 00:35:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x29abf5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12545	2016-02-27 00:35:30		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x56ae1 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12545	2016-02-27 00:35:31		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x13228 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2016-02-27 00:35:31		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x13217 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12544	2016-02-27 00:51:25		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: home Account Domain: samsung-home Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x650 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2016-02-27 00:51:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2a9dbe Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x650 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: WIN-9R4OEB365TQ Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2016-02-27 00:51:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2a9de0 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x650 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: WIN-9R4OEB365TQ Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 00:51:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2a9dbe Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2016-02-27 00:51:42		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2a9de0 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:42		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2a9de0 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:42		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2a9de0 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:42		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2a9de0 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:46		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:46		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:46		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:46		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:46		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:46		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:46		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:46		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:46		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:46		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:46		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:46		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:46		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:46		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:46		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:46		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 00:51:46		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	12544	2016-02-27 00:52:17		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-3 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x68c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2016-02-27 00:52:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x2cb2ca Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x68c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2016-02-27 00:52:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x2cb2d9 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x68c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 00:52:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x2cb2ca Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2016-02-27 00:52:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x2cb2d9 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12545	2016-02-27 00:52:20		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2a9de0 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12545	2016-02-27 00:52:22		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x29abf5 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2016-02-27 00:52:22		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x29abd7 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2016-02-27 00:52:22		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2a9de0 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2016-02-27 00:52:22		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2a9dbe Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12544	2016-02-27 18:45:24		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: home Account Domain: samsung-home Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x68c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2016-02-27 18:45:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2deaaf Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x68c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: WIN-9R4OEB365TQ Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2016-02-27 18:45:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2dead1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x68c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: WIN-9R4OEB365TQ Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 18:45:24		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2deaaf Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2016-02-27 18:45:36		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2dead1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:36		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2dead1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:36		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2dead1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:36		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2dead1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:41		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:41		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:41		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:41		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:41		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:41		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:41		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:41		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:41		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:41		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:41		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:41		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:41		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:41		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:41		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:41		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 18:45:41		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	12544	2016-02-27 18:47:43		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 18:47:43		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-27 18:49:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2016-02-27 18:49:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 18:49:39		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2016-02-27 18:49:39		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-27 18:49:42		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 18:49:42		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-27 18:54:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 18:54:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-27 18:58:20		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 18:58:20		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-27 18:59:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 18:59:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-27 19:00:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 19:00:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-27 19:01:25		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-4 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x13e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2016-02-27 19:01:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-4 Account Name: DWM-4 Account Domain: Window Manager Logon ID: 0x64d60f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x13e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2016-02-27 19:01:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-4 Account Name: DWM-4 Account Domain: Window Manager Logon ID: 0x64d620 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x13e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 19:01:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-4 Account Name: DWM-4 Account Domain: Window Manager Logon ID: 0x64d60f Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2016-02-27 19:01:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-4 Account Name: DWM-4 Account Domain: Window Manager Logon ID: 0x64d620 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12545	2016-02-27 19:01:33		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x2dead1 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12545	2016-02-27 19:01:35		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x2cb2d9 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2016-02-27 19:01:35		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x2cb2ca Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12544	2016-02-27 19:50:44		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: home Account Domain: samsung-home Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x13e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2016-02-27 19:50:44		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x65c743 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x13e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: WIN-9R4OEB365TQ Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2016-02-27 19:50:44		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x65c765 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x13e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: WIN-9R4OEB365TQ Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 19:50:44		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x65c743 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2016-02-27 19:50:52		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x65c765 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:52		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x65c765 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:52		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x65c765 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:52		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x65c765 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-27 19:50:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	12544	2016-02-27 19:56:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 19:56:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-27 19:57:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-27 19:57:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-28 00:01:43		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-28 00:01:43		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-28 00:03:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-28 00:03:26		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-28 00:03:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2016-02-28 00:03:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-28 00:03:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2016-02-28 00:03:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-28 00:04:15		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-5 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3c0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2016-02-28 00:04:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-5 Account Name: DWM-5 Account Domain: Window Manager Logon ID: 0x77749b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2016-02-28 00:04:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-5 Account Name: DWM-5 Account Domain: Window Manager Logon ID: 0x7774aa Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-28 00:04:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-5 Account Name: DWM-5 Account Domain: Window Manager Logon ID: 0x77749b Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2016-02-28 00:04:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-5 Account Name: DWM-5 Account Domain: Window Manager Logon ID: 0x7774aa Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12545	2016-02-28 00:04:22		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x65c765 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12545	2016-02-28 00:04:23		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-4 Account Name: DWM-4 Account Domain: Window Manager Logon ID: 0x64d620 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2016-02-28 00:04:23		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-4 Account Name: DWM-4 Account Domain: Window Manager Logon ID: 0x64d60f Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12544	2016-02-28 00:07:27		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: home Account Domain: samsung-home Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3c0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2016-02-28 00:07:27		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x79a88f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: WIN-9R4OEB365TQ Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2016-02-28 00:07:27		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x79a8b1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: WIN-9R4OEB365TQ Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-28 00:07:27		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x79a88f Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2016-02-28 00:07:32		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x79a8b1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:32		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x79a8b1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:32		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x79a8b1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:32		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x79a8b1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:07:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: home Target Account Domain: samsung-home
Security	Audit Success	12544	2016-02-28 00:10:41		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-28 00:10:41		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2016-02-28 00:14:20		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x79a8b1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:14:20		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x79a8b1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:14:20		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x79a8b1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:14:20		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x79a8b1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	12544	2016-02-28 00:15:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-28 00:15:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2016-02-28 00:16:10		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x79a8b1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 00:16:10		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x79a8b1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	12288	2016-02-28 14:21:40		Microsoft-Windows-Security-Auditing	4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x510 Name: C:\Windows\System32\svchost.exe Previous Time: 2016-02-27T17:20:59.022090600Z New Time: 2016-02-28T07:21:40.380798300Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Security	Audit Success	12288	2016-02-28 14:21:40		Microsoft-Windows-Security-Auditing	4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x510 Name: C:\Windows\System32\svchost.exe Previous Time: 2016-02-28T07:21:40.398147900Z New Time: 2016-02-28T07:21:40.389000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Security	Audit Success	12544	2016-02-28 14:22:08		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-28 14:22:08		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-28 14:22:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-28 14:22:09		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-28 14:25:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-28 14:25:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-28 14:25:19		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-28 14:25:19		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-28 14:25:27		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-28 14:25:27		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2016-02-28 14:32:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-28 14:32:21		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2016-02-28 14:34:07		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x79a8b1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Administrator Target Account Domain: samsung-home
Security	Audit Success	13824	2016-02-28 14:34:07		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-4148812140-3900968213-992977265-1001 Account Name: home Account Domain: samsung-home Logon ID: 0x79a8b1 Additional Information: Caller Workstation: WIN-9R4OEB365TQ Target Account Name: Guest Target Account Domain: samsung-home
Security	Audit Success	12544	2016-02-28 14:34:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-9R4OEB365TQ$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2016-02-28 14:34:38		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
System	Error	None	2016-02-27 00:22:10		volmgr	46: Crash dump initialization failed!
System	Warning	None	2016-02-27 00:24:56	LOCAL SERVICE	Microsoft-Windows-Time-Service	134: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
System	Warning	None	2016-02-27 00:24:56	LOCAL SERVICE	Microsoft-Windows-Time-Service	134: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
System	Warning	None	2016-02-27 00:24:58	LOCAL SERVICE	Microsoft-Windows-Time-Service	134: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
System	Error	None	2016-02-27 00:32:53	home	DCOM	10010: The server Microsoft.WindowsLive.Platform.Service.RemoteProcess did not register with DCOM within the required timeout.
System	Warning	7	2016-02-27 00:35:23	SYSTEM	Microsoft-Windows-Kernel-Processor-Power	37: The speed of Hyper-V logical processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
System	Warning	7	2016-02-27 00:35:23	SYSTEM	Microsoft-Windows-Kernel-Processor-Power	37: The speed of Hyper-V logical processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
System	Warning	7	2016-02-27 00:35:23	SYSTEM	Microsoft-Windows-Kernel-Processor-Power	37: The speed of Hyper-V logical processor 2 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
System	Warning	7	2016-02-27 00:35:23	SYSTEM	Microsoft-Windows-Kernel-Processor-Power	37: The speed of Hyper-V logical processor 3 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
System	Warning	1014	2016-02-27 18:51:17	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name shasta-rrs.symantec.com timed out after none of the configured DNS servers responded.
System	Error	1	2016-02-28 00:15:59	SYSTEM	Microsoft-Windows-WindowsUpdateClient	20: Installation Failure: Windows failed to install the following update with error 0x8007041d: Windows Update Setup Handler.
System	Warning	None	2016-02-28 00:20:51	LOCAL SERVICE	Microsoft-Windows-Time-Service	134: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: The requested name is valid, but no data of the requested type was found. (0x80072AFC)
System	Warning	None	2016-02-28 00:20:53	LOCAL SERVICE	Microsoft-Windows-Time-Service	134: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
System	Warning	None	2016-02-28 00:20:53	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	10002: WLAN Extensibility Module has stopped. Module Path: C:\windows\System32\IWMSSvc.dll
System	Warning	None	2016-02-28 14:21:40	LOCAL SERVICE	Microsoft-Windows-Time-Service	52: The time service has set the time with offset 50441 seconds.
System	Warning	None	2016-02-28 14:23:25	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	10002: WLAN Extensibility Module has stopped. Module Path: C:\windows\System32\IWMSSvc.dll

Database Software


Database Drivers:
	Borland Database Engine	-
	Borland InterBase Client	-
	Easysoft ODBC-InterBase 6	-
	Easysoft ODBC-InterBase 7	-
	Firebird Client	-
	Jet Engine	4.00.9765.0
	MDAC	6.2.9200.16384 (win8_rtm.120725-1247)
	ODBC	6.2.9200.16384 (win8_rtm.120725-1247)
	MySQL Connector/ODBC	-
	Oracle Client	-
	PsqlODBC	-
	Sybase ASE ODBC	-

Database Servers:
	Borland InterBase Server	-
	Firebird Server	-
	Microsoft SQL Server	-
	Microsoft SQL Server Compact Edition	3.00.5300.0
	Microsoft SQL Server Express Edition	-
	MySQL Server	-
	Oracle Server	-
	PostgreSQL Server	-
	Sybase SQL Server	-

ODBC Drivers


Driver Description	File Name	Version	File Extensions Supported
Driver da Microsoft para arquivos texto (.txt; .csv)	odbcjt32.dll	6.2.9200.16384 (win8_rtm.120725-1247)	.,.asc,.csv,.tab,.txt,.csv
Driver do Microsoft Access (*.mdb)	odbcjt32.dll	6.2.9200.16384 (win8_rtm.120725-1247)	*.mdb
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
Driver do Microsoft Excel(*.xls)	odbcjt32.dll	6.2.9200.16384 (win8_rtm.120725-1247)	*.xls
Driver do Microsoft Paradox (*.db )	odbcjt32.dll	6.2.9200.16384 (win8_rtm.120725-1247)	*.db
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
Microsoft Access Driver (.mdb, .accdb)	aceodbc.dll	15.0.4420.1017	.mdb,.accdb
Microsoft Access Text Driver (.txt, .csv)	aceodbc.dll	15.0.4420.1017	.txt, .csv
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
Microsoft dBase Driver (*.dbf)	odbcjt32.dll	6.2.9200.16384 (win8_rtm.120725-1247)	.dbf,.ndx,*.mdx
Microsoft dBase-Treiber (*.dbf)	odbcjt32.dll	6.2.9200.16384 (win8_rtm.120725-1247)	.dbf,.ndx,*.mdx
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
Microsoft Excel Driver (.xls, .xlsx, .xlsm, .xlsb)	aceodbc.dll	15.0.4420.1017	.xls,.xlsx, *.xlsb
Microsoft Excel-Treiber (*.xls)	odbcjt32.dll	6.2.9200.16384 (win8_rtm.120725-1247)	*.xls
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
Microsoft Paradox Driver (*.db )	odbcjt32.dll	6.2.9200.16384 (win8_rtm.120725-1247)	*.db
Microsoft Paradox-Treiber (*.db )	odbcjt32.dll	6.2.9200.16384 (win8_rtm.120725-1247)	*.db
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
Microsoft Text-Treiber (.txt; .csv)	odbcjt32.dll	6.2.9200.16384 (win8_rtm.120725-1247)	.,.asc,.csv,.tab,.txt,.csv
SQL Server	sqlsrv32.dll	6.2.9200.16384 (win8_rtm.120725-1247)

ODBC Data Sources


Data Source Name	Data Source Description	Type	Driver File Name
Excel Files	Microsoft Excel Driver (.xls, .xlsx, .xlsm, .xlsb)	User	aceodbc.dll
MS Access Database	Microsoft Access Driver (.mdb, .accdb)	User	aceodbc.dll

Debug - PCI


		B00 D00 F00:	Intel Ivy Bridge-MB - Host Bridge/DRAM Controller

		Offset 000:	86 80 54 01 06 00 90 20 09 00 00 06 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 4D 14 06 C7
		Offset 030:	00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	01 90 D1 FE 00 00 00 00 01 00 D1 FE 00 00 00 00
		Offset 050:	11 02 00 00 11 00 00 00 07 00 90 DF 01 00 00 DB
		Offset 060:	05 00 00 F8 00 00 00 00 01 80 D1 FE 00 00 00 00
		Offset 070:	00 00 00 7F 01 00 00 00 00 0C 00 FF 7F 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 1A 00 00 00 00 00 00 00
		Offset 090:	01 00 00 7F 01 00 00 00 01 00 50 9F 01 00 00 00
		Offset 0A0:	01 00 00 80 01 00 00 00 01 00 60 9F 01 00 00 00
		Offset 0B0:	01 00 A0 DB 01 00 80 DB 01 00 00 DB 01 00 A0 DF
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	09 00 0C 01 9B 61 00 E2 D0 00 E8 14 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 C8 0F 09 00 00 00 00 00

		B00 D02 F00:	Intel Ivy Bridge-MB - Integrated Graphics Controller (MB GT2)

		Offset 000:	86 80 66 01 07 04 90 00 09 00 00 03 00 00 00 00
		Offset 010:	04 00 80 F7 00 00 00 00 0C 00 00 E0 00 00 00 00
		Offset 020:	01 F0 00 00 00 00 00 00 00 00 00 00 4D 14 06 C7
		Offset 030:	00 00 00 00 90 00 00 00 00 00 00 00 00 01 00 00
		Offset 040:	09 00 0C 01 9B 61 00 E2 D0 00 E8 14 00 00 00 00
		Offset 050:	11 02 00 00 11 00 00 00 00 00 00 00 01 00 A0 DB
		Offset 060:	00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	05 D0 01 00 98 02 E0 FE 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 13 00 06 03 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	01 A4 22 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 80 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 09 00 18 60 C8 D9

		B00 D14 F00:	Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1]

		Offset 000:	86 80 31 1E 06 04 90 02 04 30 03 0C 00 00 00 00
		Offset 010:	04 00 D0 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 4D 14 06 C7
		Offset 030:	00 00 00 00 70 00 00 00 00 00 00 00 00 01 00 00
		Offset 040:	FD 07 0E 80 39 C2 03 80 00 00 00 00 00 00 00 00
		Offset 050:	17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	30 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	01 80 C2 C1 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 00 B7 00 98 01 E0 FE 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	8F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	03 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	01 00 00 00 0F 00 00 00 01 00 00 00 0F 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 05 08 00 00 00 00

		B00 D16 F00:	Intel Panther Point PCH - Host Embedded Controller Interface 1 (HECI1) [C-1]

		Offset 000:	86 80 3A 1E 06 00 10 00 04 00 80 07 00 00 80 00
		Offset 010:	04 A0 D1 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 4D 14 06 C7
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 10 01 00 00
		Offset 040:	45 02 00 1E 10 00 01 80 06 01 00 60 F0 17 00 10
		Offset 050:	01 8C 03 C8 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 05 00 80 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 C0
		Offset 0C0:	FB A9 1A 76 70 A2 2E 0E BE 0B D1 CC 3C E0 FF 75
		Offset 0D0:	AC 59 57 7A 53 28 4C 9A 43 89 97 A4 C8 FF 53 59
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B00 D1A F00:	Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1]

		Offset 000:	86 80 2D 1E 06 00 90 02 04 20 03 0C 00 00 00 00
		Offset 010:	00 80 D1 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 4D 14 06 C7
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 10 01 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	01 58 C2 C9 00 00 00 00 0A 98 A0 20 00 00 00 00
		Offset 060:	20 20 FF 07 00 00 00 00 01 00 00 00 00 20 00 C0
		Offset 070:	00 00 DF 3F 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 80 00 11 88 0C 93 30 0D 00 24 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 13 00 06 03 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 AA FF 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 04 F0 B4 DA
		Offset 0F0:	00 00 00 00 88 85 80 00 87 0F 05 08 08 17 5B 20

		B00 D1B F00:	Intel Panther Point PCH - High Definition Audio Controller [C-1]

		Offset 000:	86 80 20 1E 06 00 10 00 04 00 03 04 10 00 00 00
		Offset 010:	04 C0 AF FE 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 4D 14 06 C7
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 16 01 00 00
		Offset 040:	01 00 00 45 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	01 60 42 C8 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	05 70 80 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	10 00 91 00 00 00 00 10 00 08 10 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 04 02 01 02 24 00 40 00 0C A3 82 10 00 33 02
		Offset 0D0:	00 0C A3 02 10 00 33 02 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 05 08 00 00 00 00

		B00 D1C F00:	Intel Panther Point PCH - PCI Express Port 1

		Offset 000:	86 80 10 1E 06 00 10 00 C4 00 04 06 10 00 81 00
		Offset 010:	00 00 00 00 00 00 00 00 00 01 01 00 F0 00 00 20
		Offset 020:	C0 F7 C0 F7 F1 FF 01 00 00 00 00 00 00 00 00 00
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 10 01 00 00
		Offset 040:	10 80 42 01 00 80 00 00 00 00 10 00 12 3C 12 01
		Offset 050:	42 00 11 70 00 B2 04 00 00 00 40 00 00 00 00 00
		Offset 060:	00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	0D A0 00 00 4D 14 06 C7 00 00 00 00 00 00 00 00
		Offset 0A0:	01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 01 02 0B 00 00 00 80 11 81 00 00 00 00
		Offset 0E0:	00 3F 00 00 00 00 00 00 01 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 05 08 00 00 00 00

		B00 D1C F03:	Intel Panther Point PCH - PCI Express Port 4

		Offset 000:	86 80 16 1E 07 00 10 00 C4 00 04 06 10 00 81 00
		Offset 010:	00 00 00 00 00 00 00 00 00 02 02 00 E0 E0 00 20
		Offset 020:	F0 FF 00 00 01 F0 01 F0 00 00 00 00 00 00 00 00
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 13 04 00 00
		Offset 040:	10 80 42 01 00 80 00 00 00 00 10 00 12 3C 12 04
		Offset 050:	43 00 11 70 00 B2 1C 00 00 00 40 00 00 00 00 00
		Offset 060:	00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	0D A0 00 00 4D 14 06 C7 00 00 00 00 00 00 00 00
		Offset 0A0:	01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 01 02 0B 00 00 00 80 11 81 00 00 00 00
		Offset 0E0:	00 03 00 00 00 00 00 00 01 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 05 08 00 00 00 00

		B00 D1D F00:	Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1]

		Offset 000:	86 80 26 1E 06 00 90 02 04 20 03 0C 00 00 00 00
		Offset 010:	00 70 D1 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 4D 14 06 C7
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 17 01 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	01 58 C2 C9 00 80 00 00 0A 98 A0 20 00 00 00 00
		Offset 060:	20 20 FF 07 00 00 00 00 01 00 00 00 00 20 00 C0
		Offset 070:	00 00 DF 3F 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 80 00 11 88 0C 93 30 0D 00 24 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 13 00 06 03 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 AA FF 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 84 10 3E D9
		Offset 0F0:	00 00 00 00 88 85 80 00 87 0F 05 08 08 17 5B 20

		B00 D1F F00:	Intel HM76 Chipset - LPC Interface Controller [C-1]

		Offset 000:	86 80 59 1E 07 00 10 02 04 00 01 06 00 00 80 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 4D 14 06 C7
		Offset 030:	00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	01 04 00 00 80 00 00 00 01 05 00 00 10 00 00 00
		Offset 050:	F8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 80 80 80 D0 00 00 00 80 80 80 80 F8 F0 00 00
		Offset 070:	78 F0 78 F0 78 F0 78 F0 78 F0 78 F0 78 F0 78 F0
		Offset 080:	10 00 03 3C 4D 16 00 00 81 06 0C 00 01 0A 1C 00
		Offset 090:	01 0A 04 00 00 0F 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	04 0E 80 00 40 38 06 00 00 47 00 00 00 00 01 80
		Offset 0B0:	00 00 00 00 00 00 00 00 84 80 00 A0 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	33 22 11 00 67 45 00 00 CF FF 00 00 08 00 00 00
		Offset 0E0:	09 00 0C 10 00 00 00 00 13 06 64 06 00 00 00 00
		Offset 0F0:	01 C0 D1 FE 00 00 00 00 87 0F 05 08 00 00 00 00

		B00 D1F F02:	Intel Panther Point-M PCH - SATA AHCI Controller [C-1]

		Offset 000:	86 80 03 1E 07 04 B0 02 04 01 06 01 00 00 00 00
		Offset 010:	B1 F0 00 00 A1 F0 00 00 91 F0 00 00 81 F0 00 00
		Offset 020:	61 F0 00 00 00 60 D1 F7 00 00 00 00 4D 14 06 C7
		Offset 030:	00 00 00 00 80 00 00 00 00 00 00 00 00 02 00 00
		Offset 040:	00 80 00 80 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	01 A8 03 40 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 70 01 00 F8 00 E0 FE 00 00 00 00 00 00 00 00
		Offset 090:	60 3E 01 81 83 01 00 3E 08 42 5C 01 00 00 00 00
		Offset 0A0:	E0 00 00 00 39 00 00 00 12 B0 10 00 48 00 00 00
		Offset 0B0:	13 00 06 03 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 05 08 00 00 00 00

		B00 D1F F03:	Intel Panther Point PCH - SMBus Controller [C-1]

		Offset 000:	86 80 22 1E 03 00 80 02 04 00 05 0C 00 00 00 00
		Offset 010:	04 50 D1 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	41 F0 00 00 00 00 00 00 00 00 00 00 4D 14 06 C7
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 FF 03 00 00
		Offset 040:	01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	03 04 04 00 00 00 08 08 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 05 08 00 00 00 00

		B00 D1F F06:	Intel Panther Point PCH - Thermal Management Controller [C-1]

		Offset 000:	86 80 24 1E 00 00 10 00 04 00 80 11 00 00 00 00
		Offset 010:	04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 4D 14 06 C7
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 FF 03 00 00
		Offset 040:	05 00 A0 DF 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	01 00 23 00 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 05 08 00 00 00 00

		B01 D00 F00:	Intel Centrino Advanced-N 6235 AGN 2x2 HMC WiFi/Bluetooth Adapter

		Offset 000:	86 80 8E 08 06 04 10 00 24 00 80 02 10 00 00 00
		Offset 010:	04 E0 CF F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 86 80 60 40
		Offset 030:	00 00 00 00 C8 00 00 00 00 00 00 00 00 01 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 01 D0 23 C8 00 00 00 0D
		Offset 0D0:	05 E0 81 00 D8 02 E0 FE 00 00 00 00 00 00 00 00
		Offset 0E0:	10 00 01 00 C0 8E 00 10 00 08 19 00 11 EC 06 00
		Offset 0F0:	43 00 11 10 00 00 00 00 00 00 00 00 00 00 00 00

		B02 D00 F00:	Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter

		Offset 000:	EC 10 68 81 07 04 10 00 06 00 00 02 10 00 00 00
		Offset 010:	01 E0 00 00 00 00 00 00 0C 40 00 F0 00 00 00 00
		Offset 020:	0C 00 00 F0 00 00 00 00 00 00 00 00 4D 14 06 C7
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 00 01 00 00
		Offset 040:	01 50 C3 FF 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	05 70 80 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	10 B0 02 02 C0 8C 90 05 00 50 19 00 11 7C 07 00
		Offset 080:	43 00 11 10 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 1F 00 00 00 10 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	11 D0 03 80 04 00 00 00 04 08 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-0154:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 4000:	BB 8B 1C 00 65 64 18 0C 20 32 04 0A B4 58 00 00
		Offset 4010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00
		Offset 4020:	05 00 10 00 26 20 20 20 01 00 0E 00 00 00 00 00

		PCI-8086-0154:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 4280:	00 00 00 00 00 00 0C 00 00 00 00 00 44 00 00 00
		Offset 4290:	80 40 00 00 FF 98 00 00 60 18 D0 6C 58 02 00 00
		Offset 42A0:	01 10 00 00 00 82 F8 41 00 00 00 00 01 00 00 00

		PCI-8086-0154:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 4400:	BB 8B 1C 00 65 64 18 0C 20 42 04 0A B4 58 00 00
		Offset 4410:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00
		Offset 4420:	05 00 10 00 27 20 20 20 02 00 0E 00 00 00 00 00

		PCI-8086-0154:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 4680:	00 00 00 00 00 00 0C 00 00 00 00 00 44 00 00 00
		Offset 4690:	80 40 00 00 FF 98 00 00 60 18 D0 6C 58 02 00 00
		Offset 46A0:	01 10 00 00 00 82 F8 41 00 00 00 00 01 00 00 00

		PCI-8086-0154:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 4800:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4810:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-0154:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 4A80:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4A90:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-0154:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 5000:	24 00 00 00 10 00 60 00 08 00 60 00 00 00 60 00
		Offset 5010:	00 00 00 00 00 00 10 08 00 00 00 00 00 00 00 00

		PCI-8086-0154:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 5880:	E7 71 91 CA 00 00 00 00 D0 DA E4 00 00 00 00 00
		Offset 5890:	1D CE F8 01 31 DD 27 01 00 00 00 00 00 00 00 00
		Offset 58A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 5900:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 5910:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 5920:	00 00 00 00 08 00 00 00 BA 6F 35 1E D5 FF 16 03
		Offset 5930:	18 01 C0 00 00 00 10 00 03 10 0A 00 A4 89 94 31
		Offset 5940:	4B D6 9C 26 23 D2 77 00 00 07 00 00 00 00 00 00
		Offset 5950:	00 00 00 00 00 00 10 00 00 1A 01 E0 00 0C 08 00
		Offset 5960:	F1 EF 83 F9 DE EC 31 CC 3D F7 0F 65 3D 83 91 D5
		Offset 5970:	20 F4 66 AE 20 F4 66 AE 35 00 00 00 35 00 00 00
		Offset 5980:	35 00 00 00 FB AB 3C 20 00 00 00 00 00 00 00 00
		Offset 5990:	FF 00 00 00 FF 00 00 00 16 0D 07 00 00 12 69 05
		Offset 59A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 59B0:	80 03 00 80 94 14 14 18 70 01 00 80 94 14 14 18
		Offset 59C0:	00 00 34 88 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-0154:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 5E00:	06 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00
		Offset 5E10:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-1E24:	Intel 5/6/7/8/9/10-series PCH TBARB @ DFA00000h

		Offset 00:	01 BA 00 E1 2B 3A 00 00 82 00 3C 00 00 00 C0 00
		Offset 10:	00 00 40 1A 87 DE 8C 80 00 00 E0 10 00 00 00 00
		Offset 20:	00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 30:	00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 80
		Offset 40:	01 02 00 FF 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 50:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 60:	00 00 00 00 00 00 00 00 00 00 00 00 20 1B 16 05
		Offset 70:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 80:	01 01 00 04 62 62 00 FF 00 00 00 00 00 00 00 00
		Offset 90:	FA AE 74 1C 00 00 00 00 00 00 00 00 00 00 00 00
		Offset A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset C0:	01 01 00 00 00 00 00 FF 00 00 00 00 00 00 00 00
		Offset D0:	00 00 00 00 00 00 00 00 3D 00 C6 00 00 00 00 00
		Offset E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Debug - Video BIOS


		C000:0000	................................................................
		C000:0040	................................................................
		C000:0080	................................................................
		C000:00C0	................................................................
		C000:0100	................................................................
		C000:0140	................................................................
		C000:0180	................................................................
		C000:01C0	................................................................
		C000:0200	................................................................
		C000:0240	................................................................
		C000:0280	................................................................
		C000:02C0	................................................................
		C000:0300	................................................................
		C000:0340	................................................................
		C000:0380	................................................................
		C000:03C0	................................................................

Debug - Unknown


		Optical	Microsoft Virtual DVD-ROM

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.