Report of <DESKTOP-8V8TQ92>

Navigation

AIDA64 Extreme


		Version	AIDA64 v5.80.4000
		Benchmark Module	4.3.712-x64
		Homepage	http://www.aida64.com/
		Report Type	Quick Report [ TRIAL VERSION ]
		Computer	DESKTOP-8V8TQ92
		Generator	Draku
		Operating System	Microsoft Windows 10 Pro 10.0.14393.447 (Win10 RS1)
		Date	2017-01-18
		Time	17:58

Summary


Computer:
	Computer Type	ACPI x64-based PC
	Operating System	Microsoft Windows 10 Pro
	OS Service Pack	[ TRIAL VERSION ]
	Internet Explorer	11.447.14393.0
	Edge	38.14393.0.0
	DirectX	DirectX 12.0
	Computer Name	DESKTOP-8V8TQ92
	User Name	Draku
	Logon Domain	[ TRIAL VERSION ]
	Date / Time	2017-01-18 / 17:58

Motherboard:
	CPU Type	QuadCore Intel Core i7-2600, 3500 MHz (35 x 100)
	Motherboard Name	Gigabyte GA-Z77-DS3H (2 PCI, 2 PCI-E x1, 2 PCI-E x16, 1 mSATA, 4 DDR3 DIMM, Audio, Video, Gigabit LAN)
	Motherboard Chipset	Intel Panther Point Z77, Intel Sandy Bridge
	System Memory	[ TRIAL VERSION ]
	DIMM2: Corsair Vengeance CMZ8GX3M2A1600C9	[ TRIAL VERSION ]
	DIMM4: Corsair Vengeance CMZ8GX3M2A1600C9	[ TRIAL VERSION ]
	BIOS Type	AMI (09/19/2012)
	Communication Port	Communications Port (COM1)

Display:
	Video Adapter	AMD Radeon HD 7700 Series (1 GB)
	Video Adapter	AMD Radeon HD 7700 Series (1 GB)
	Video Adapter	AMD Radeon HD 7700 Series (1 GB)
	Video Adapter	AMD Radeon HD 7700 Series (1 GB)
	Video Adapter	AMD Radeon HD 7700 Series (1 GB)
	Video Adapter	AMD Radeon HD 7700 Series (1 GB)
	3D Accelerator	AMD Radeon HD 7750 (Cape Verde)
	Monitor	LG UltraWide (HDMI) (2611277909)

Multimedia:
	Audio Adapter	ATI Radeon HDMI @ AMD Cape Verde/Pitcairn/Curacao/Heathrow/Chelsea/Venus - High Definition Audio Controller
	Audio Adapter	Realtek ALC887 @ Intel Panther Point PCH - High Definition Audio Controller [C-1]

Storage:
	IDE Controller	Standard SATA AHCI Controller
	Storage Controller	Microsoft Storage Spaces Controller
	Disk Drive	Kingston DataTraveler 3.0 USB Device (14 GB, USB)
	Disk Drive	Samsung SSD 850 EVO mSATA 500GB (500 GB, SATA-III)
	Disk Drive	WDC WD600BEVS-60LAT0 (60 GB, 5400 RPM, SATA)
	SMART Hard Disks Status	FAIL

Partitions:
	C: (NTFS)	[ TRIAL VERSION ]
	D: (NTFS)	57240 MB (23154 MB free)
	Total Size	[ TRIAL VERSION ]

Input:
	Keyboard	HID Keyboard Device
	Keyboard	HID Keyboard Device
	Mouse	HID-compliant mouse

Network:
	Primary IP Address	[ TRIAL VERSION ]
	Primary MAC Address	90-2B-34-DD-8C-3B
	Network Adapter	Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30) (192. [ TRIAL VERSION ])

Peripherals:
	USB2 Controller	Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1]
	USB2 Controller	Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1]
	USB3 Controller	Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1]
	USB Device	Generic USB Hub
	USB Device	Generic USB Hub
	USB Device	USB Composite Device
	USB Device	USB Composite Device
	USB Device	USB Input Device
	USB Device	USB Input Device
	USB Device	USB Input Device
	USB Device	USB Input Device
	USB Device	USB Mass Storage Device

DMI:
	DMI BIOS Vendor	American Megatrends Inc.
	DMI BIOS Version	F9
	DMI System Manufacturer	Gigabyte Technology Co., Ltd.
	DMI System Product	To be filled by O.E.M.
	DMI System Version	To be filled by O.E.M.
	DMI System Serial Number	[ TRIAL VERSION ]
	DMI System UUID	[ TRIAL VERSION ]
	DMI Motherboard Manufacturer	Gigabyte Technology Co., Ltd.
	DMI Motherboard Product	Z77-DS3H
	DMI Motherboard Version	x.x
	DMI Motherboard Serial Number	[ TRIAL VERSION ]
	DMI Chassis Manufacturer	Gigabyte Technology Co., Ltd.
	DMI Chassis Version	To Be Filled By O.E.M.
	DMI Chassis Serial Number	[ TRIAL VERSION ]
	DMI Chassis Asset Tag	[ TRIAL VERSION ]
	DMI Chassis Type	Desktop Case

Computer Name


Type	Class	Computer Name
Computer Comment	Logical
NetBIOS Name	Logical	DESKTOP-8V8TQ92
DNS Host Name	Logical	DESKTOP-8V8TQ92
DNS Domain Name	Logical
Fully Qualified DNS Name	Logical	DESKTOP-8V8TQ92
NetBIOS Name	Physical	DESKTOP-8V8TQ92
DNS Host Name	Physical	DESKTOP-8V8TQ92
DNS Domain Name	Physical
Fully Qualified DNS Name	Physical	DESKTOP-8V8TQ92

DMI


[ BIOS ]

	BIOS Properties:
		Vendor	American Megatrends Inc.
		Version	F9
		Release Date	09/19/2012
		Size	8 MB
		System BIOS Version	4.6
		Boot Devices	Floppy Disk, Hard Disk, CD-ROM
		Capabilities	Flash BIOS, Shadow BIOS, Selectable Boot, EDD, BBS
		Supported Standards	DMI, ACPI, UEFI
		Expansion Capabilities	PCI, USB
		Virtual Machine	No

	BIOS Manufacturer:
		Company Name	American Megatrends Inc.
		Product Information	http://www.ami.com/amibios
		BIOS Upgrades	http://www.aida64.com/bios-updates

[ System ]

	System Properties:
		Manufacturer	Gigabyte Technology Co., Ltd.
		Product	To be filled by O.E.M.
		Version	To be filled by O.E.M.
		Serial Number	[ TRIAL VERSION ]
		SKU#	To be filled by O.E.M.
		Family	To be filled by O.E.M.
		Universal Unique ID	[ TRIAL VERSION ]
		Wake-Up Type	Power Switch

[ Motherboard ]

	Motherboard Properties:
		Manufacturer	Gigabyte Technology Co., Ltd.
		Product	Z77-DS3H
		Version	x.x
		Serial Number	[ TRIAL VERSION ]
		Asset Tag	[ TRIAL VERSION ]
		Asset Tag	[ TRIAL VERSION ]
		Asset Tag	[ TRIAL VERSION ]

	Motherboard Manufacturer:
		Company Name	Gigabyte Technology Co., Ltd.
		Product Information	http://www.gigabyte.com/products/main.aspx?s=42
		BIOS Download	http://www.gigabyte.com/support-downloads/download-center.aspx
		Driver Update	http://www.aida64.com/driver-updates
		BIOS Upgrades	http://www.aida64.com/bios-updates

[ Chassis ]

	Chassis Properties:
		Manufacturer	Gigabyte Technology Co., Ltd.
		Version	To Be Filled By O.E.M.
		Serial Number	[ TRIAL VERSION ]
		Asset Tag	[ TRIAL VERSION ]
		Chassis Type	Desktop Case
		Boot-Up State	Safe
		Power Supply State	Safe
		Thermal State	Safe
		Security Status	None

[ Processors / Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz ]

	Processor Properties:
		Manufacturer	Intel
		Version	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
		Asset Tag	Fill By OEM
		Part Number	Fill By OEM
		External Clock	100 MHz
		Maximum Clock	7000 MHz
		Current Clock	3500 MHz
		Type	Central Processor
		Voltage	1.2 V
		Status	Enabled
		Socket Designation	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
		HTT / CMP Units	0 / 4
		Capabilities	64-bit

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Core%20i7-2600
		Driver Update	http://www.aida64.com/driver-updates

[ Caches / CPU Internal L1 ]

	Cache Properties:
		Type	Internal
		Status	Enabled
		Operational Mode	Write-Through
		Associativity	16-way Set-Associative
		Maximum Size	128 KB
		Installed Size	128 KB
		Error Correction	Parity
		Socket Designation	CPU Internal L1

[ Caches / CPU Internal L2 ]

	Cache Properties:
		Type	Instruction
		Status	Enabled
		Operational Mode	Write-Through
		Associativity	16-way Set-Associative
		Maximum Size	1024 KB
		Installed Size	1024 KB
		Error Correction	Multi-bit ECC
		Socket Designation	CPU Internal L2

[ Caches / CPU Internal L3 ]

	Cache Properties:
		Type	Instruction
		Status	Enabled
		Operational Mode	Write-Back
		Maximum Size	8192 KB
		Installed Size	8192 KB
		Error Correction	Multi-bit ECC
		Socket Designation	CPU Internal L3

[ Memory Arrays / System Memory ]

	Memory Array Properties:
		Location	Motherboard
		Memory Array Function	System Memory
		Error Correction	None
		Max. Memory Capacity	32 GB
		Memory Devices	4

[ Memory Devices / ChannelA-DIMM0 ]

	Memory Device Properties:
		Form Factor	DIMM
		Device Locator	ChannelA-DIMM0
		Bank Locator	BANK 0
		Manufacturer	[Empty]
		Serial Number	[Empty]
		Asset Tag	9876543210
		Part Number	[Empty]

[ Memory Devices / ChannelA-DIMM1 ]

	Memory Device Properties:
		Form Factor	DIMM
		Type	DDR3
		Type Detail	Synchronous
		Size	4 GB
		Max. Clock Speed	1333 MHz
		Current Clock Speed	1333 MHz
		Total Width	64-bit
		Data Width	64-bit
		Ranks	2
		Device Locator	ChannelA-DIMM1
		Bank Locator	BANK 1
		Manufacturer	029E
		Serial Number	00000000
		Asset Tag	9876543210
		Part Number	CMZ8GX3M2A1600C9

[ Memory Devices / ChannelB-DIMM0 ]

	Memory Device Properties:
		Form Factor	DIMM
		Device Locator	ChannelB-DIMM0
		Bank Locator	BANK 2
		Manufacturer	[Empty]
		Serial Number	[Empty]
		Asset Tag	9876543210
		Part Number	[Empty]

[ Memory Devices / ChannelB-DIMM1 ]

	Memory Device Properties:
		Form Factor	DIMM
		Type	DDR3
		Type Detail	Synchronous
		Size	4 GB
		Max. Clock Speed	1333 MHz
		Current Clock Speed	1333 MHz
		Total Width	64-bit
		Data Width	64-bit
		Ranks	2
		Device Locator	ChannelB-DIMM1
		Bank Locator	BANK 3
		Manufacturer	029E
		Serial Number	00000000
		Asset Tag	9876543210
		Part Number	CMZ8GX3M2A1600C9

[ System Slots / J6B2 ]

	System Slot Properties:
		Slot Designation	J6B2
		Type	PCI-E
		Usage	In Use
		Data Bus Width	x16
		Length	Long

[ System Slots / J6B1 ]

	System Slot Properties:
		Slot Designation	J6B1
		Type	PCI-E
		Usage	In Use
		Data Bus Width	x1
		Length	Short

[ System Slots / J6D1 ]

	System Slot Properties:
		Slot Designation	J6D1
		Type	PCI-E
		Usage	In Use
		Data Bus Width	x8
		Length	Short

[ System Slots / J7B1 ]

	System Slot Properties:
		Slot Designation	J7B1
		Type	PCI-E
		Usage	In Use
		Data Bus Width	x16
		Length	Short

[ System Slots / J8B4 ]

	System Slot Properties:
		Slot Designation	J8B4
		Type	PCI-E
		Usage	In Use
		Data Bus Width	x1
		Length	Short

[ System Slots / J8B3 ]

	System Slot Properties:
		Slot Designation	J8B3
		Type	PCI
		Usage	In Use
		Data Bus Width	32-bit
		Length	Short

[ Port Connectors / PS2Mouse ]

	Port Connector Properties:
		Port Type	Mouse Port
		Internal Reference Designator	J1A1
		Internal Connector Type	None
		External Reference Designator	PS2Mouse
		External Connector Type	PS/2

[ Port Connectors / Keyboard ]

	Port Connector Properties:
		Port Type	Keyboard Port
		Internal Reference Designator	J1A1
		Internal Connector Type	None
		External Reference Designator	Keyboard
		External Connector Type	PS/2

[ Port Connectors / TV Out ]

	Port Connector Properties:
		Internal Reference Designator	J2A1
		Internal Connector Type	None
		External Reference Designator	TV Out
		External Connector Type	Mini-Centronics Type-14

[ Port Connectors / COM A ]

	Port Connector Properties:
		Port Type	Serial Port 16550A Compatible
		Internal Reference Designator	J2A2A
		Internal Connector Type	None
		External Reference Designator	COM A
		External Connector Type	DB-9 pin male

[ Port Connectors / Video ]

	Port Connector Properties:
		Port Type	Video Port
		Internal Reference Designator	J2A2B
		Internal Connector Type	None
		External Reference Designator	Video
		External Connector Type	DB-15 pin female

[ Port Connectors / USB1 ]

	Port Connector Properties:
		Port Type	USB
		Internal Reference Designator	J3A1
		Internal Connector Type	None
		External Reference Designator	USB1
		External Connector Type	USB

[ Port Connectors / USB2 ]

	Port Connector Properties:
		Port Type	USB
		Internal Reference Designator	J3A1
		Internal Connector Type	None
		External Reference Designator	USB2
		External Connector Type	USB

[ Port Connectors / USB3 ]

	Port Connector Properties:
		Port Type	USB
		Internal Reference Designator	J3A1
		Internal Connector Type	None
		External Reference Designator	USB3
		External Connector Type	USB

[ Port Connectors / J9A1 - TPM HDR ]

	Port Connector Properties:
		Internal Reference Designator	J9A1 - TPM HDR
		External Connector Type	None

[ Port Connectors / J9C1 - PCIE DOCKING CONN ]

	Port Connector Properties:
		Internal Reference Designator	J9C1 - PCIE DOCKING CONN
		External Connector Type	None

[ Port Connectors / J2B3 - CPU FAN ]

	Port Connector Properties:
		Internal Reference Designator	J2B3 - CPU FAN
		External Connector Type	None

[ Port Connectors / J6C2 - EXT HDMI ]

	Port Connector Properties:
		Internal Reference Designator	J6C2 - EXT HDMI
		External Connector Type	None

[ Port Connectors / J3C1 - GMCH FAN ]

	Port Connector Properties:
		Internal Reference Designator	J3C1 - GMCH FAN
		External Connector Type	None

[ Port Connectors / J1D1 - ITP ]

	Port Connector Properties:
		Internal Reference Designator	J1D1 - ITP
		External Connector Type	None

[ Port Connectors / J9E2 - MDC INTPSR ]

	Port Connector Properties:
		Internal Reference Designator	J9E2 - MDC INTPSR
		External Connector Type	None

[ Port Connectors / J9E4 - MDC INTPSR ]

	Port Connector Properties:
		Internal Reference Designator	J9E4 - MDC INTPSR
		External Connector Type	None

[ Port Connectors / J9E3 - LPC HOT DOCKING ]

	Port Connector Properties:
		Internal Reference Designator	J9E3 - LPC HOT DOCKING
		External Connector Type	None

[ Port Connectors / J9E1 - SCAN MATRIX ]

	Port Connector Properties:
		Internal Reference Designator	J9E1 - SCAN MATRIX
		External Connector Type	None

[ Port Connectors / J9G1 - LPC SIDE BAND ]

	Port Connector Properties:
		Internal Reference Designator	J9G1 - LPC SIDE BAND
		External Connector Type	None

[ Port Connectors / J8F1 - UNIFIED ]

	Port Connector Properties:
		Internal Reference Designator	J8F1 - UNIFIED
		External Connector Type	None

[ Port Connectors / J6F1 - LVDS ]

	Port Connector Properties:
		Internal Reference Designator	J6F1 - LVDS
		External Connector Type	None

[ Port Connectors / J2F1 - LAI FAN ]

	Port Connector Properties:
		Internal Reference Designator	J2F1 - LAI FAN
		External Connector Type	None

[ Port Connectors / J2G1 - GFX VID ]

	Port Connector Properties:
		Internal Reference Designator	J2G1 - GFX VID
		External Connector Type	None

[ Port Connectors / J1G6 - AC JACK ]

	Port Connector Properties:
		Internal Reference Designator	J1G6 - AC JACK
		External Connector Type	None

[ On-Board Devices / To Be Filled By O.E.M. ]

	On-Board Device Properties:
		Description	To Be Filled By O.E.M.
		Type	Video
		Status	Enabled

[ On-Board Devices / Onboard LAN ]

	On-Board Device Properties:
		Description	Onboard LAN
		Type	Ethernet
		Status	Enabled
		Bus / Device / Function	0 / 25 / 0

[ Power Supplies / To Be Filled By O.E.M. ]

	Power Supply Properties:
		Device Name	To Be Filled By O.E.M.
		Manufacturer	To Be Filled By O.E.M.
		Serial Number	To Be Filled By O.E.M.
		Asset Tag	To Be Filled By O.E.M.
		Part Number	To Be Filled By O.E.M.
		Type	Switching
		Location	To Be Filled By O.E.M.
		Status	OK
		Hot Replaceable	No

[ Temperature Probes / LM78A ]

	Device Properties:
		Device Description	LM78A

[ Temperature Probes / LM78A ]

	Device Properties:
		Device Description	LM78A
		Location	Power Unit
		Status	OK

[ Voltage Probes / LM78A ]

	Device Properties:
		Device Description	LM78A

[ Voltage Probes / LM78A ]

	Device Properties:
		Device Description	LM78A
		Location	Power Unit
		Status	OK

[ Electrical Current Probes / ABC ]

	Device Properties:
		Device Description	ABC

[ Electrical Current Probes / ABC ]

	Device Properties:
		Device Description	ABC
		Location	Power Unit
		Status	OK

[ Cooling Device / Cooling Dev 1 ]

	Device Properties:
		Device Description	Cooling Dev 1

[ Cooling Device / Cooling Device #2 ]

	Device Properties:

[ Cooling Device / Cooling Dev 1 ]

	Device Properties:
		Device Description	Cooling Dev 1
		Device Type	Power Supply Fan
		Status	OK

[ Management Devices / LM78-1 ]

	Management Device Properties:
		Description	LM78-1

[ Intel vPro ]

	Intel vPro Properties:
		ME Firmware Version	8.1.0.1248
		PCH PCI Bus / Device / Function	0 / 31 / 0
		PCH PCI Device ID	8086-1E44
		Wired NIC PCI Bus / Device / Function	0 / 25 / 0
		Wired NIC PCI Device ID	8086-FFFF
		AMT	Not Supported
		Anti-Theft	Supported, Disabled
		Anti-Theft PBA for Recovery	Supported
		Anti-Theft WWAN	Not Supported
		BIOS TXT	Supported
		BIOS VT-d	Supported
		BIOS VT-x	Supported
		CPU VT-x	Supported, Disabled
		CPU TXT	Supported, Disabled
		KVM	Not Supported
		Local Wakeup Timer	Not Supported
		Management Engine	Enabled
		Small Business Advantage	Not Supported
		Standard Manageability	Not Supported

[ Miscellaneous ]

	Miscellaneous:
		OEM String	To Be Filled By O.E.M.
		System Configuration Option	To Be Filled By O.E.M.

Overclock


CPU Properties:
	CPU Type	QuadCore Intel Core i7-2600
	CPU Alias	Sandy Bridge-DT
	CPU Stepping	D2
	Engineering Sample	No
	CPUID CPU Name	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
	CPUID Revision	000206A7h
	CPU VID	1.2510 V

CPU Speed:
	CPU Clock	3503.4 MHz (original: [ TRIAL VERSION ] MHz, overclock: 3%)
	CPU Multiplier	35x
	CPU FSB	100.1 MHz (original: 100 MHz)
	North Bridge Clock	3503.4 MHz
	Memory Bus	667.3 MHz
	DRAM:FSB Ratio	20:3

CPU Cache:
	L1 Code Cache	32 KB per core
	L1 Data Cache	[ TRIAL VERSION ]
	L2 Cache	256 KB per core (On-Die, ECC, Full-Speed)
	L3 Cache	8 MB (On-Die, ECC, Full-Speed)

Motherboard Properties:
	Motherboard ID	63-0100-000001-00101111-122211-Chipset$Z77-DS3H_BIOS DATE: 09/19/12 18:20:20 VER: 04.06.05
	Motherboard Name	Gigabyte GA-Z77-DS3H (2 PCI, 2 PCI-E x1, 2 PCI-E x16, 1 mSATA, 4 DDR3 DIMM, Audio, Video, Gigabit LAN)

Chipset Properties:
	Motherboard Chipset	Intel Panther Point Z77, Intel Sandy Bridge
	Memory Timings	9-9-9-24 (CL-RCD-RP-RAS)
	Command Rate (CR)	[ TRIAL VERSION ]
	DIMM2: Corsair Vengeance CMZ8GX3M2A1600C9	[ TRIAL VERSION ]
	DIMM4: Corsair Vengeance CMZ8GX3M2A1600C9	[ TRIAL VERSION ]

BIOS Properties:
	System BIOS Date	09/19/2012
	Video BIOS Date	05/28/12
	DMI BIOS Version	F9

Graphics Processor Properties:
	Video Adapter	MSI R7750 (MS-V279)
	GPU Code Name	Cape Verde Pro (PCI Express 3.0 x16 1002 / 683F, Rev 00)
	GPU Clock	300 MHz (original: [ TRIAL VERSION ] MHz)
	Memory Clock	150 MHz (original: 1125 MHz)

Power Management


Power Management Properties:
	Current Power Source	AC Line
	Battery Status	No Battery
	Full Battery Lifetime	Unknown
	Remaining Battery Lifetime	Unknown

Portable Computer


Centrino (Carmel) Platform Compliancy:
	CPU: Intel Pentium M (Banias/Dothan)	No (Intel Core i7-2600)
	Chipset: Intel i855GM/PM	No (Intel Panther Point Z77, Intel Sandy Bridge)
	WLAN: Intel PRO/Wireless	No
	System: Centrino Compliant	No

Centrino (Sonoma) Platform Compliancy:
	CPU: Intel Pentium M (Dothan)	No (Intel Core i7-2600)
	Chipset: Intel i915GM/PM	No (Intel Panther Point Z77, Intel Sandy Bridge)
	WLAN: Intel PRO/Wireless 2200/2915	No
	System: Centrino Compliant	No

Centrino (Napa) Platform Compliancy:
	CPU: Intel Core (Yonah) / Core 2 (Merom)	No (Intel Core i7-2600)
	Chipset: Intel i945GM/PM	No (Intel Panther Point Z77, Intel Sandy Bridge)
	WLAN: Intel PRO/Wireless 3945/3965	No
	System: Centrino Compliant	No

Centrino (Santa Rosa) Platform Compliancy:
	CPU: Intel Core 2 (Merom/Penryn)	No (Intel Core i7-2600)
	Chipset: Intel GM965/PM965	No (Intel Panther Point Z77, Intel Sandy Bridge)
	WLAN: Intel Wireless WiFi Link 4965	No
	System: Centrino Compliant	No

Centrino 2 (Montevina) Platform Compliancy:
	CPU: Intel Core 2 (Penryn)	No (Intel Core i7-2600)
	Chipset: Mobile Intel 4 Series	No (Intel Panther Point Z77, Intel Sandy Bridge)
	WLAN: Intel WiFi Link 5000 Series	No
	System: Centrino 2 Compliant	No

Centrino (Calpella) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Arrandale/Clarksfield)	No (Intel Core i7-2600)
	Chipset: Mobile Intel 5 Series	No (Intel Panther Point Z77, Intel Sandy Bridge)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Centrino (Huron River) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Sandy Bridge-MB)	No (Intel Core i7-2600)
	Chipset: Mobile Intel 6 Series	No (Intel Panther Point Z77, Intel Sandy Bridge)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Centrino (Chief River) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Ivy Bridge-MB)	No (Intel Core i7-2600)
	Chipset: Mobile Intel 7 Series	No (Intel Panther Point Z77, Intel Sandy Bridge)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Centrino (Shark Bay-MB) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Haswell-MB)	No (Intel Core i7-2600)
	Chipset: Mobile Intel 8/9 Series	No (Intel Panther Point Z77, Intel Sandy Bridge)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Sensor


Sensor Properties:
	Sensor Type	ITE IT8728F (ISA A30h)
	GPU Sensor Type	Diode (ATI-Diode)
	Motherboard Name	Gigabyte B75-D3V / H77-D3H / H77-DS3H / Z77-D3H / Z77-DS3H / Z77-HD3 / Z77-HD4
	Chassis Intrusion Detected	Yes

Temperatures:
	Motherboard	25 °C (77 °F)
	CPU	41 °C (106 °F)
	CPU Package	51 °C (124 °F)
	CPU IA Cores	51 °C (124 °F)
	CPU GT Cores	44 °C (111 °F)
	CPU #1 / Core #1	47 °C (117 °F)
	CPU #1 / Core #2	50 °C (122 °F)
	CPU #1 / Core #3	46 °C (115 °F)
	CPU #1 / Core #4	51 °C (124 °F)
	PCH Diode	48 °C (119 °F)
	GPU Diode	29 °C (84 °F)
	WDC WD600BEVS-60LAT0	[ TRIAL VERSION ]
	Samsung SSD 850 EVO mSATA 500GB	[ TRIAL VERSION ]

Cooling Fans:
	CPU	1190 RPM
	Chassis #3	1369 RPM
	GPU	40%

Voltage Values:
	CPU Core	1.176 V
	+3.3 V	3.324 V
	+12 V	[ TRIAL VERSION ]
	VTT	1.068 V
	DIMM	1.536 V
	GPU Core	[ TRIAL VERSION ]

Power Values:
	CPU Package	31.53 W
	CPU IA Cores	24.90 W
	CPU GT Cores	[ TRIAL VERSION ]
	CPU Uncore	6.52 W
	Debug Info F	0237 FFFF FFFF 01ED FFFF
	Debug Info T	25 25 41
	Debug Info V	59 A8 AA AC 01 62 80 8C 80

CPU


CPU Properties:
	CPU Type	QuadCore Intel Core i7-2600, 3500 MHz (35 x 100)
	CPU Alias	Sandy Bridge-DT
	CPU Stepping	D2
	Instruction Set	x86, x86-64, MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AVX, AES
	Original Clock	[ TRIAL VERSION ]
	Min / Max CPU Multiplier	16x / 42x
	Engineering Sample	No
	L1 Code Cache	32 KB per core
	L1 Data Cache	[ TRIAL VERSION ]
	L2 Cache	256 KB per core (On-Die, ECC, Full-Speed)
	L3 Cache	8 MB (On-Die, ECC, Full-Speed)

CPU Physical Info:
	Package Type	1155 Contact FC-LGA
	Package Size	37.5 mm x 37.5 mm
	Transistors	[ TRIAL VERSION ] million
	Process Technology	32 nm, CMOS, Cu, High-K + Metal Gate
	Die Size	[ TRIAL VERSION ] mm2
	Typical Power	95 W

CPU Manufacturer:
	Company Name	Intel Corporation
	Product Information	http://ark.intel.com/search.aspx?q=Intel%20Core%20i7-2600
	Driver Update	http://www.aida64.com/driver-updates

Multi CPU:
	Motherboard ID	ALASKA A M I
	CPU #1	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 3403 MHz
	CPU #2	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 3403 MHz
	CPU #3	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 3403 MHz
	CPU #4	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 3403 MHz
	CPU #5	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 3403 MHz
	CPU #6	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 3403 MHz
	CPU #7	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 3403 MHz
	CPU #8	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 3403 MHz

CPU Utilization:
	CPU #1 / Core #1 / HTT Unit #1	75%
	CPU #1 / Core #1 / HTT Unit #2	25%
	CPU #1 / Core #2 / HTT Unit #1	100%
	CPU #1 / Core #2 / HTT Unit #2	25%
	CPU #1 / Core #3 / HTT Unit #1	25%
	CPU #1 / Core #3 / HTT Unit #2	25%
	CPU #1 / Core #4 / HTT Unit #1	50%
	CPU #1 / Core #4 / HTT Unit #2	0%

CPUID


CPUID Properties:
	CPUID Manufacturer	GenuineIntel
	CPUID CPU Name	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
	CPUID Revision	000206A7h
	IA Brand ID	00h (Unknown)
	Platform ID	41h / MC 02h (LGA1155)
	Microcode Update Revision	29h
	HTT / CMP Units	2 / 4
	Tjmax Temperature	98 °C (208 °F)
	CPU Thermal Design Power	95 W
	CPU IA Cores Thermal Design Current	300 A
	CPU GT Cores Thermal Design Current	300 A
	CPU Max Power Limit	Unlimited Power / Unlimited Time
	CPU Power Limit 1 (Long Duration)	1000 W / Unlimited Time (Unlocked)
	CPU Power Limit 2 (Short Duration)	1200 W / Unlimited Time (Unlocked)
	Max Turbo Boost Multipliers	1C: 38x, 2C: 37x, 3C: 36x, 4C: 35x

Instruction Set:
	64-bit x86 Extension (AMD64, Intel64)	Supported
	AMD 3DNow!	Not Supported
	AMD 3DNow! Professional	Not Supported
	AMD 3DNowPrefetch	Not Supported
	AMD Enhanced 3DNow!	Not Supported
	AMD Extended MMX	Not Supported
	AMD FMA4	Not Supported
	AMD MisAligned SSE	Not Supported
	AMD SSE4A	Not Supported
	AMD XOP	Not Supported
	Cyrix Extended MMX	Not Supported
	Enhanced REP MOVSB/STOSB	Not Supported
	Float-16 Conversion Instructions	Not Supported
	IA-64	Not Supported
	IA AES Extensions	Supported
	IA AVX	Supported, Enabled
	IA AVX2	Not Supported
	IA AVX-512 (AVX512F)	Not Supported
	IA AVX-512 52-bit Integer Instructions (AVX512IFMA52)	Not Supported
	IA AVX-512 Byte and Word Instructions (AVX512BW)	Not Supported
	IA AVX-512 Conflict Detection Instructions (AVX512CD)	Not Supported
	IA AVX-512 Doubleword and Quadword Instructions (AVX512DQ)	Not Supported
	IA AVX-512 Exponential and Reciprocal Instructions (AVX512ER)	Not Supported
	IA AVX-512 FMAPS (AVX512_4FMAPS)	Not Supported
	IA AVX-512 Neural Network Instructions (AVX512_4VNNIW)	Not Supported
	IA AVX-512 Prefetch Instructions (AVX512PF)	Not Supported
	IA AVX-512 Vector Bit Manipulation Instructions (AVX512VBMI)	Not Supported
	IA AVX-512 Vector Length Extensions (AVX512VL)	Not Supported
	IA BMI1	Not Supported
	IA BMI2	Not Supported
	IA FMA	Not Supported
	IA MMX	Supported
	IA SHA Extensions	Not Supported
	IA SSE	Supported
	IA SSE2	Supported
	IA SSE3	Supported
	IA Supplemental SSE3	Supported
	IA SSE4.1	Supported
	IA SSE4.2	Supported
	VIA Alternate Instruction Set	Not Supported
	ADCX / ADOX Instruction	Not Supported
	CLFLUSH Instruction	Supported
	CLFLUSHOPT Instruction	Not Supported
	CLWB Instruction	Not Supported
	CMPXCHG8B Instruction	Supported
	CMPXCHG16B Instruction	Supported
	Conditional Move Instruction	Supported
	INVPCID Instruction	Not Supported
	LAHF / SAHF Instruction	Supported
	LZCNT Instruction	Not Supported
	MONITOR / MWAIT Instruction	Supported
	MONITORX / MWAITX Instruction	Not Supported
	MOVBE Instruction	Not Supported
	PCLMULQDQ Instruction	Supported
	PCOMMIT Instruction	Not Supported
	POPCNT Instruction	Supported
	PREFETCHWT1 Instruction	Not Supported
	RDFSBASE / RDGSBASE / WRFSBASE / WRGSBASE Instruction	Not Supported
	RDRAND Instruction	Not Supported
	RDSEED Instruction	Not Supported
	RDTSCP Instruction	Supported
	SKINIT / STGI Instruction	Not Supported
	SYSCALL / SYSRET Instruction	Not Supported
	SYSENTER / SYSEXIT Instruction	Supported
	Trailing Bit Manipulation Instructions	Not Supported
	VIA FEMMS Instruction	Not Supported

Security Features:
	Advanced Cryptography Engine (ACE)	Not Supported
	Advanced Cryptography Engine 2 (ACE2)	Not Supported
	Control-flow Enforcement Technology (CET)	Not Supported
	Data Execution Prevention (DEP, NX, EDB)	Supported
	Hardware Random Number Generator (RNG)	Not Supported
	Hardware Random Number Generator 2 (RNG2)	Not Supported
	Memory Protection Extensions (MPX)	Not Supported
	PadLock Hash Engine (PHE)	Not Supported
	PadLock Hash Engine 2 (PHE2)	Not Supported
	PadLock Montgomery Multiplier (PMM)	Not Supported
	PadLock Montgomery Multiplier 2 (PMM2)	Not Supported
	Processor Serial Number (PSN)	Not Supported
	Protection Keys for User-Mode Pages (PKU)	Not Supported
	Read Processor ID (RDPID)	Not Supported
	Safer Mode Extensions (SMX)	Supported
	Secure Memory Encryption (SME)	Not Supported
	SGX Launch Configuration (SGX_LC)	Not Supported
	Software Guard Extensions (SGX)	Not Supported
	Supervisor Mode Access Prevention (SMAP)	Not Supported
	Supervisor Mode Execution Protection (SMEP)	Not Supported
	User-Mode Instruction Prevention (UMIP)	Not Supported

Power Management Features:
	APM Power Reporting	Not Supported
	Application Power Management (APM)	Not Supported
	Automatic Clock Control	Supported
	Configurable TDP (cTDP)	Not Supported
	Connected Standby	Not Supported
	Core C6 State (CC6)	Not Supported
	Digital Thermometer	Supported
	Dynamic FSB Frequency Switching	Not Supported
	Enhanced Halt State (C1E)	Supported, Enabled
	Enhanced SpeedStep Technology (EIST, ESS)	Supported, Enabled
	Frequency ID Control	Not Supported
	Hardware P-State Control	Not Supported
	Hardware Thermal Control (HTC)	Not Supported
	LongRun	Not Supported
	LongRun Table Interface	Not Supported
	Overstress	Not Supported
	Package C6 State (PC6)	Not Supported
	Parallax	Not Supported
	PowerSaver 1.0	Not Supported
	PowerSaver 2.0	Not Supported
	PowerSaver 3.0	Not Supported
	Processor Duty Cycle Control	Supported
	Running Average Power Limit (RAPL)	Not Supported
	Software Thermal Control	Not Supported
	SpeedShift (SST, HWP)	Not Supported
	Temperature Sensing Diode	Not Supported
	Thermal Monitor 1	Supported
	Thermal Monitor 2	Supported
	Thermal Monitor 3	Not Supported
	Thermal Monitoring	Not Supported
	Thermal Trip	Not Supported
	Voltage ID Control	Not Supported

Virtualization Features:
	Extended Page Table (EPT)	Supported
	Hypervisor	Not Present
	INVEPT Instruction	Supported
	INVVPID Instruction	Supported
	Nested Paging (NPT, RVI)	Not Supported
	Secure Encrypted Virtualization (SEV)	Not Supported
	Secure Virtual Machine (SVM, Pacifica)	Not Supported
	Virtual Machine Extensions (VMX, Vanderpool)	Supported
	Virtual Processor ID (VPID)	Supported

CPUID Features:
	1 GB Page Size	Not Supported
	36-bit Page Size Extension	Supported
	64-bit DS Area	Supported
	Adaptive Overclocking	Not Supported
	Address Region Registers (ARR)	Not Supported
	Code and Data Prioritization Technology (CDP)	Not Supported
	Core Performance Boost (CPB)	Not Supported
	Core Performance Counters	Not Supported
	CPL Qualified Debug Store	Supported
	Data Breakpoint Extension	Not Supported
	Debug Trace Store	Supported
	Debugging Extension	Supported
	Deprecated FPU CS and FPU DS	Not Supported
	Direct Cache Access	Not Supported
	Dynamic Acceleration Technology (IDA)	Not Supported
	Dynamic Configurable TDP (DcTDP)	Not Supported
	Extended APIC Register Space	Not Supported
	Fast Save & Restore	Supported
	Hardware Lock Elision (HLE)	Not Supported
	Hybrid Boost	Not Supported
	Hyper-Threading Technology (HTT)	Supported, Enabled
	Instruction Based Sampling	Not Supported
	Invariant Time Stamp Counter	Supported
	L1 Context ID	Not Supported
	L2I Performance Counters	Not Supported
	Lightweight Profiling	Not Supported
	Local APIC On Chip	Supported
	Machine Check Architecture (MCA)	Supported
	Machine Check Exception (MCE)	Supported
	Memory Configuration Registers (MCR)	Not Supported
	Memory Type Range Registers (MTRR)	Supported
	Model Specific Registers (MSR)	Supported
	NB Performance Counters	Not Supported
	Page Attribute Table (PAT)	Supported
	Page Global Extension	Supported
	Page Size Extension (PSE)	Supported
	Pending Break Event (PBE)	Supported
	Performance Time Stamp Counter (PTSC)	Not Supported
	Physical Address Extension (PAE)	Supported
	Platform Quality of Service Enforcement (PQE)	Not Supported
	Platform Quality of Service Monitoring (PQM)	Not Supported
	Process Context Identifiers (PCID)	Supported
	Processor Feedback Interface	Not Supported
	Processor Trace (PT)	Not Supported
	Restricted Transactional Memory (RTM)	Not Supported
	Self-Snoop	Supported
	Time Stamp Counter (TSC)	Supported
	Time Stamp Counter Adjust	Not Supported
	Turbo Boost	Supported, Enabled
	Virtual Mode Extension	Supported
	Watchdog Timer	Not Supported
	x2APIC	Supported, Enabled
	XGETBV / XSETBV OS Enabled	Supported
	XSAVE / XRSTOR / XSETBV / XGETBV Extended States	Supported
	XSAVEOPT	Supported

CPUID Registers (CPU #1):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000206A7-00100800-1FBAE3FF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000 [SL 00]
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000 [SL 01]
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000 [SL 02]
	CPUID 00000004	1C03C163-03C0003F-00001FFF-00000006 [SL 03]
	CPUID 00000005	00000040-00000040-00000003-00001120
	CPUID 00000006	00000077-00000002-00000009-00000000
	CPUID 00000007	00000000-00000000-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000000 [SL 00]
	CPUID 0000000B	00000004-00000008-00000201-00000000 [SL 01]
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000 [SL 00]
	CPUID 0000000D	00000001-00000000-00000000-00000000 [SL 01]
	CPUID 0000000D	00000100-00000240-00000000-00000000 [SL 02]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-20202020-65746E49-2952286C [ Intel(R)]
	CPUID 80000003	726F4320-4D542865-37692029-3036322D [ Core(TM) i7-260]
	CPUID 80000004	50432030-20402055-30342E33-007A4847 [0 CPU @ 3.40GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #2 Virtual):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000206A7-01100800-1FBAE3FF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000 [SL 00]
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000 [SL 01]
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000 [SL 02]
	CPUID 00000004	1C03C163-03C0003F-00001FFF-00000006 [SL 03]
	CPUID 00000005	00000040-00000040-00000003-00001120
	CPUID 00000006	00000077-00000002-00000009-00000000
	CPUID 00000007	00000000-00000000-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000001 [SL 00]
	CPUID 0000000B	00000004-00000008-00000201-00000001 [SL 01]
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000 [SL 00]
	CPUID 0000000D	00000001-00000000-00000000-00000000 [SL 01]
	CPUID 0000000D	00000100-00000240-00000000-00000000 [SL 02]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-20202020-65746E49-2952286C [ Intel(R)]
	CPUID 80000003	726F4320-4D542865-37692029-3036322D [ Core(TM) i7-260]
	CPUID 80000004	50432030-20402055-30342E33-007A4847 [0 CPU @ 3.40GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #3):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000206A7-02100800-1FBAE3FF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000 [SL 00]
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000 [SL 01]
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000 [SL 02]
	CPUID 00000004	1C03C163-03C0003F-00001FFF-00000006 [SL 03]
	CPUID 00000005	00000040-00000040-00000003-00001120
	CPUID 00000006	00000077-00000002-00000009-00000000
	CPUID 00000007	00000000-00000000-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000002 [SL 00]
	CPUID 0000000B	00000004-00000008-00000201-00000002 [SL 01]
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000 [SL 00]
	CPUID 0000000D	00000001-00000000-00000000-00000000 [SL 01]
	CPUID 0000000D	00000100-00000240-00000000-00000000 [SL 02]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-20202020-65746E49-2952286C [ Intel(R)]
	CPUID 80000003	726F4320-4D542865-37692029-3036322D [ Core(TM) i7-260]
	CPUID 80000004	50432030-20402055-30342E33-007A4847 [0 CPU @ 3.40GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #4 Virtual):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000206A7-03100800-1FBAE3FF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000 [SL 00]
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000 [SL 01]
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000 [SL 02]
	CPUID 00000004	1C03C163-03C0003F-00001FFF-00000006 [SL 03]
	CPUID 00000005	00000040-00000040-00000003-00001120
	CPUID 00000006	00000077-00000002-00000009-00000000
	CPUID 00000007	00000000-00000000-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000003 [SL 00]
	CPUID 0000000B	00000004-00000008-00000201-00000003 [SL 01]
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000 [SL 00]
	CPUID 0000000D	00000001-00000000-00000000-00000000 [SL 01]
	CPUID 0000000D	00000100-00000240-00000000-00000000 [SL 02]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-20202020-65746E49-2952286C [ Intel(R)]
	CPUID 80000003	726F4320-4D542865-37692029-3036322D [ Core(TM) i7-260]
	CPUID 80000004	50432030-20402055-30342E33-007A4847 [0 CPU @ 3.40GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #5):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000206A7-04100800-1FBAE3FF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000 [SL 00]
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000 [SL 01]
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000 [SL 02]
	CPUID 00000004	1C03C163-03C0003F-00001FFF-00000006 [SL 03]
	CPUID 00000005	00000040-00000040-00000003-00001120
	CPUID 00000006	00000077-00000002-00000009-00000000
	CPUID 00000007	00000000-00000000-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000004 [SL 00]
	CPUID 0000000B	00000004-00000008-00000201-00000004 [SL 01]
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000 [SL 00]
	CPUID 0000000D	00000001-00000000-00000000-00000000 [SL 01]
	CPUID 0000000D	00000100-00000240-00000000-00000000 [SL 02]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-20202020-65746E49-2952286C [ Intel(R)]
	CPUID 80000003	726F4320-4D542865-37692029-3036322D [ Core(TM) i7-260]
	CPUID 80000004	50432030-20402055-30342E33-007A4847 [0 CPU @ 3.40GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #6 Virtual):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000206A7-05100800-1FBAE3FF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000 [SL 00]
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000 [SL 01]
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000 [SL 02]
	CPUID 00000004	1C03C163-03C0003F-00001FFF-00000006 [SL 03]
	CPUID 00000005	00000040-00000040-00000003-00001120
	CPUID 00000006	00000077-00000002-00000009-00000000
	CPUID 00000007	00000000-00000000-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000005 [SL 00]
	CPUID 0000000B	00000004-00000008-00000201-00000005 [SL 01]
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000 [SL 00]
	CPUID 0000000D	00000001-00000000-00000000-00000000 [SL 01]
	CPUID 0000000D	00000100-00000240-00000000-00000000 [SL 02]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-20202020-65746E49-2952286C [ Intel(R)]
	CPUID 80000003	726F4320-4D542865-37692029-3036322D [ Core(TM) i7-260]
	CPUID 80000004	50432030-20402055-30342E33-007A4847 [0 CPU @ 3.40GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #7):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000206A7-06100800-1FBAE3FF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000 [SL 00]
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000 [SL 01]
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000 [SL 02]
	CPUID 00000004	1C03C163-03C0003F-00001FFF-00000006 [SL 03]
	CPUID 00000005	00000040-00000040-00000003-00001120
	CPUID 00000006	00000077-00000002-00000009-00000000
	CPUID 00000007	00000000-00000000-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000006 [SL 00]
	CPUID 0000000B	00000004-00000008-00000201-00000006 [SL 01]
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000 [SL 00]
	CPUID 0000000D	00000001-00000000-00000000-00000000 [SL 01]
	CPUID 0000000D	00000100-00000240-00000000-00000000 [SL 02]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-20202020-65746E49-2952286C [ Intel(R)]
	CPUID 80000003	726F4320-4D542865-37692029-3036322D [ Core(TM) i7-260]
	CPUID 80000004	50432030-20402055-30342E33-007A4847 [0 CPU @ 3.40GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #8 Virtual):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000206A7-07100800-1FBAE3FF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000 [SL 00]
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000 [SL 01]
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000 [SL 02]
	CPUID 00000004	1C03C163-03C0003F-00001FFF-00000006 [SL 03]
	CPUID 00000005	00000040-00000040-00000003-00001120
	CPUID 00000006	00000077-00000002-00000009-00000000
	CPUID 00000007	00000000-00000000-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000007 [SL 00]
	CPUID 0000000B	00000004-00000008-00000201-00000007 [SL 01]
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000 [SL 00]
	CPUID 0000000D	00000001-00000000-00000000-00000000 [SL 01]
	CPUID 0000000D	00000100-00000240-00000000-00000000 [SL 02]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-20202020-65746E49-2952286C [ Intel(R)]
	CPUID 80000003	726F4320-4D542865-37692029-3036322D [ Core(TM) i7-260]
	CPUID 80000004	50432030-20402055-30342E33-007A4847 [0 CPU @ 3.40GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

MSR Registers:
	MSR 00000017	0004-0000-0000-0000 [PlatID = 1]
	MSR 0000001B	0000-0000-FEE0-0D00
	MSR 00000035	0000-0000-0004-0008
	MSR 0000008B	0000-0029-0000-0000
	MSR 000000CE	0000-1000-7001-2200 [eD = 0]
	MSR 000000E7	0000-048C-655D-DE3A [S200]
	MSR 000000E7	0000-048C-8BBD-A96D [S200]
	MSR 000000E7	0000-048C-963D-E89B
	MSR 000000E8	0000-02DE-D889-B0D1 [S200]
	MSR 000000E8	0000-02DE-E36D-AAF2 [S200]
	MSR 000000E8	0000-02DE-E8B2-8F62
	MSR 00000194	0000-0000-0008-0000
	MSR 00000198	0000-1F8B-0000-1000
	MSR 00000198	0000-278D-0000-2300 [S200]
	MSR 00000198	0000-2831-0000-2400 [S200]
	MSR 00000199	0000-0000-0000-2600
	MSR 0000019A	0000-0000-0000-0000
	MSR 0000019B	0000-0000-0000-0010
	MSR 0000019C	0000-0000-8833-0000 [S200]
	MSR 0000019C	0000-0000-8835-0000 [S200]
	MSR 0000019C	0000-0000-8836-0000
	MSR 0000019D	0000-0000-0000-0000
	MSR 000001A0	0000-0000-0085-0089
	MSR 000001A2	0000-0000-0062-1200
	MSR 000001A4	0000-0000-0000-0000
	MSR 000001AA	0000-0000-0040-0000
	MSR 000001AC	< FAILED >
	MSR 000001AD	0000-0000-2324-2526
	MSR 000001B0	0000-0000-0000-0006
	MSR 000001B1	0000-0000-8835-0000
	MSR 000001B2	0000-0000-0000-0000
	MSR 000001FC	0000-0000-0004-005F
	MSR 00000300	< FAILED >
	MSR 0000030A	0000-0000-0000-0000
	MSR 0000030A	0000-0000-0000-0000 [S200]
	MSR 0000030A	0000-0000-0000-0000 [S200]
	MSR 0000030B	0000-0000-0000-0000
	MSR 0000030B	0000-0000-0000-0000 [S200]
	MSR 0000030B	0000-0000-0000-0000 [S200]
	MSR 00000480	00DA-0400-0000-0010
	MSR 00000481	0000-007F-0000-0016
	MSR 00000482	FFF9-FFFE-0401-E172
	MSR 00000483	007F-FFFF-0003-6DFF
	MSR 00000484	0000-FFFF-0000-11FF
	MSR 00000485	0000-0000-1004-01E5
	MSR 00000486	0000-0000-8000-0021
	MSR 00000487	0000-0000-FFFF-FFFF
	MSR 00000488	0000-0000-0000-2000
	MSR 00000489	0000-0000-0006-67FF
	MSR 0000048A	0000-0000-0000-002A
	MSR 0000048B	0000-00FF-0000-0000
	MSR 0000048C	0000-0F01-0611-4141
	MSR 0000048D	0000-007F-0000-0016
	MSR 0000048E	FFF9-FFFE-0400-6172
	MSR 0000048F	007F-FFFF-0003-6DFB
	MSR 00000490	0000-FFFF-0000-11FB
	MSR 00000601	1814-1494-0000-0960
	MSR 00000602	1814-1494-0000-0960
	MSR 00000603	0000-0000-802C-2C2C
	MSR 00000604	0000-0000-8068-6868
	MSR 00000606	0000-0000-000A-1003
	MSR 0000060A	0000-0000-0000-8850
	MSR 0000060B	0000-0000-0000-8868
	MSR 0000060C	0000-0000-0000-886D
	MSR 0000060D	0000-0620-C046-2FF8
	MSR 00000610	0000-A580-0000-9F40
	MSR 00000611	0000-0000-C5AA-FA3A [S200]
	MSR 00000611	0000-0000-C5AD-DF64 [S200]
	MSR 00000611	0000-0000-C5B0-0F18
	MSR 00000613	< FAILED >
	MSR 00000614	0000-0000-01E0-02F8
	MSR 00000618	< FAILED >
	MSR 00000619	< FAILED >
	MSR 0000061B	< FAILED >
	MSR 0000061C	< FAILED >
	MSR 00000638	0000-0000-0000-A580
	MSR 00000639	0000-0000-0270-6F36 [S200]
	MSR 00000639	0000-0000-0271-A4AF [S200]
	MSR 00000639	0000-0000-0272-BEA4
	MSR 0000063A	0000-0000-0000-0000
	MSR 0000063B	< FAILED >
	MSR 00000640	0000-0000-0000-A580
	MSR 00000641	0000-0000-0476-57D5 [S200]
	MSR 00000641	0000-0000-0476-5D76 [S200]
	MSR 00000641	0000-0000-0476-6318
	MSR 00000642	0000-0000-0000-0010
	MSR 00000832	0000-0000-0002-00D1
	MSR 00000838	0000-0000-0000-0188
	MSR 00000839	0000-0000-0000-0127
	MSR 0000083E	0000-0000-0000-000A

Motherboard


Motherboard Properties:
	Motherboard ID	63-0100-000001-00101111-122211-Chipset$Z77-DS3H_BIOS DATE: 09/19/12 18:20:20 VER: 04.06.05
	Motherboard Name	Gigabyte GA-Z77-DS3H

Front Side Bus Properties:
	Bus Type	BCLK
	Real Clock	100 MHz
	Effective Clock	100 MHz

Memory Bus Properties:
	Bus Type	Dual DDR3 SDRAM
	Bus Width	128-bit
	DRAM:FSB Ratio	20:3
	Real Clock	667 MHz (DDR)
	Effective Clock	1333 MHz
	Bandwidth	[ TRIAL VERSION ] MB/s

Chipset Bus Properties:
	Bus Type	Intel Direct Media Interface v2.0

Motherboard Physical Info:
	CPU Sockets/Slots	1 LGA1155
	Expansion Slots	[ TRIAL VERSION ]
	RAM Slots	4 DDR3 DIMM
	Integrated Devices	Audio, Video, Gigabit LAN
	Form Factor	ATX
	Motherboard Size	220 mm x 300 mm
	Motherboard Chipset	Z77
	Extra Features	[ TRIAL VERSION ]

Motherboard Manufacturer:
	Company Name	Gigabyte Technology Co., Ltd.
	Product Information	http://www.gigabyte.com/products/main.aspx?s=42
	BIOS Download	http://www.gigabyte.com/support-downloads/download-center.aspx
	Driver Update	http://www.aida64.com/driver-updates
	BIOS Upgrades	http://www.aida64.com/bios-updates

Memory


Physical Memory:
	Total	[ TRIAL VERSION ]
	Used	[ TRIAL VERSION ]
	Free	5546 MB
	Utilization	[ TRIAL VERSION ]

Virtual Memory:
	Total	9431 MB
	Used	3132 MB
	Free	6299 MB
	Utilization	33 %

Paging File:
	Paging File	C:\pagefile.sys
	Current Size	1280 MB
	Current / Peak Usage	167 MB / 167 MB
	Utilization	13 %

Physical Address Extension (PAE):
	Supported by Operating System	Yes
	Supported by CPU	Yes
	Active	Yes

SPD


[ DIMM2: [ TRIAL VERSION ] ]

	Memory Module Properties:
		Module Name	[ TRIAL VERSION ]
		Serial Number	None
		Module Size	4 GB (2 ranks, 8 banks)
		Module Type	[ TRIAL VERSION ]
		Memory Type	DDR3 SDRAM
		Memory Speed	DDR3-1333 (667 MHz)
		Module Width	64 bit
		Module Voltage	1.5 V
		Error Detection Method	None
		Refresh Rate	Normal (7.8 us)

	Memory Timings:
		@ 666 MHz	9-9-9-24 (CL-RCD-RP-RAS) / 34-107-5-10-5-5-25 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 592 MHz	8-8-8-22 (CL-RCD-RP-RAS) / 30-95-5-9-5-5-23 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 518 MHz	7-7-7-19 (CL-RCD-RP-RAS) / 27-83-4-8-4-4-20 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 444 MHz	6-6-6-16 (CL-RCD-RP-RAS) / 23-72-4-7-4-4-17 (RC-RFC-RRD-WR-WTR-RTP-FAW)

	Extreme Memory Profile v1.2:
		Profile Name	Enthusiast (Certified)
		Memory Speed	DDR3-1600 (800 MHz)
		Voltage	1.50 V (Memory Controller: 1.20 V)
		Refresh Period (tREF)	7.8 us
		Recommended DIMMs Per Channel	1
		@ 800 MHz	9-9-9-24 (CL-RCD-RP-RAS) / 41-128-2-6-12-6-6-30-9 (RC-RFC-CR-RRD-WR-WTR-RTP-FAW-WCL)
		@ 533 MHz	6-6-6-16 (CL-RCD-RP-RAS) / 27-86-2-4-8-4-4-20-6 (RC-RFC-CR-RRD-WR-WTR-RTP-FAW-WCL)

	Memory Module Features:
		Auto Self Refresh (ASR)	Not Supported
		DLL-Off Mode	Supported
		Extended Temperature Range	Supported
		Extended Temperature 1X Refresh Rate	Not Supported
		Module Thermal Sensor	Not Supported
		On-Die Thermal Sensor Readout (ODTS)	Not Supported
		Partial Array Self Refresh (PASR)	Supported
		RZQ/6	Supported
		RZQ/7	Supported

	Memory Module Manufacturer:
		Company Name	Corsair Inc.
		Product Information	http://www.corsair.com/en/memory-by-product-family.html

[ DIMM4: [ TRIAL VERSION ] ]

	Memory Module Properties:
		Module Name	[ TRIAL VERSION ]
		Serial Number	None
		Module Size	4 GB (2 ranks, 8 banks)
		Module Type	[ TRIAL VERSION ]
		Memory Type	DDR3 SDRAM
		Memory Speed	DDR3-1333 (667 MHz)
		Module Width	64 bit
		Module Voltage	1.5 V
		Error Detection Method	None
		Refresh Rate	Normal (7.8 us)

	Memory Timings:
		@ 666 MHz	9-9-9-24 (CL-RCD-RP-RAS) / 34-107-5-10-5-5-25 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 592 MHz	8-8-8-22 (CL-RCD-RP-RAS) / 30-95-5-9-5-5-23 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 518 MHz	7-7-7-19 (CL-RCD-RP-RAS) / 27-83-4-8-4-4-20 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 444 MHz	6-6-6-16 (CL-RCD-RP-RAS) / 23-72-4-7-4-4-17 (RC-RFC-RRD-WR-WTR-RTP-FAW)

	Extreme Memory Profile v1.2:
		Profile Name	Enthusiast (Certified)
		Memory Speed	DDR3-1600 (800 MHz)
		Voltage	1.50 V (Memory Controller: 1.20 V)
		Refresh Period (tREF)	7.8 us
		Recommended DIMMs Per Channel	1
		@ 800 MHz	9-9-9-24 (CL-RCD-RP-RAS) / 41-128-2-6-12-6-6-30-9 (RC-RFC-CR-RRD-WR-WTR-RTP-FAW-WCL)
		@ 533 MHz	6-6-6-16 (CL-RCD-RP-RAS) / 27-86-2-4-8-4-4-20-6 (RC-RFC-CR-RRD-WR-WTR-RTP-FAW-WCL)

	Memory Module Features:
		Auto Self Refresh (ASR)	Not Supported
		DLL-Off Mode	Supported
		Extended Temperature Range	Supported
		Extended Temperature 1X Refresh Rate	Not Supported
		Module Thermal Sensor	Not Supported
		On-Die Thermal Sensor Readout (ODTS)	Not Supported
		Partial Array Self Refresh (PASR)	Supported
		RZQ/6	Supported
		RZQ/7	Supported

	Memory Module Manufacturer:
		Company Name	Corsair Inc.
		Product Information	http://www.corsair.com/en/memory-by-product-family.html

Chipset


[ North Bridge: Intel Sandy Bridge-DT IMC ]

	North Bridge Properties:
		North Bridge	Intel Sandy Bridge-DT IMC
		Supported Memory Types	DDR3-1066, DDR3-1333 SDRAM
		Maximum Memory Amount	32 GB
		Revision	09
		Process Technology	32 nm
		VT-d	Supported
		Extended APIC (x2APIC)	Supported

	Memory Controller:
		Type	Dual Channel (128-bit)
		Active Mode	Dual Channel (128-bit)

	Memory Timings:
		CAS Latency (CL)	9T
		RAS To CAS Delay (tRCD)	9T
		RAS Precharge (tRP)	9T
		RAS Active Time (tRAS)	24T
		Row Refresh Cycle Time (tRFC)	107T
		Command Rate (CR)	1T
		RAS To RAS Delay (tRRD)	5T
		Write Recovery Time (tWR)	10T
		Read To Read Delay (tRTR)	Same Rank: 4T, Different Rank: 1T, Different DIMM: 3T
		Read To Write Delay (tRTW)	Same Rank: 3T, Different Rank: 3T, Different DIMM: 3T
		Write To Read Delay (tWTR)	5T, Different Rank: 1T, Different DIMM: 1T
		Write To Write Delay (tWTW)	Same Rank: 4T, Different Rank: 3T, Different DIMM: 3T
		Read To Precharge Delay (tRTP)	5T
		Four Activate Window Delay (tFAW)	25T
		Write CAS Latency (tWCL)	7T
		CKE Min. Pulse Width (tCKE)	4T
		Refresh Period (tREF)	5200T
		Round Trip Latency (tRTL)	DIMM1: 32T, DIMM2: 34T, DIMM3: 32T, DIMM4: 35T
		I/O Latency (tIOL)	DIMM1: 0T, DIMM2: 1T, DIMM3: 0T, DIMM4: 1T
		Burst Length (BL)	8

	Error Correction:
		ECC	Not Supported
		ChipKill ECC	Not Supported
		RAID	Not Supported
		ECC Scrubbing	Not Supported

	Memory Slots:
		DRAM Slot #1	4 GB (DDR3-1333 DDR3 SDRAM)
		DRAM Slot #2	4 GB (DDR3-1333 DDR3 SDRAM)

	Integrated Graphics Controller:
		Graphics Controller Type	Intel HD Graphics
		Graphics Controller Status	Disabled

	PCI Express Controller:
		PCI-E 2.0 x16 port #2	In Use @ x16 (AMD Cape Verde/Pitcairn/Curacao/Heathrow/Chelsea/Venus - High Definition Audio Controller, MSI R7750 (MS-V279) Video Adapter)

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ South Bridge: [ TRIAL VERSION ] ]

	South Bridge Properties:
		South Bridge	[ TRIAL VERSION ]
		Revision / Stepping	04 / C1
		Package Type	942 Pin FC-BGA
		Package Size	27 mm x 27 mm
		Process Technology	65 nm
		Die Size	[ TRIAL VERSION ] mm2
		Core Voltage	1.05 V
		TDP	6.7 W

	High Definition Audio:
		Codec Name	Realtek ALC887
		Codec ID	10EC0887h / 1458A002h
		Codec Revision	1003h
		Codec Type	Audio

	PCI Express Controller:
		PCI-E 2.0 x1 port #1	Empty
		PCI-E 2.0 x1 port #3	In Use @ x1 (Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller)

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

BIOS


BIOS Properties:
	BIOS Type	AMI EFI
	BIOS Version	F9
	UEFI Boot	No
	System BIOS Date	09/19/2012
	Video BIOS Date	05/28/12

BIOS Manufacturer:
	Company Name	American Megatrends Inc.
	Product Information	http://www.ami.com/amibios
	BIOS Upgrades	http://www.aida64.com/bios-updates

ACPI


[ APIC: Multiple APIC Description Table ]

	ACPI Table Properties:
		ACPI Signature	APIC
		Table Description	Multiple APIC Description Table
		Memory Address	DE11BB88h
		Table Length	146 bytes
		OEM ID	ALASKA
		OEM Table ID	A M I
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h
		Local APIC Address	FEE00000h

	Processor Local APIC:
		ACPI Processor ID	01h
		APIC ID	00h
		Status	Enabled

	Processor Local APIC:
		ACPI Processor ID	02h
		APIC ID	02h
		Status	Enabled

	Processor Local APIC:
		ACPI Processor ID	03h
		APIC ID	04h
		Status	Enabled

	Processor Local APIC:
		ACPI Processor ID	04h
		APIC ID	06h
		Status	Enabled

	Processor Local APIC:
		ACPI Processor ID	05h
		APIC ID	01h
		Status	Enabled

	Processor Local APIC:
		ACPI Processor ID	06h
		APIC ID	03h
		Status	Enabled

	Processor Local APIC:
		ACPI Processor ID	07h
		APIC ID	05h
		Status	Enabled

	Processor Local APIC:
		ACPI Processor ID	08h
		APIC ID	07h
		Status	Enabled

	I/O APIC:
		I/O APIC ID	02h
		I/O APIC Address	FEC00000h
		Global System Interrupt Base	00000000h

	Interrupt Source Override:
		Bus	ISA
		Source	IRQ0
		Global System Interrupt	00000002h
		Polarity	Conforms to the specifications of the bus
		Trigger Mode	Conforms to the specifications of the bus

	Interrupt Source Override:
		Bus	ISA
		Source	IRQ9
		Global System Interrupt	00000009h
		Polarity	Active High
		Trigger Mode	Level-Triggered

	Local APIC NMI:
		ACPI Processor ID	FFh
		Local ACPI LINT#	01h
		Polarity	Active High
		Trigger Mode	Edge-Triggered

[ DMAR: DMA Remapping Table ]

	ACPI Table Properties:
		ACPI Signature	DMAR
		Table Description	DMA Remapping Table
		Memory Address	DE11D450h
		Table Length	128 bytes
		OEM ID	INTEL
		OEM Table ID	SNB
		OEM Revision	00000001h
		Creator ID	INTL
		Creator Revision	00000001h

[ DSDT: Differentiated System Description Table ]

	ACPI Table Properties:
		ACPI Signature	DSDT
		Table Description	Differentiated System Description Table
		Memory Address	DE112170h
		Table Length	39197 bytes
		OEM ID	ALASKA
		OEM Table ID	A M I
		OEM Revision	00000012h
		Creator ID	INTL
		Creator Revision	20051117h

	nVIDIA SLI:
		SLI Certification	Not Present
		PCI 0-0-0-0 (Direct I/O)	8086-0100 (Intel)
		PCI 0-0-0-0 (HAL)	8086-0100 (Intel)

	Lucid Virtu:
		Virtu Certification	Not Present

[ FACP: Fixed ACPI Description Table ]

	ACPI Table Properties:
		ACPI Signature	FACP
		Table Description	Fixed ACPI Description Table
		Memory Address	DE1120E8h
		Table Length	132 bytes
		OEM ID	ALASKA
		OEM Table ID	A M I
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h
		FACS Address	DE12FF40h
		DSDT Address	DE112170h
		SMI Command Port	000000B2h
		PM Timer	00000408h

[ FACP: Fixed ACPI Description Table ]

	ACPI Table Properties:
		ACPI Signature	FACP
		Table Description	Fixed ACPI Description Table
		Memory Address	00000000-DE11BA90h
		Table Length	244 bytes
		OEM ID	ALASKA
		OEM Table ID	A M I
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h
		FACS Address	DE12FF80h / 00000000-00000000h
		DSDT Address	DE112170h / 00000000-DE112170h
		SMI Command Port	000000B2h
		PM Timer	00000408h

[ FACS: Firmware ACPI Control Structure ]

	ACPI Table Properties:
		ACPI Signature	FACS
		Table Description	Firmware ACPI Control Structure
		Memory Address	DE12FF40h
		Table Length	64 bytes
		Hardware Signature	00000000h
		Waking Vector	00000000h
		Global Lock	00000000h

[ HPET: IA-PC High Precision Event Timer Table ]

	ACPI Table Properties:
		ACPI Signature	HPET
		Table Description	IA-PC High Precision Event Timer Table
		Memory Address	DE11BC60h
		Table Length	56 bytes
		OEM ID	ALASKA
		OEM Table ID	A M I
		OEM Revision	01072009h
		Creator ID	AMI.
		Creator Revision	00000005h
		HPET Address	00000000-FED00000h
		Vendor ID	8086h
		Revision	01h
		Number of Timers	8
		Counter Size	64-bit
		Minimum Clock Ticks	14318
		Page Protection	No Guarantee
		OEM Attribute	0h
		LegacyReplacement IRQ Routing	Supported

[ MCFG: Memory Mapped Configuration Space Base Address Description Table ]

	ACPI Table Properties:
		ACPI Signature	MCFG
		Table Description	Memory Mapped Configuration Space Base Address Description Table
		Memory Address	DE11BC20h
		Table Length	60 bytes
		OEM Revision	01072009h
		Creator ID	MSFT
		Creator Revision	00000097h
		Config Space Address	00000000-F8000000h
		PCI Segment	0000h
		Start Bus Number	00h
		End Bus Number	3Fh

[ RSD PTR: Root System Description Pointer ]

	ACPI Table Properties:
		ACPI Signature	RSD PTR
		Table Description	Root System Description Pointer
		Memory Address	000F0490h
		Table Length	36 bytes
		OEM ID	ALASKA
		RSDP Revision	2 (ACPI 2.0+)
		RSDT Address	DE112028h
		XSDT Address	00000000-DE112070h

[ RSDT: Root System Description Table ]

	ACPI Table Properties:
		ACPI Signature	RSDT
		Table Description	Root System Description Table
		Memory Address	DE112028h
		Table Length	68 bytes
		OEM ID	ALASKA
		OEM Table ID	A M I
		OEM Revision	01072009h
		Creator ID	MSFT
		Creator Revision	00010013h
		RSDT Entry #0	DE1120E8h (FACP)
		RSDT Entry #1	DE11BB88h (APIC)
		RSDT Entry #2	DE11BC20h (MCFG)
		RSDT Entry #3	DE11BC60h (HPET)
		RSDT Entry #4	DE11BC98h (SSDT)
		RSDT Entry #5	DE11C008h (SSDT)
		RSDT Entry #6	DE11C9B8h (SSDT)
		RSDT Entry #7	DE11D450h (DMAR)

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	DE11BC98h
		Table Length	877 bytes
		OEM ID	SataRe
		OEM Table ID	SataTabl
		OEM Revision	00001000h
		Creator ID	INTL
		Creator Revision	20091112h

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	DE11C008h
		Table Length	2474 bytes
		OEM ID	PmRef
		OEM Table ID	Cpu0Ist
		OEM Revision	00003000h
		Creator ID	INTL
		Creator Revision	20051117h

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	DE11C9B8h
		Table Length	2706 bytes
		OEM ID	PmRef
		OEM Table ID	CpuPm
		OEM Revision	00003000h
		Creator ID	INTL
		Creator Revision	20051117h

[ XSDT: Extended System Description Table ]

	ACPI Table Properties:
		ACPI Signature	XSDT
		Table Description	Extended System Description Table
		Memory Address	00000000-DE112070h
		Table Length	100 bytes
		OEM ID	ALASKA
		OEM Table ID	A M I
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h
		XSDT Entry #0	00000000-DE11BA90h (FACP)
		XSDT Entry #1	00000000-DE11BB88h (APIC)
		XSDT Entry #2	00000000-DE11BC20h (MCFG)
		XSDT Entry #3	00000000-DE11BC60h (HPET)
		XSDT Entry #4	00000000-DE11BC98h (SSDT)
		XSDT Entry #5	00000000-DE11C008h (SSDT)
		XSDT Entry #6	00000000-DE11C9B8h (SSDT)
		XSDT Entry #7	00000000-DE11D450h (DMAR)

Operating System


Operating System Properties:
	OS Name	Microsoft Windows 10 Pro
	OS Language	English (United States)
	OS Installer Language	English (United States)
	OS Kernel Type	Multiprocessor Free (64-bit)
	OS Version	10.0.14393.447 (Win10 RS1)
	OS Service Pack	[ TRIAL VERSION ]
	OS Installation Date	10/2/2016
	OS Root	C:\WINDOWS

License Information:
	Registered Owner	Oscar
	Registered Organization
	Product ID	00330-80000-00000-AA882
	Product Key	VK7JG- [ TRIAL VERSION ]
	Product Activation (WPA)	Required

Current Session:
	Computer Name	DESKTOP-8V8TQ92
	User Name	Draku
	Logon Domain	[ TRIAL VERSION ]
	UpTime	10355 sec (0 days, 2 hours, 52 min, 35 sec)

Components Version:
	Common Controls	6.16
	Internet Explorer Updates	[ TRIAL VERSION ]
	Windows Mail	10.0.14393.0 (rs1_release.160715-1616)
	Windows Media Player	12.0.14393.0 (rs1_release.160715-1616)
	Windows Messenger	-
	MSN Messenger	-
	Internet Information Services (IIS)	[ TRIAL VERSION ]
	.NET Framework	4.6.1586.0 built by: NETFXREL2
	Novell Client	-
	DirectX	DirectX 12.0
	OpenGL	10.0.14393.0 (rs1_release.160715-1616)
	ASPI	-

Operating System Features:
	Debug Version	No
	DBCS Version	No
	Domain Controller	No
	Security Present	No
	Network Present	Yes
	Remote Session	No
	Safe Mode	No
	Slow Processor	No
	Terminal Services	Yes

Processes


Process Name	Process File Name	Type	Used Memory	Used Swap
aida64.exe	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe	32-bit	80116 KB	66 KB
atieclxx.exe	C:\WINDOWS\system32\atieclxx.exe	64-bit	1720 KB	2 KB
atiesrxx.exe	C:\WINDOWS\system32\atiesrxx.exe	64-bit	940 KB	1 KB
audiodg.exe	C:\WINDOWS\system32\AUDIODG.EXE	64-bit	11824 KB	6 KB
avgcsrva.exe	C:\Program Files (x86)\AVG\Av\avgcsrva.exe	64-bit	4340 KB	3 KB
avgidsagenta.exe		64-bit	32276 KB	27 KB
backgroundTaskHost.exe	C:\WINDOWS\system32\backgroundTaskHost.exe	64-bit	26928 KB	9 KB
chrome.exe	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	64-bit	123 MB	163 KB
chrome.exe	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	64-bit	572 MB	373 KB
chrome.exe	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	64-bit	34672 KB	25 KB
chrome.exe	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	64-bit	101 MB	75 KB
chrome.exe	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	64-bit	148 MB	64 KB
chrome.exe	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	64-bit	58924 KB	53 KB
conhost.exe	C:\WINDOWS\system32\conhost.exe	64-bit	3620 KB	5 KB
csrss.exe		64-bit	3700 KB	1 KB
csrss.exe		64-bit	3652 KB	2 KB
dllhost.exe	C:\WINDOWS\system32\DllHost.exe	64-bit	2556 KB	3 KB
dwm.exe	C:\WINDOWS\system32\dwm.exe	64-bit	26752 KB	37 KB
explorer.exe	C:\WINDOWS\Explorer.EXE	64-bit	44944 KB	28 KB
ggdllhost.exe	C:\Program Files (x86)\Garena Plus\ggdllhost.exe	32-bit	580 KB	2 KB
ggdllhost.exe	C:\Program Files (x86)\Garena Plus\ggdllhost.exe	32-bit	3400 KB	4 KB
InstallAgent.exe	C:\Windows\System32\InstallAgent.exe	64-bit	2476 KB	1 KB
InstallAgentUserBroker.exe	C:\Windows\System32\InstallAgentUserBroker.exe	64-bit	5096 KB	3 KB
lsass.exe	C:\WINDOWS\system32\lsass.exe	64-bit	9328 KB	5 KB
Memory Compression		64-bit	76592 KB	0 KB
MRT.exe	C:\Windows\System32\MRT.exe	64-bit	30968 KB	171 KB
MRT.exe	C:\Windows\System32\MRT.exe	64-bit	2528 KB	4 KB
RuntimeBroker.exe	C:\Windows\System32\RuntimeBroker.exe	64-bit	21540 KB	9 KB
sdiagnhost.exe	C:\WINDOWS\System32\sdiagnhost.exe	64-bit	24348 KB	45 KB
SearchFilterHost.exe	C:\WINDOWS\system32\SearchFilterHost.exe	64-bit	6292 KB	1 KB
SearchIndexer.exe	C:\WINDOWS\system32\SearchIndexer.exe	64-bit	12936 KB	18 KB
SearchProtocolHost.exe	C:\WINDOWS\system32\SearchProtocolHost.exe	64-bit	12132 KB	2 KB
SearchUI.exe	C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe	64-bit	40184 KB	49 KB
services.exe		64-bit	4476 KB	2 KB
ShellExperienceHost.exe	C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe	64-bit	21264 KB	33 KB
sihost.exe	C:\WINDOWS\system32\sihost.exe	64-bit	9912 KB	5 KB
SkypeHost.exe	C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe	64-bit	228 KB	4 KB
smartscreen.exe	C:\Windows\System32\smartscreen.exe	64-bit	24244 KB	11 KB
smss.exe		64-bit	344 KB	0 KB
spoolsv.exe	C:\WINDOWS\System32\spoolsv.exe	64-bit	5524 KB	5 KB
sppsvc.exe		64-bit	15908 KB	6 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	12668 KB	7 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	32736 KB	28 KB
svchost.exe	C:\WINDOWS\System32\svchost.exe	64-bit	13836 KB	13 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	4948 KB	3 KB
svchost.exe	C:\WINDOWS\System32\svchost.exe	64-bit	14064 KB	14 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	20748 KB	17 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	16164 KB	9 KB
svchost.exe	C:\WINDOWS\System32\svchost.exe	64-bit	12484 KB	7 KB
svchost.exe	C:\WINDOWS\System32\svchost.exe	64-bit	5608 KB	2 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	4012 KB	2 KB
svchost.exe	C:\WINDOWS\SysWoW64\svchost.exe	32-bit	4584 KB	3 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	15388 KB	9 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	11088 KB	6 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	3492 KB	1 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	6824 KB	4 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	8848 KB	2 KB
System Idle Process			4 KB	0 KB
System		64-bit	32 KB	0 KB
taskhostw.exe	C:\WINDOWS\system32\taskhostw.exe	64-bit	6736 KB	6 KB
taskhostw.exe	C:\WINDOWS\system32\taskhostw.exe	64-bit	12360 KB	7 KB
wininit.exe		64-bit	716 KB	0 KB
winlogon.exe	C:\WINDOWS\system32\winlogon.exe	64-bit	1576 KB	1 KB
WmiPrvSE.exe	C:\WINDOWS\system32\wbem\wmiprvse.exe	64-bit	10820 KB	3 KB
WmiPrvSE.exe	C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe	64-bit	9552 KB	3 KB
WUDFHost.exe	C:\Windows\System32\WUDFHost.exe	64-bit	2420 KB	1 KB

System Drivers


Driver Name	Driver Description	File Name	Version	Type	State
1394ohci	1394 OHCI Compliant Host Controller	1394ohci.sys	10.0.14393.0	Kernel Driver	Stopped
3ware	3ware	3ware.sys	5.1.0.51	Kernel Driver	Stopped
ACPI	Microsoft ACPI Driver	ACPI.sys	10.0.14393.0	Kernel Driver	Running
AcpiDev	ACPI Devices driver	AcpiDev.sys	10.0.14393.0	Kernel Driver	Stopped
acpiex	Microsoft ACPIEx Driver	acpiex.sys	10.0.14393.0	Kernel Driver	Running
acpipagr	ACPI Processor Aggregator Driver	acpipagr.sys	10.0.14393.0	Kernel Driver	Stopped
AcpiPmi	ACPI Power Meter Driver	acpipmi.sys	10.0.14393.0	Kernel Driver	Stopped
acpitime	ACPI Wake Alarm Driver	acpitime.sys	10.0.14393.0	Kernel Driver	Stopped
ADP80XX	ADP80XX	ADP80XX.SYS	1.3.0.10769	Kernel Driver	Stopped
AFD	Ancillary Function Driver for Winsock	afd.sys	10.0.14393.351	Kernel Driver	Running
ahcache	Application Compatibility Cache	ahcache.sys	10.0.14393.351	Kernel Driver	Running
AIDA64Driver	FinalWire AIDA64 Kernel Driver	kerneld.x64		Kernel Driver	Running
AmdK8	AMD K8 Processor Driver	amdk8.sys	10.0.14393.0	Kernel Driver	Stopped
amdkmdag	amdkmdag	atikmdag.sys	21.19.137.1	Kernel Driver	Running
amdkmdap	amdkmdap	atikmpag.sys	21.19.137.1	Kernel Driver	Running
AmdPPM	AMD Processor Driver	amdppm.sys	10.0.14393.0	Kernel Driver	Stopped
amdsata	amdsata	amdsata.sys	1.1.3.277	Kernel Driver	Stopped
amdsbs	amdsbs	amdsbs.sys	3.7.1540.43	Kernel Driver	Stopped
amdxata	amdxata	amdxata.sys	1.1.3.277	Kernel Driver	Stopped
AppID	AppID Driver	appid.sys	10.0.14393.0	Kernel Driver	Stopped
applockerfltr	Smartlocker Filter Driver	applockerfltr.sys	10.0.14393.0	Kernel Driver	Stopped
AppvStrm	AppvStrm	AppvStrm.sys	10.0.14393.206	File System Driver	Stopped
AppvVemgr	AppvVemgr	AppvVemgr.sys	10.0.14393.0	File System Driver	Stopped
AppvVfs	AppvVfs	AppvVfs.sys	10.0.14393.0	File System Driver	Stopped
arcsas	Adaptec SAS/SATA-II RAID Storport's Miniport Driver	arcsas.sys	7.5.0.32048	Kernel Driver	Stopped
AsyncMac	RAS Asynchronous Media Driver	asyncmac.sys	10.0.14393.0	Kernel Driver	Stopped
atapi	IDE Channel	atapi.sys	10.0.14393.0	Kernel Driver	Stopped
athr	Qualcomm Atheros Extensible Wireless LAN device driver	athw8x.sys	3.0.2.201	Kernel Driver	Stopped
AtiHDAudioService	AMD Function Driver for HD Audio Service	AtihdWT6.sys	10.0.0.2	Kernel Driver	Running
Avgboota	AVG Early Launch Anti-Malware Driver	avgboota.sys	16.40.0.7405	Kernel Driver	Stopped
Avgdiska	AVG Disk Driver	avgdiska.sys	16.90.0.7664	File System Driver	Running
AVGIDSDriver	AVGIDSDriver	avgidsdrivera.sys	16.140.0.7962	File System Driver	Running
AVGIDSHA	AVGIDSHA	avgidsha.sys	16.130.0.7889	File System Driver	Running
Avgldx64	AVG AVI Loader Driver	avgldx64.sys	16.141.0.7988	File System Driver	Running
Avgloga	AVG Logging Driver	avgloga.sys	16.60.0.7513	File System Driver	Running
Avgmfx64	AVG Mini-Filter Resident Anti-Virus Shield	avgmfx64.sys	16.121.0.7858	File System Driver	Running
Avgrkx64	AVG Anti-Rootkit Driver	avgrkx64.sys	16.90.0.7673	File System Driver	Running
avguniva	AVG Universal Driver	avguniva.sys	16.100.0.7722	File System Driver	Running
Avgwfpa	AVG Firewall Driver	avgwfpa.sys	16.110.0.7776	Kernel Driver	Running
b06bdrv	QLogic Network Adapter VBD	bxvbda.sys	7.12.31.105	Kernel Driver	Stopped
BasicDisplay	BasicDisplay	BasicDisplay.sys	10.0.14393.0	Kernel Driver	Running
BasicRender	BasicRender	BasicRender.sys	10.0.14393.0	Kernel Driver	Running
bcmfn	bcmfn Service	bcmfn.sys	6.3.9477.0	Kernel Driver	Stopped
bcmfn2	bcmfn2 Service	bcmfn2.sys	6.3.9391.6	Kernel Driver	Stopped
Beep	Beep			Kernel Driver	Running
bowser	Browser Support Driver	bowser.sys	10.0.14393.447	File System Driver	Running
BthAvrcpTg	Bluetooth Audio/Video Remote Control HID	BthAvrcpTg.sys	10.0.14393.0	Kernel Driver	Stopped
BthHFEnum	Bluetooth Hands-Free Audio and Call Control HID Enumerator	bthhfenum.sys	10.0.14393.0	Kernel Driver	Stopped
bthhfhid	Bluetooth Hands-Free Call Control HID	BthHFHid.sys	10.0.14393.0	Kernel Driver	Stopped
BTHMODEM	Bluetooth Modem Communications Driver	bthmodem.sys	10.0.14393.0	Kernel Driver	Stopped
buttonconverter	Service for Portable Device Control devices	buttonconverter.sys	10.0.14393.0	Kernel Driver	Stopped
CapImg	HID driver for CapImg touch screen	capimg.sys	10.0.14393.320	Kernel Driver	Stopped
cdfs	CD/DVD File System Reader	cdfs.sys	10.0.14393.0	File System Driver	Stopped
cdrom	CD-ROM Driver	cdrom.sys	10.0.14393.0	Kernel Driver	Stopped
cht4iscsi	cht4iscsi	cht4sx64.sys	6.1.14.200	Kernel Driver	Stopped
cht4vbd	Chelsio Virtual Bus Driver	cht4vx64.sys	6.1.14.200	Kernel Driver	Stopped
circlass	Consumer IR Devices	circlass.sys	10.0.14393.0	Kernel Driver	Stopped
CLFS	Common Log (CLFS)	CLFS.sys	10.0.14393.447	Kernel Driver	Running
clreg	Virtual Registry for Containers	registry.sys	10.0.14393.0	Kernel Driver	Running
CmBatt	Microsoft ACPI Control Method Battery Driver	CmBatt.sys	10.0.14393.0	Kernel Driver	Stopped
CNG	CNG	cng.sys	10.0.14393.82	Kernel Driver	Running
cnghwassist	CNG Hardware Assist algorithm provider	cnghwassist.sys	10.0.14393.0	Kernel Driver	Stopped
CompositeBus	Composite Bus Enumerator Driver	CompositeBus.sys	10.0.14393.0	Kernel Driver	Running
condrv	Console Driver	condrv.sys	10.0.14393.0	Kernel Driver	Running
CSC	Offline Files Driver	csc.sys	10.0.14393.0	Kernel Driver	Running
dam	Desktop Activity Moderator Driver	dam.sys	10.0.14393.351	Kernel Driver	Stopped
dbx	dbx	dbx.sys		File System Driver	Stopped
Dfsc	DFS Namespace Client Driver	dfsc.sys	10.0.14393.321	File System Driver	Running
disk	Disk Driver	disk.sys	10.0.14393.0	Kernel Driver	Running
dmvsc	dmvsc	dmvsc.sys	10.0.14393.0	Kernel Driver	Stopped
drmkaud	Microsoft Trusted Audio Drivers	drmkaud.sys	10.0.14393.0	Kernel Driver	Stopped
DrvSnSht	DrvSnSht	DrvSnSht64.sys	0.0.23.2006	Kernel Driver	Stopped
DXGKrnl	LDDM Graphics Subsystem	dxgkrnl.sys	10.0.14393.351	Kernel Driver	Running
ebdrv	QLogic 10 Gigabit Ethernet Adapter VBD	evbda.sys	7.13.65.105	Kernel Driver	Stopped
EhStorClass	Enhanced Storage Filter Driver	EhStorClass.sys	10.0.14393.0	Kernel Driver	Stopped
EhStorTcgDrv	Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols	EhStorTcgDrv.sys	10.0.14393.187	Kernel Driver	Stopped
ErrDev	Microsoft Hardware Error Device Driver	errdev.sys	10.0.14393.0	Kernel Driver	Stopped
exfat	exFAT File System Driver			File System Driver	Stopped
fastfat	FAT12/16/32 File System Driver			File System Driver	Running
fdc	Floppy Disk Controller Driver	fdc.sys	10.0.14393.0	Kernel Driver	Stopped
file_tracker	file_tracker	file_tracker.sys	1.1.0.2269	File System Driver	Running
FileCrypt	FileCrypt	filecrypt.sys	10.0.14393.0	File System Driver	Running
FileInfo	File Information FS MiniFilter	fileinfo.sys	10.0.14393.0	File System Driver	Running
Filetrace	Filetrace	filetrace.sys	10.0.14393.0	File System Driver	Stopped
flpydisk	Floppy Disk Driver	flpydisk.sys	10.0.14393.0	Kernel Driver	Stopped
FltMgr	FltMgr	fltmgr.sys	10.0.14393.0	File System Driver	Running
fltsrv	Acronis Storage Filter Management	fltsrv.sys	1.3.0.2195	Kernel Driver	Running
FsDepends	File System Dependency Minifilter	FsDepends.sys	10.0.14393.0	File System Driver	Stopped
fvevol	BitLocker Drive Encryption Filter Driver	fvevol.sys	10.0.14393.206	Kernel Driver	Running
gencounter	Microsoft Hyper-V Generation Counter	vmgencounter.sys	10.0.14393.0	Kernel Driver	Stopped
genericusbfn	Generic USB Function Class	genericusbfn.sys	10.0.14393.0	Kernel Driver	Stopped
gkernel	gkernel	gkernel.sys		Kernel Driver	Running
GPIOClx0101	Microsoft GPIO Class Extension Driver	msgpioclx.sys	10.0.14393.0	Kernel Driver	Stopped
GpuEnergyDrv	GPU Energy Driver	gpuenergydrv.sys	10.0.14393.0	Kernel Driver	Running
HdAudAddService	Microsoft 1.1 UAA Function Driver for High Definition Audio Service	HdAudio.sys	10.0.14393.0	Kernel Driver	Running
HDAudBus	Microsoft UAA Bus Driver for High Definition Audio	HDAudBus.sys	10.0.14393.0	Kernel Driver	Running
HidBatt	HID UPS Battery Driver	HidBatt.sys	10.0.14393.0	Kernel Driver	Stopped
HidBth	Microsoft Bluetooth HID Miniport	hidbth.sys	10.0.14393.0	Kernel Driver	Stopped
hidi2c	Microsoft I2C HID Miniport Driver	hidi2c.sys	10.0.14393.0	Kernel Driver	Stopped
hidinterrupt	Common Driver for HID Buttons implemented with interrupts	hidinterrupt.sys	10.0.14393.0	Kernel Driver	Stopped
HidIr	Microsoft Infrared HID Driver	hidir.sys	10.0.14393.0	Kernel Driver	Stopped
HidUsb	Microsoft HID Class Driver	hidusb.sys	10.0.14393.82	Kernel Driver	Running
HpSAMD	HpSAMD	HpSAMD.sys	8.0.4.0	Kernel Driver	Stopped
HTTP	HTTP Service	HTTP.sys	10.0.14393.351	Kernel Driver	Running
hvservice	Hypervisor/Virtual Machine Support Driver	hvservice.sys	10.0.14393.82	Kernel Driver	Stopped
hwpolicy	Hardware Policy Driver	hwpolicy.sys	10.0.14393.0	Kernel Driver	Stopped
hyperkbd	hyperkbd	hyperkbd.sys	10.0.14393.0	Kernel Driver	Stopped
i8042prt	i8042 Keyboard and PS/2 Mouse Port Driver	i8042prt.sys	10.0.14393.0	Kernel Driver	Stopped
iagpio	Intel Serial IO GPIO Controller Driver	iagpio.sys	604.10146.3023.12819	Kernel Driver	Stopped
iai2c	Intel(R) Serial IO I2C Host Controller	iai2c.sys	604.10146.2643.2818	Kernel Driver	Stopped
iaLPSS2i_GPIO2	Intel(R) Serial IO GPIO Driver v2	iaLPSS2i_GPIO2.sys	30.63.1610.8	Kernel Driver	Stopped
iaLPSS2i_I2C	Intel(R) Serial IO I2C Driver v2	iaLPSS2i_I2C.sys	30.63.1610.8	Kernel Driver	Stopped
iaLPSSi_GPIO	Intel(R) Serial IO GPIO Controller Driver	iaLPSSi_GPIO.sys	1.1.250.0	Kernel Driver	Stopped
iaLPSSi_I2C	Intel(R) Serial IO I2C Controller Driver	iaLPSSi_I2C.sys	1.1.253.0	Kernel Driver	Stopped
iaStorAV	Intel(R) SATA RAID Controller Windows	iaStorAV.sys	13.2.0.1022	Kernel Driver	Stopped
iaStorV	Intel RAID Controller Windows 7	iaStorV.sys	8.6.2.1019	Kernel Driver	Stopped
ibbus	Mellanox InfiniBand Bus/AL (Filter Driver)	ibbus.sys	5.1.11548.0	Kernel Driver	Stopped
IndirectKmd	Indirect Displays Kernel-Mode Driver	IndirectKmd.sys	10.0.14393.0	Kernel Driver	Stopped
intelide	intelide	intelide.sys	10.0.14393.0	Kernel Driver	Stopped
intelpep	Intel(R) Power Engine Plug-in Driver	intelpep.sys	10.0.14393.0	Kernel Driver	Running
intelppm	Intel Processor Driver	intelppm.sys	10.0.14393.0	Kernel Driver	Running
iorate	iorate	iorate.sys	10.0.14393.447	Kernel Driver	Running
IpFilterDriver	IP Traffic Filter Driver	ipfltdrv.sys	10.0.14393.0	Kernel Driver	Stopped
IPMIDRV	IPMIDRV	IPMIDrv.sys	10.0.14393.0	Kernel Driver	Stopped
IPNAT	IP Network Address Translator	ipnat.sys	10.0.14393.0	Kernel Driver	Stopped
irda	irda	irda.sys	10.0.14393.0	Kernel Driver	Stopped
IRENUM	IR Bus Enumerator	irenum.sys	10.0.14393.0	Kernel Driver	Stopped
isapnp	isapnp	isapnp.sys	10.0.14393.0	Kernel Driver	Stopped
iScsiPrt	iScsiPort Driver	msiscsi.sys	10.0.14393.0	Kernel Driver	Stopped
ISODrive	ISO DVD/CD-ROM Device Driver	ISODrv64.sys	3.1.3.579	File System Driver	Running
kbdclass	Keyboard Class Driver	kbdclass.sys	10.0.14393.0	Kernel Driver	Running
kbdhid	Keyboard HID Driver	kbdhid.sys	10.0.14393.206	Kernel Driver	Running
kdnic	Microsoft Kernel Debug Network Miniport (NDIS 6.20)	kdnic.sys	6.1.0.0	Kernel Driver	Running
KSecDD	KSecDD	ksecdd.sys	10.0.14393.187	Kernel Driver	Running
KSecPkg	KSecPkg	ksecpkg.sys	10.0.14393.82	Kernel Driver	Running
ksthunk	Kernel Streaming Thunks	ksthunk.sys	10.0.14393.0	Kernel Driver	Running
KuaiZipDrive2	KuaiZipDrive2	KuaiZipDrive2.sys	3.5.0.0	Kernel Driver	Running
L1C	NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller	L1C63x64.sys	2.1.0.16	Kernel Driver	Running
lltdio	Link-Layer Topology Discovery Mapper I/O Driver	lltdio.sys	10.0.14393.0	Kernel Driver	Running
LSI_SAS	LSI_SAS	lsi_sas.sys	1.34.3.83	Kernel Driver	Stopped
LSI_SAS2i	LSI_SAS2i	lsi_sas2i.sys	2.0.79.80	Kernel Driver	Stopped
LSI_SAS3i	LSI_SAS3i	lsi_sas3i.sys	2.51.12.80	Kernel Driver	Stopped
LSI_SSS	LSI_SSS	lsi_sss.sys	2.10.61.81	Kernel Driver	Stopped
luafv	UAC File Virtualization	luafv.sys	10.0.14393.0	File System Driver	Running
megasas	megasas	megasas.sys	6.706.6.0	Kernel Driver	Stopped
megasas2i	megasas2i	MegaSas2i.sys	6.711.10.11	Kernel Driver	Stopped
megasr	megasr	megasr.sys	15.2.2013.129	Kernel Driver	Stopped
MEIx64	Intel(R) Management Engine Interface	TeeDriverW8x64.sys	11.0.0.1157	Kernel Driver	Running
mlx4_bus	Mellanox ConnectX Bus Enumerator	mlx4_bus.sys	5.1.11548.0	Kernel Driver	Stopped
MMCSS	Multimedia Class Scheduler	mmcss.sys	10.0.14393.0	Kernel Driver	Running
Modem	Modem	modem.sys	10.0.14393.0	Kernel Driver	Stopped
monitor	Monitor Class Function Driver Service	monitor.sys	10.0.14393.0	Kernel Driver	Running
mouclass	Mouse Class Driver	mouclass.sys	10.0.14393.0	Kernel Driver	Running
mouhid	Mouse HID Driver	mouhid.sys	10.0.14393.0	Kernel Driver	Running
mountmgr	Mount Point Manager	mountmgr.sys	10.0.14393.0	Kernel Driver	Running
mpsdrv	Windows Firewall Authorization Driver	mpsdrv.sys	10.0.14393.0	Kernel Driver	Running
MRxDAV	WebDav Client Redirector Driver	mrxdav.sys	10.0.14393.321	File System Driver	Stopped
mrxsmb	SMB MiniRedirector Wrapper and Engine	mrxsmb.sys	10.0.14393.187	File System Driver	Running
mrxsmb10	SMB 1.x MiniRedirector	mrxsmb10.sys	10.0.14393.187	File System Driver	Running
mrxsmb20	SMB 2.0 MiniRedirector	mrxsmb20.sys	10.0.14393.206	File System Driver	Running
MsBridge	Microsoft MAC Bridge	bridge.sys	10.0.14393.0	Kernel Driver	Stopped
Msfs	Msfs			File System Driver	Running
msgpiowin32	Common Driver for Buttons, DockMode and Laptop/Slate Indicator	msgpiowin32.sys	10.0.14393.0	Kernel Driver	Stopped
mshidkmdf	Pass-through HID to KMDF Filter Driver	mshidkmdf.sys	10.0.14393.0	Kernel Driver	Stopped
mshidumdf	Pass-through HID to UMDF Driver	mshidumdf.sys	10.0.14393.0	Kernel Driver	Stopped
msisadrv	msisadrv	msisadrv.sys	10.0.14393.0	Kernel Driver	Running
MSKSSRV	Microsoft Streaming Service Proxy	MSKSSRV.sys	10.0.14393.0	Kernel Driver	Stopped
MsLldp	Microsoft Link-Layer Discovery Protocol	mslldp.sys	10.0.14393.0	Kernel Driver	Running
MSPCLOCK	Microsoft Streaming Clock Proxy	MSPCLOCK.sys	10.0.14393.0	Kernel Driver	Stopped
MSPQM	Microsoft Streaming Quality Manager Proxy	MSPQM.sys	10.0.14393.0	Kernel Driver	Stopped
MsRPC	MsRPC			Kernel Driver	Stopped
MsSecFlt	Microsoft Security Events Component Minifilter	mssecflt.sys	10.0.14393.0	File System Driver	Stopped
mssmbios	Microsoft System Management BIOS Driver	mssmbios.sys	10.0.14393.0	Kernel Driver	Running
MSTEE	Microsoft Streaming Tee/Sink-to-Sink Converter	MSTEE.sys	10.0.14393.0	Kernel Driver	Stopped
MTConfig	Microsoft Input Configuration Driver	MTConfig.sys	10.0.14393.0	Kernel Driver	Stopped
Mup	Mup	mup.sys	10.0.14393.0	File System Driver	Running
mvumis	mvumis	mvumis.sys	1.0.5.1016	Kernel Driver	Stopped
NativeWifiP	NativeWiFi Filter	nwifi.sys	10.0.14393.0	Kernel Driver	Running
ndfltr	NetworkDirect Service	ndfltr.sys	5.1.11548.0	Kernel Driver	Stopped
NDIS	NDIS System Driver	ndis.sys	10.0.14393.321	Kernel Driver	Running
NdisCap	Microsoft NDIS Capture	ndiscap.sys	10.0.14393.0	Kernel Driver	Stopped
NdisImPlatform	Microsoft Network Adapter Multiplexor Protocol	NdisImPlatform.sys	10.0.14393.0	Kernel Driver	Stopped
NdisTapi	Remote Access NDIS TAPI Driver	ndistapi.sys	10.0.14393.0	Kernel Driver	Stopped
Ndisuio	NDIS Usermode I/O Protocol	ndisuio.sys	10.0.14393.0	Kernel Driver	Running
NdisVirtualBus	Microsoft Virtual Network Adapter Enumerator	NdisVirtualBus.sys	10.0.14393.0	Kernel Driver	Running
NdisWan	Remote Access NDIS WAN Driver	ndiswan.sys	10.0.14393.0	Kernel Driver	Stopped
ndiswanlegacy	Remote Access LEGACY NDIS WAN Driver	ndiswan.sys	10.0.14393.0	Kernel Driver	Stopped
ndproxy	@%SystemRoot%\system32\drivers\todo.sys,-101;NDIS Proxy	NDProxy.sys	10.0.14393.0	Kernel Driver	Stopped
Ndu	Windows Network Data Usage Monitoring Driver	Ndu.sys	10.0.14393.0	Kernel Driver	Running
NetAdapterCx	Network Adapter Wdf Class Extension Library	NetAdapterCx.sys		Kernel Driver	Stopped
NetBIOS	NetBIOS Interface	netbios.sys	10.0.14393.0	File System Driver	Running
NetBT	NetBT	netbt.sys	10.0.14393.0	Kernel Driver	Running
Npfs	Npfs			File System Driver	Running
npsvctrig	Named pipe service trigger provider	npsvctrig.sys	10.0.14393.0	Kernel Driver	Running
nsambavu	nsambavu			Kernel Driver	Stopped
nsiproxy	NSI Proxy Service Driver	nsiproxy.sys	10.0.14393.0	Kernel Driver	Running
NTFS	NTFS			File System Driver	Running
Null	Null			Kernel Driver	Running
nvraid	nvraid	nvraid.sys	10.6.0.23	Kernel Driver	Stopped
nvstor	nvstor	nvstor.sys	10.6.0.23	Kernel Driver	Stopped
Parport	Parallel port driver	parport.sys	10.0.14393.0	Kernel Driver	Stopped
partmgr	Partition driver	partmgr.sys	10.0.14393.206	Kernel Driver	Running
pci	PCI Bus Driver	pci.sys	10.0.14393.351	Kernel Driver	Running
pciide	pciide	pciide.sys	10.0.14393.0	Kernel Driver	Stopped
pcmcia	pcmcia	pcmcia.sys	10.0.14393.0	Kernel Driver	Stopped
pcw	Performance Counters for Windows Driver	pcw.sys	10.0.14393.0	Kernel Driver	Running
pdc	pdc	pdc.sys	10.0.14393.103	Kernel Driver	Running
PEAUTH	PEAUTH	peauth.sys	10.0.14393.0	Kernel Driver	Running
percsas2i	percsas2i	percsas2i.sys	6.805.3.0	Kernel Driver	Stopped
percsas3i	percsas3i	percsas3i.sys	6.603.6.0	Kernel Driver	Stopped
PptpMiniport	WAN Miniport (PPTP)	raspptp.sys	10.0.14393.0	Kernel Driver	Stopped
Processor	Processor Driver	processr.sys	10.0.14393.0	Kernel Driver	Stopped
Psched	QoS Packet Scheduler	pacer.sys	10.0.14393.0	Kernel Driver	Running
QWAVEdrv	QWAVE driver	qwavedrv.sys	10.0.14393.0	Kernel Driver	Stopped
RasAcd	Remote Access Auto Connection Driver	rasacd.sys	10.0.14393.0	Kernel Driver	Stopped
RasAgileVpn	WAN Miniport (IKEv2)	AgileVpn.sys	10.0.14393.0	Kernel Driver	Stopped
Rasl2tp	WAN Miniport (L2TP)	rasl2tp.sys	10.0.14393.0	Kernel Driver	Stopped
RasPppoe	Remote Access PPPOE Driver	raspppoe.sys	10.0.14393.0	Kernel Driver	Stopped
RasSstp	WAN Miniport (SSTP)	rassstp.sys	10.0.14393.0	Kernel Driver	Stopped
rdbss	Redirected Buffering Sub System	rdbss.sys	10.0.14393.206	File System Driver	Running
rdpbus	Remote Desktop Device Redirector Bus Driver	rdpbus.sys	10.0.14393.0	Kernel Driver	Running
RDPDR	Remote Desktop Device Redirector Driver	rdpdr.sys	10.0.14393.0	Kernel Driver	Stopped
RdpVideoMiniport	Remote Desktop Video Miniport Driver	rdpvideominiport.sys	10.0.14393.0	Kernel Driver	Stopped
rdyboost	ReadyBoost	rdyboost.sys	10.0.14393.0	Kernel Driver	Running
ReFSv1	ReFSv1			File System Driver	Stopped
R-ImageDisk	R-ImageDisk	R-ImageDisk64.sys	0.0.19.2006	Kernel Driver	Stopped
rspndr	Link-Layer Topology Discovery Responder	rspndr.sys	10.0.14393.0	Kernel Driver	Running
s3cap	s3cap	vms3cap.sys	10.0.14393.0	Kernel Driver	Stopped
sbp2port	SBP-2 Transport/Protocol Bus Driver	sbp2port.sys	10.0.14393.0	Kernel Driver	Stopped
scfilter	Smart card PnP Class Filter Driver	scfilter.sys	10.0.14393.0	Kernel Driver	Stopped
scmbus	Microsoft Storage Class Memory Bus Driver	scmbus.sys	10.0.14393.0	Kernel Driver	Stopped
scmdisk0101	Microsoft NVDIMM-N disk driver	scmdisk0101.sys	10.0.14393.0	Kernel Driver	Stopped
sdbus	sdbus	sdbus.sys	10.0.14393.321	Kernel Driver	Stopped
sdstor	SD Storage Port Driver	sdstor.sys	10.0.14393.0	Kernel Driver	Stopped
SerCx	Serial UART Support Library	SerCx.sys	10.0.14393.0	Kernel Driver	Stopped
SerCx2	Serial UART Support Library	SerCx2.sys	10.0.14393.0	Kernel Driver	Stopped
Serenum	Serenum Filter Driver	serenum.sys	10.0.14393.0	Kernel Driver	Running
Serial	Serial port driver	serial.sys	10.0.14393.0	Kernel Driver	Running
sermouse	Serial Mouse Driver	sermouse.sys	10.0.14393.0	Kernel Driver	Stopped
sfloppy	High-Capacity Floppy Disk Drive	sfloppy.sys	10.0.14393.0	Kernel Driver	Stopped
SiSRaid2	SiSRaid2	SiSRaid2.sys	5.1.1039.2600	Kernel Driver	Stopped
SiSRaid4	SiSRaid4	sisraid4.sys	5.1.1039.3600	Kernel Driver	Stopped
snapman	Acronis Snapshots Manager	snapman.sys	4.7.0.2447	Kernel Driver	Running
spaceport	Storage Spaces Driver	spaceport.sys	10.0.14393.351	Kernel Driver	Running
SpbCx	Simple Peripheral Bus Support Library	SpbCx.sys	10.0.14393.0	Kernel Driver	Stopped
srv	Server SMB 1.xxx Driver	srv.sys	10.0.14393.187	File System Driver	Running
srv2	Server SMB 2.xxx Driver	srv2.sys	10.0.14393.206	File System Driver	Running
srvnet	srvnet	srvnet.sys	10.0.14393.187	File System Driver	Running
stexstor	stexstor	stexstor.sys	5.1.0.10	Kernel Driver	Stopped
storahci	Microsoft Standard SATA AHCI Driver	storahci.sys	10.0.14393.206	Kernel Driver	Running
storflt	Microsoft Hyper-V Storage Accelerator	vmstorfl.sys	10.0.14393.0	Kernel Driver	Stopped
stornvme	Microsoft Standard NVM Express Driver	stornvme.sys	10.0.14393.206	Kernel Driver	Stopped
storqosflt	Storage QoS Filter Driver	storqosflt.sys	10.0.14393.0	File System Driver	Running
storufs	Microsoft Universal Flash Storage (UFS) Driver	storufs.sys	10.0.14393.0	Kernel Driver	Stopped
storvsc	storvsc	storvsc.sys	10.0.14393.0	Kernel Driver	Stopped
swenum	Software Bus Driver	swenum.sys	10.0.14393.0	Kernel Driver	Running
Synth3dVsc	Synth3dVsc	Synth3dVsc.sys	10.0.14393.0	Kernel Driver	Stopped
Tcpip	TCP/IP Protocol Driver	tcpip.sys	10.0.14393.351	Kernel Driver	Running
Tcpip6	@todo.dll,-100;Microsoft IPv6 Protocol Driver	tcpip.sys	10.0.14393.351	Kernel Driver	Stopped
tcpipreg	TCP/IP Registry Compatibility	tcpipreg.sys	10.0.14393.0	Kernel Driver	Running
tdx	NetIO Legacy TDI Support Driver	tdx.sys	10.0.14393.0	Kernel Driver	Running
terminpt	Microsoft Remote Desktop Input Driver	terminpt.sys	10.0.14393.0	Kernel Driver	Stopped
tib_mounter	Acronis TIB Mounter	tib_mounter.sys	5.0.0.2257	Kernel Driver	Running
tib	Acronis TIB Manager	tib.sys	1.0.0.1117	Kernel Driver	Running
tnd	Acronis Try&Decide filter	tnd.sys	1.1.0.2275	Kernel Driver	Stopped
TPM	TPM	tpm.sys	10.0.14393.206	Kernel Driver	Stopped
tsusbflt	Remote Desktop USB Hub Class Filter Driver	TsUsbFlt.sys	10.0.14393.0	Kernel Driver	Stopped
TsUsbGD	Remote Desktop Generic USB Device	TsUsbGD.sys	10.0.14393.0	Kernel Driver	Stopped
tsusbhub	Remote Desktop USB Hub	tsusbhub.sys	10.0.14393.0	Kernel Driver	Stopped
tunnel	Microsoft Tunnel Miniport Adapter Driver	tunnel.sys	10.0.14393.0	Kernel Driver	Stopped
UASPStor	USB Attached SCSI (UAS) Driver	uaspstor.sys	10.0.14393.0	Kernel Driver	Stopped
UCGuard	UCGuard	ucguard.sys	0.1.0.85	Kernel Driver	Running
UcmCx0101	USB Connector Manager KMDF Class Extension	UcmCx.sys	10.0.14393.0	Kernel Driver	Stopped
UcmTcpciCx0101	UCM-TCPCI KMDF Class Extension	UcmTcpciCx.sys	10.0.14393.0	Kernel Driver	Stopped
UcmUcsi	USB Connector Manager UCSI Client	UcmUcsi.sys	10.0.14393.0	Kernel Driver	Stopped
Ucx01000	USB Host Support Library	ucx01000.sys	10.0.14393.0	Kernel Driver	Running
UdeCx	USB Device Emulation Support Library	udecx.sys	10.0.14393.0	Kernel Driver	Stopped
udfs	udfs	udfs.sys	10.0.14393.0	File System Driver	Stopped
UEFI	Microsoft UEFI Driver	UEFI.sys	10.0.14393.0	Kernel Driver	Stopped
UevAgentDriver	UevAgentDriver	UevAgentDriver.sys	10.0.14393.0	File System Driver	Stopped
Ufx01000	USB Function Class Extension	ufx01000.sys	10.0.14393.0	Kernel Driver	Stopped
UfxChipidea	USB Chipidea Controller	UfxChipidea.sys	10.0.14393.0	Kernel Driver	Stopped
ufxsynopsys	USB Synopsys Controller	ufxsynopsys.sys	10.0.14393.0	Kernel Driver	Stopped
umbus	UMBus Enumerator Driver	umbus.sys	10.0.14393.0	Kernel Driver	Running
UmPass	Microsoft UMPass Driver	umpass.sys	10.0.14393.0	Kernel Driver	Stopped
UrsChipidea	Chipidea USB Role-Switch Driver	urschipidea.sys	10.0.14393.0	Kernel Driver	Stopped
UrsCx01000	USB Role-Switch Support Library	urscx01000.sys	10.0.14393.0	Kernel Driver	Stopped
UrsSynopsys	Synopsys USB Role-Switch Driver	urssynopsys.sys	10.0.14393.0	Kernel Driver	Stopped
usbaudio	USB Audio Driver (WDM)	usbaudio.sys	10.0.14393.0	Kernel Driver	Stopped
usbccgp	Microsoft USB Generic Parent Driver	usbccgp.sys	10.0.14393.0	Kernel Driver	Running
usbcir	eHome Infrared Receiver (USBCIR)	usbcir.sys	10.0.14393.0	Kernel Driver	Stopped
usbehci	Microsoft USB 2.0 Enhanced Host Controller Miniport Driver	usbehci.sys	10.0.14393.0	Kernel Driver	Running
usbhub	Microsoft USB Standard Hub Driver	usbhub.sys	10.0.14393.0	Kernel Driver	Running
USBHUB3	SuperSpeed Hub	UsbHub3.sys	10.0.14393.0	Kernel Driver	Running
usbohci	Microsoft USB Open Host Controller Miniport Driver	usbohci.sys	10.0.14393.0	Kernel Driver	Stopped
usbprint	Microsoft USB PRINTER Class	usbprint.sys	10.0.14393.0	Kernel Driver	Stopped
usbser	Microsoft USB Serial Driver	usbser.sys	10.0.14393.0	Kernel Driver	Stopped
USBSTOR	USB Mass Storage Driver	USBSTOR.SYS	10.0.14393.0	Kernel Driver	Running
usbuhci	Microsoft USB Universal Host Controller Miniport Driver	usbuhci.sys	10.0.14393.0	Kernel Driver	Stopped
USBXHCI	USB xHCI Compliant Host Controller	USBXHCI.SYS	10.0.14393.0	Kernel Driver	Running
vdrvroot	Microsoft Virtual Drive Enumerator	vdrvroot.sys	10.0.14393.0	Kernel Driver	Running
VerifierExt	VerifierExt	VerifierExt.sys	10.0.14393.0	Kernel Driver	Stopped
vhdmp	vhdmp	vhdmp.sys	10.0.14393.447	Kernel Driver	Stopped
vhf	Virtual HID Framework (VHF) Driver	vhf.sys	10.0.14393.0	Kernel Driver	Stopped
vmbus	Virtual Machine Bus	vmbus.sys	10.0.14393.0	Kernel Driver	Stopped
VMBusHID	VMBusHID	VMBusHID.sys	10.0.14393.0	Kernel Driver	Stopped
vmgid	Microsoft Hyper-V Guest Infrastructure Driver	vmgid.sys	10.0.14393.0	Kernel Driver	Stopped
volmgr	Volume Manager Driver	volmgr.sys	10.0.14393.0	Kernel Driver	Running
volmgrx	Dynamic Volume Manager	volmgrx.sys	10.0.14393.0	Kernel Driver	Running
volsnap	Volume Shadow Copy driver	volsnap.sys	10.0.14393.0	Kernel Driver	Running
volume	Volume driver	volume.sys	10.0.14393.0	Kernel Driver	Running
vpci	Microsoft Hyper-V Virtual PCI Bus	vpci.sys	10.0.14393.206	Kernel Driver	Stopped
vsmraid	vsmraid	vsmraid.sys	7.0.9600.6352	Kernel Driver	Stopped
VSTXRAID	VIA StorX Storage RAID Controller Windows Driver	vstxraid.sys	8.0.9200.8110	Kernel Driver	Stopped
vwifibus	Virtual Wireless Bus Driver	vwifibus.sys	10.0.14393.0	Kernel Driver	Stopped
vwififlt	Virtual WiFi Filter Driver	vwififlt.sys	10.0.14393.0	Kernel Driver	Running
vwifimp	Virtual WiFi Miniport Service	vwifimp.sys	10.0.14393.0	Kernel Driver	Stopped
WacomPen	Wacom Serial Pen HID Driver	wacompen.sys	10.0.14393.0	Kernel Driver	Stopped
wanarp	Remote Access IP ARP Driver	wanarp.sys	10.0.14393.0	Kernel Driver	Running
wanarpv6	Remote Access IPv6 ARP Driver	wanarp.sys	10.0.14393.0	Kernel Driver	Stopped
wcifs	Windows Container Isolation	wcifs.sys	10.0.14393.206	File System Driver	Running
wcnfs	Windows Container Name Virtualization	wcnfs.sys	10.0.14393.0	File System Driver	Running
WdBoot	Windows Defender Boot Driver	WdBoot.sys	4.10.14393.0	Kernel Driver	Stopped
WDC_SAM	WD SCSI Pass Thru driver	wdcsam64.sys	1.1.0.0	Kernel Driver	Stopped
Wdf01000	Kernel Mode Driver Frameworks service	Wdf01000.sys	1.19.14393.0	Kernel Driver	Running
WdFilter	Windows Defender Mini-Filter Driver	WdFilter.sys	4.10.14393.0	File System Driver	Stopped
wdiwifi	WDI Driver Framework	wdiwifi.sys	10.0.14393.206	Kernel Driver	Stopped
WdNisDrv	Windows Defender Network Inspection System Driver	WdNisDrv.sys	4.10.14393.0	Kernel Driver	Stopped
WFPLWFS	Microsoft Windows Filtering Platform	wfplwfs.sys	10.0.14393.0	Kernel Driver	Running
WIMMount	WIMMount	wimmount.sys	10.0.14393.0	File System Driver	Stopped
WindowsTrustedRT	Windows Trusted Execution Environment Class Extension	WindowsTrustedRT.sys	10.0.14393.0	Kernel Driver	Running
WindowsTrustedRTProxy	Microsoft Windows Trusted Runtime Secure Service	WindowsTrustedRTProxy.sys	10.0.14393.0	Kernel Driver	Running
WinMad	WinMad Service	winmad.sys	5.1.11548.0	Kernel Driver	Stopped
WINUSB	WinUsb Driver	WinUSB.SYS	10.0.14393.0	Kernel Driver	Stopped
WinVerbs	WinVerbs Service	winverbs.sys	5.1.11548.0	Kernel Driver	Stopped
WmiAcpi	Microsoft Windows Management Interface for ACPI	wmiacpi.sys	10.0.14393.0	Kernel Driver	Stopped
Wof	Windows Overlay File System Filter Driver			File System Driver	Running
WpdUpFltr	WPD Upper Class Filter Driver	WpdUpFltr.sys	10.0.14393.0	Kernel Driver	Running
ws2ifsl	Windows Socket 2.0 Non-IFS Service Provider Support Environment	ws2ifsl.sys	10.0.14393.0	Kernel Driver	Stopped
WudfPf	User Mode Driver Frameworks Platform Driver	WudfPf.sys	10.0.14393.0	Kernel Driver	Running
WUDFRd	WUDFRd	WudfRd.sys	10.0.14393.0	Kernel Driver	Running
WUDFWpdFs	WUDFWpdFs	WUDFRd.sys	10.0.14393.0	Kernel Driver	Running
WUDFWpdMtp	WUDFWpdMtp	WUDFRd.sys	10.0.14393.0	Kernel Driver	Running
xboxgip	Xbox Game Input Protocol Driver	xboxgip.sys	10.0.14393.351	Kernel Driver	Stopped
xinputhid	XINPUT HID Filter Driver	xinputhid.sys	10.0.14393.103	Kernel Driver	Stopped

Services


Service Name	Service Description	File Name	Version	Type	State	Account
AcrSch2Svc	Acronis Scheduler2 Service	schedul2.exe	8.0.0.8278	Own Process	Stopped	LocalSystem
AdobeARMservice	Adobe Acrobat Update Service	armsvc.exe	1.824.21.1354	Own Process	Stopped	LocalSystem
afcdpsrv	Acronis Nonstop Backup Service	afcdpsrv.exe	3.0.0.4281	Own Process	Stopped	LocalSystem
AGSService	Adobe Genuine Software Integrity Service	AGSService.exe	3.3.0.348	Own Process	Stopped	LocalSystem
AJRouter	AllJoyn Router Service	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
ALG	Application Layer Gateway Service	alg.exe	10.0.14393.0	Own Process	Stopped	NT AUTHORITY\LocalService
AMD External Events Utility	AMD External Events Utility	atiesrxx.exe	21.19.137.1	Own Process	Running	LocalSystem
AppIDSvc	Application Identity	svchost.exe	10.0.14393.0	Share Process	Stopped	NT Authority\LocalService
Appinfo	Application Information	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
AppMgmt	Application Management	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
AppReadiness	App Readiness	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
AppVClient	Microsoft App-V Client	AppVClient.exe	10.0.14393.206	Own Process	Stopped	LocalSystem
AppXSvc	AppX Deployment Service (AppXSVC)	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
AudioEndpointBuilder	Windows Audio Endpoint Builder	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
Audiosrv	Windows Audio	svchost.exe	10.0.14393.0	Own Process	Running	NT AUTHORITY\LocalService
AvgAMPS	AvgAMPS	avgamps.exe	16.141.0.7996	Own Process	Stopped	LocalSystem
AVGIDSAgent	AVGIDSAgent	avgidsagenta.exe	16.141.0.7996	Own Process	Running	LocalSystem
avgsvc	AVG Service	avgsvca.exe	1.143.2.51391	Own Process	Stopped	LocalSystem
avgwd	AVG WatchDog	avgwdsvca.exe	16.141.0.7996	Own Process	Stopped	LocalSystem
AxInstSV	ActiveX Installer (AxInstSV)	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
BDESVC	BitLocker Drive Encryption Service	svchost.exe	10.0.14393.0	Share Process	Stopped	localSystem
BFE	Base Filtering Engine	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\LocalService
BITS	Background Intelligent Transfer Service	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
BrokerInfrastructure	Background Tasks Infrastructure Service	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
Browser	Computer Browser	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
BthHFSrv	Bluetooth Handsfree Service	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
bthserv	Bluetooth Support Service	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
CDPSvc	Connected Devices Platform Service	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\LocalService
CDPUserSvc_55c81	CDPUserSvc_55c81	svchost.exe	10.0.14393.0	Unknown	Running
CertPropSvc	Certificate Propagation	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
ClipSVC	Client License Service (ClipSVC)	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
COMSysApp	COM+ System Application	dllhost.exe	10.0.14393.0	Own Process	Stopped	LocalSystem
CoreMessagingRegistrar	CoreMessaging	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\LocalService
CryptSvc	Cryptographic Services	svchost.exe	10.0.14393.0	Share Process	Running	NT Authority\NetworkService
CscService	Offline Files	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
dbupdate	Dropbox Update Service (dbupdate)	DropboxUpdate.exe	1.3.27.73	Own Process	Stopped	LocalSystem
dbupdatem	Dropbox Update Service (dbupdatem)	DropboxUpdate.exe	1.3.27.73	Own Process	Stopped	LocalSystem
DbxSvc	DbxSvc	DbxSvc.exe	1.0.20.0	Own Process	Stopped	LocalSystem
DcomLaunch	DCOM Server Process Launcher	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
DcpSvc	DataCollectionPublishingService	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
defragsvc	Optimize drives	svchost.exe	10.0.14393.0	Own Process	Stopped	localSystem
DeviceAssociationService	Device Association Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
DeviceInstall	Device Install Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
DevQueryBroker	DevQuery Background Discovery Broker	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
Dhcp	DHCP Client	svchost.exe	10.0.14393.0	Share Process	Running	NT Authority\LocalService
diagnosticshub.standardcollector.service	Microsoft (R) Diagnostics Hub Standard Collector Service	DiagnosticsHub.StandardCollector.Service.exe	11.0.14393.0	Own Process	Stopped	LocalSystem
DmEnrollmentSvc	Device Management Enrollment Service	svchost.exe	10.0.14393.0	Own Process	Stopped	LocalSystem
Dnscache	DNS Client	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\NetworkService
DoSvc	Delivery Optimization	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
dot3svc	Wired AutoConfig	svchost.exe	10.0.14393.0	Share Process	Stopped	localSystem
DPS	Diagnostic Policy Service	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\LocalService
DsmSvc	Device Setup Manager	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
DsSvc	Data Sharing Service	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
EapHost	Extensible Authentication Protocol	svchost.exe	10.0.14393.0	Share Process	Stopped	localSystem
ed2kidle	ed2k idle service	ed2k.exe		Own Process	Stopped	LocalSystem
EFS	Encrypting File System (EFS)	lsass.exe	10.0.14393.187	Share Process	Stopped	LocalSystem
embeddedmode	Embedded Mode	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
EntAppSvc	Enterprise App Management Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
EventLog	Windows Event Log	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\LocalService
EventSystem	COM+ Event System	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\LocalService
Fax	Fax	fxssvc.exe	10.0.14393.0	Own Process	Stopped	NT AUTHORITY\NetworkService
fdPHost	Function Discovery Provider Host	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
FDResPub	Function Discovery Resource Publication	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
fhsvc	File History Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
FontCache	Windows Font Cache Service	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\LocalService
FrameServer	Windows Camera Frame Server	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
gpsvc	Group Policy Client	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
gupdate	Google Update Service (gupdate)	GoogleUpdate.exe	1.3.29.5	Own Process	Stopped	LocalSystem
gupdatem	Google Update Service (gupdatem)	GoogleUpdate.exe	1.3.29.5	Own Process	Stopped	LocalSystem
hidserv	Human Interface Device Service	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
HomeGroupListener	HomeGroup Listener	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
HomeGroupProvider	HomeGroup Provider	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
HPWriter Service	HPWriter Service	HPWriterSrv3.exe		Own Process	Stopped	LocalSystem
HvHost	HV Host Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
icssvc	Windows Mobile Hotspot Service	svchost.exe	10.0.14393.0	Share Process	Stopped	NT Authority\LocalService
IKEEXT	IKE and AuthIP IPsec Keying Modules	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
iphlpsvc	IP Helper	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
irmon	Infrared monitor service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
KeyIso	CNG Key Isolation	lsass.exe	10.0.14393.187	Share Process	Running	LocalSystem
KtmRm	KtmRm for Distributed Transaction Coordinator	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\NetworkService
Kuaizip Update Checker	Kuaizip Update Checker	svchost.exe	10.0.14393.0	Own Process	Running	LocalSystem
LanmanServer	Server	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
LanmanWorkstation	Workstation	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\NetworkService
lfsvc	Geolocation Service	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
LicenseManager	Windows License Manager Service	svchost.exe	10.0.14393.0	Share Process	Running	NT Authority\LocalService
lltdsvc	Link-Layer Topology Discovery Mapper	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
lmhosts	TCP/IP NetBIOS Helper	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\LocalService
LSM	Local Session Manager	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
MapsBroker	Downloaded Maps Manager	svchost.exe	10.0.14393.0	Own Process	Stopped	NT AUTHORITY\NetworkService
MessagingService_55c81	MessagingService_55c81	svchost.exe	10.0.14393.0	Unknown	Stopped
Microsoft Office Groove Audit Service	Microsoft Office Groove Audit Service	GrooveAuditService.exe	12.0.4518.1014	Own Process	Stopped	NT AUTHORITY\LocalService
mmsminisrv	Acronis Managed Machine Service Mini	mms_mini.exe	12.0.0.29	Own Process	Stopped	LocalSystem
MpsSvc	Windows Firewall	svchost.exe	10.0.14393.0	Share Process	Running	NT Authority\LocalService
MSDTC	Distributed Transaction Coordinator	msdtc.exe	2001.12.10941.16384	Own Process	Stopped	NT AUTHORITY\NetworkService
MSiSCSI	Microsoft iSCSI Initiator Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
msiserver	Windows Installer	msiexec.exe	5.0.14393.0	Own Process	Stopped	LocalSystem
NcaSvc	Network Connectivity Assistant	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
NcbService	Network Connection Broker	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
NcdAutoSetup	Network Connected Devices Auto-Setup	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
Netlogon	Netlogon	lsass.exe	10.0.14393.187	Share Process	Stopped	LocalSystem
Netman	Network Connections	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
netprofm	Network List Service	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\LocalService
NetSetupSvc	Network Setup Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
NetTcpPortSharing	Net.Tcp Port Sharing Service	SMSvcHost.exe	4.6.1586.0	Share Process	Stopped	NT AUTHORITY\LocalService
NgcCtnrSvc	Microsoft Passport Container	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
NgcSvc	Microsoft Passport	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
NlaSvc	Network Location Awareness	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\NetworkService
nsi	Network Store Interface Service	svchost.exe	10.0.14393.0	Share Process	Running	NT Authority\LocalService
odserv	Microsoft Office Diagnostics Service	ODSERV.EXE	12.0.4518.1014	Own Process	Stopped	LocalSystem
OneSyncSvc_55c81	Sync Host_55c81	svchost.exe	10.0.14393.0	Unknown	Running
OS Selector	Acronis OS Selector activator	reinstall_svc.exe		Own Process	Stopped	LocalSystem
ose	Office Source Engine	OSE.EXE	12.0.4518.1014	Own Process	Stopped	LocalSystem
p2pimsvc	Peer Networking Identity Manager	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
p2psvc	Peer Networking Grouping	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
PcaSvc	Program Compatibility Assistant Service	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
PeerDistSvc	BranchCache	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\NetworkService
PerfHost	Performance Counter DLL Host	perfhost.exe	10.0.14393.0	Own Process	Stopped	NT AUTHORITY\LocalService
PhoneSvc	Phone Service	svchost.exe	10.0.14393.0	Share Process	Stopped	NT Authority\LocalService
PimIndexMaintenanceSvc_55c81	Contact Data_55c81	svchost.exe	10.0.14393.0	Unknown	Running
pla	Performance Logs & Alerts	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
PlugPlay	Plug and Play	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
PNRPAutoReg	PNRP Machine Name Publication Service	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
PNRPsvc	Peer Name Resolution Protocol	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
PolicyAgent	IPsec Policy Agent	svchost.exe	10.0.14393.0	Share Process	Stopped	NT Authority\NetworkService
Power	Power	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
PrintNotify	Printer Extensions and Notifications	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
ProfSvc	User Profile Service	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
Quoteex	Quoteex	Quoteex.dat" -l -a		Own Process	Stopped	LocalSystem
QWAVE	Quality Windows Audio Video Experience	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
RasAuto	Remote Access Auto Connection Manager	svchost.exe	10.0.14393.0	Share Process	Stopped	localSystem
RasMan	Remote Access Connection Manager	svchost.exe	10.0.14393.0	Share Process	Stopped	localSystem
RemoteAccess	Routing and Remote Access	svchost.exe	10.0.14393.0	Share Process	Stopped	localSystem
RemoteRegistry	Remote Registry	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
RetailDemo	Retail Demo Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
RmSvc	Radio Management Service	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
RpcEptMapper	RPC Endpoint Mapper	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\NetworkService
RpcLocator	Remote Procedure Call (RPC) Locator	locator.exe	10.0.14393.0	Own Process	Stopped	NT AUTHORITY\NetworkService
RpcSs	Remote Procedure Call (RPC)	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\NetworkService
SamSs	Security Accounts Manager	lsass.exe	10.0.14393.187	Share Process	Running	LocalSystem
SCardSvr	Smart Card	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
ScDeviceEnum	Smart Card Device Enumeration Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
Schedule	Task Scheduler	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
SCPolicySvc	Smart Card Removal Policy	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
SDRSVC	Windows Backup	svchost.exe	10.0.14393.0	Own Process	Stopped	localSystem
seclogon	Secondary Logon	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
SENS	System Event Notification Service	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
Sense	Windows Defender Advanced Threat Protection Service	MsSense.exe		Own Process	Stopped	LocalSystem
SensorDataService	Sensor Data Service	SensorDataService.exe	10.0.14393.187	Own Process	Stopped	LocalSystem
SensorService	Sensor Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
SensrSvc	Sensor Monitoring Service	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
SessionEnv	Remote Desktop Configuration	svchost.exe	10.0.14393.0	Share Process	Stopped	localSystem
SharedAccess	Internet Connection Sharing (ICS)	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
ShellHWDetection	Shell Hardware Detection	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
shpamsvc	Shared PC Account Manager	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
smphost	Microsoft Storage Spaces SMP	svchost.exe	10.0.14393.0	Own Process	Stopped	NT AUTHORITY\NetworkService
SmsRouter	Microsoft Windows SMS Router Service.	svchost.exe	10.0.14393.0	Share Process	Stopped	localSystem
SNMPTRAP	SNMP Trap	snmptrap.exe	10.0.14393.0	Own Process	Stopped	NT AUTHORITY\LocalService
Spooler	Print Spooler	spoolsv.exe	10.0.14393.351	Own Process	Running	LocalSystem
sppsvc	Software Protection	sppsvc.exe	10.0.14393.351	Own Process	Running	NT AUTHORITY\NetworkService
SSDPSRV	SSDP Discovery	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\LocalService
SstpSvc	Secure Socket Tunneling Protocol Service	svchost.exe	10.0.14393.0	Share Process	Stopped	NT Authority\LocalService
StateRepository	State Repository Service	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
stisvc	Windows Image Acquisition (WIA)	svchost.exe	10.0.14393.0	Own Process	Stopped	NT Authority\LocalService
StorSvc	Storage Service	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
svsvc	Spot Verifier	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
swprv	Microsoft Software Shadow Copy Provider	svchost.exe	10.0.14393.0	Own Process	Stopped	LocalSystem
syncagentsrv	Acronis Sync Agent Service	syncagentsrv.exe	19.0.0.2322	Own Process	Stopped	LocalSystem
SysMain	Superfetch	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
SystemEventsBroker	System Events Broker	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
TabletInputService	Touch Keyboard and Handwriting Panel Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
TapiSrv	Telephony	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\NetworkService
TermService	Remote Desktop Services	svchost.exe	10.0.14393.0	Share Process	Stopped	NT Authority\NetworkService
Themes	Themes	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
TieringEngineService	Storage Tiers Management	TieringEngineService.exe	10.0.14393.0	Own Process	Stopped	localSystem
tiledatamodelsvc	Tile Data model server	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
TimeBrokerSvc	Time Broker	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\LocalService
TrkWks	Distributed Link Tracking Client	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
TrustedInstaller	Windows Modules Installer	TrustedInstaller.exe	10.0.14393.0	Own Process	Stopped	localSystem
tzautoupdate	Auto Time Zone Updater	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
UevAgentService	User Experience Virtualization Service	AgentService.exe	10.0.14393.0	Own Process	Stopped	LocalSystem
UI0Detect	Interactive Services Detection	UI0Detect.exe	10.0.14393.0	Own Process	Stopped	LocalSystem
UmRdpService	Remote Desktop Services UserMode Port Redirector	svchost.exe	10.0.14393.0	Share Process	Stopped	localSystem
UnistoreSvc_55c81	User Data Storage_55c81	svchost.exe	10.0.14393.0	Unknown	Running
upnphost	UPnP Device Host	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
UserDataSvc_55c81	User Data Access_55c81	svchost.exe	10.0.14393.0	Unknown	Running
UserManager	User Manager	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
UsoSvc	Update Orchestrator Service for Windows Update	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
VaultSvc	Credential Manager	lsass.exe	10.0.14393.187	Share Process	Running	LocalSystem
vds	Virtual Disk	vds.exe	10.0.14393.0	Own Process	Stopped	LocalSystem
vmicguestinterface	Hyper-V Guest Service Interface	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
vmicheartbeat	Hyper-V Heartbeat Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
vmickvpexchange	Hyper-V Data Exchange Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
vmicrdv	Hyper-V Remote Desktop Virtualization Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
vmicshutdown	Hyper-V Guest Shutdown Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
vmictimesync	Hyper-V Time Synchronization Service	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
vmicvmsession	Hyper-V PowerShell Direct Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
vmicvss	Hyper-V Volume Shadow Copy Requestor	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
VSS	Volume Shadow Copy	vssvc.exe	10.0.14393.0	Own Process	Stopped	LocalSystem
vToolbarUpdater40.3.6	vToolbarUpdater40.3.6	ToolbarUpdater.exe	4.3.6.255	Own Process	Stopped	LocalSystem
W32Time	Windows Time	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
WalletService	WalletService	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
wbengine	Block Level Backup Engine Service	wbengine.exe	10.0.14393.0	Own Process	Stopped	localSystem
WbioSrvc	Windows Biometric Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
Wcmsvc	Windows Connection Manager	svchost.exe	10.0.14393.0	Own Process	Running	NT Authority\LocalService
wcncsvc	Windows Connect Now - Config Registrar	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
WdiServiceHost	Diagnostic Service Host	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\LocalService
WdiSystemHost	Diagnostic System Host	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
WdNisSvc	Windows Defender Network Inspection Service	NisSrv.exe		Own Process	Stopped	NT AUTHORITY\LocalService
WebClient	WebClient	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
Wecsvc	Windows Event Collector	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\NetworkService
WEPHOSTSVC	Windows Encryption Provider Host Service	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
wercplsupport	Problem Reports and Solutions Control Panel Support	svchost.exe	10.0.14393.0	Share Process	Stopped	localSystem
WerSvc	Windows Error Reporting Service	svchost.exe	10.0.14393.0	Own Process	Stopped	localSystem
WiaRpc	Still Image Acquisition Events	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
WinDefend	Windows Defender Service	MsMpEng.exe		Own Process	Stopped	LocalSystem
WinHttpAutoProxySvc	WinHTTP Web Proxy Auto-Discovery Service	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\LocalService
Winmgmt	Windows Management Instrumentation	svchost.exe	10.0.14393.0	Share Process	Running	localSystem
WinRM	Windows Remote Management (WS-Management)	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\NetworkService
wisvc	Windows Insider Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
WlanSvc	WLAN AutoConfig	svchost.exe	10.0.14393.0	Own Process	Running	LocalSystem
wlidsvc	Microsoft Account Sign-in Assistant	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
wmiApSrv	WMI Performance Adapter	WmiApSrv.exe	10.0.14393.0	Own Process	Stopped	localSystem
WMPNetworkSvc	Windows Media Player Network Sharing Service	wmpnetwk.exe		Own Process	Stopped	NT AUTHORITY\NetworkService
workfolderssvc	Work Folders	svchost.exe	10.0.14393.0	Share Process	Stopped	NT AUTHORITY\LocalService
WPDBusEnum	Portable Device Enumerator Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
WpnService	Windows Push Notifications System Service	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
WpnUserService_55c81	Windows Push Notifications User Service_55c81	svchost.exe	10.0.14393.0	Unknown	Stopped
wscsvc	Security Center	svchost.exe	10.0.14393.0	Share Process	Running	NT AUTHORITY\LocalService
WSearch	Windows Search	SearchIndexer.exe	7.0.14393.206	Own Process	Running	LocalSystem
WtuSystemSupport	WtuSystemSupport	WtuSystemSupport.exe	4.3.6.255	Own Process	Stopped	LocalSystem
wuauserv	Windows Update	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
wudfsvc	Windows Driver Foundation - User-mode Driver Framework	svchost.exe	10.0.14393.0	Share Process	Running	LocalSystem
WwanSvc	WWAN AutoConfig	svchost.exe	10.0.14393.0	Share Process	Stopped	NT Authority\LocalService
XblAuthManager	Xbox Live Auth Manager	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
XblGameSave	Xbox Live Game Save	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem
XboxNetApiSvc	Xbox Live Networking Service	svchost.exe	10.0.14393.0	Share Process	Stopped	LocalSystem

AX Files


AX File	Version	Description
bdaplgin.ax	10.0.14393.0	Microsoft BDA Device Control Plug-in for MPEG2 based networks.
g711codc.ax	10.0.14393.0	Intel G711 CODEC
iac25_32.ax	2.0.5.53	Indeo® audio software
ir41_32.ax	10.0.14393.0	IR41_32 WRAPPER DLL
ivfsrc.ax	5.10.2.51	Intel Indeo® video IVF Source Filter 5.10
ksproxy.ax	10.0.14393.0	WDM Streaming ActiveMovie Proxy
kstvtune.ax	10.0.14393.0	WDM Streaming TvTuner
kswdmcap.ax	10.0.14393.0	WDM Streaming Video Capture
ksxbar.ax	10.0.14393.0	WDM Streaming Crossbar
mpeg2data.ax	10.0.14393.0	Microsoft MPEG-2 Section and Table Acquisition Module
mpg2splt.ax	10.0.14393.0	DirectShow MPEG-2 Splitter.
msdvbnp.ax	10.0.14393.0	Microsoft Network Provider for MPEG2 based networks.
msnp.ax	10.0.14393.0	Microsoft Network Provider for MPEG2 based networks.
psisrndr.ax	10.0.14393.0	Microsoft Transport Information Filter for MPEG2 based networks.
vbicodec.ax	10.0.14393.0	Microsoft VBI Codec
vbisurf.ax	10.0.14393.0	VBI Surface Allocator Filter
vidcap.ax	10.0.14393.0	Video Capture Interface Server
wstpager.ax	10.0.14393.0	Microsoft Teletext Server

DLL Files


DLL File	Version	Description
aadtb.dll	10.0.14393.321	AAD Token Broker Helper Library
abovelockapphost.dll	10.0.14393.206	AboveLockAppHost
accessibilitycpl.dll	10.0.14393.0	Ease of access control panel
accountaccessor.dll	10.0.14393.0	Sync data model to access accounts
accountsrt.dll	10.0.14393.0	Accounts RT utilities for mail, contacts, calendar
acctres.dll	10.0.14393.0	Microsoft Internet Account Manager Resources
acledit.dll	10.0.14393.0	Access Control List Editor
aclui.dll	10.0.14393.187	Security Descriptor Editor
acppage.dll	10.0.14393.0	Compatibility Tab Shell Extension Library
actioncenter.dll	10.0.14393.0	Security and Maintenance
actioncentercpl.dll	10.0.14393.447	Security and Maintenance Control Panel
activationclient.dll	10.0.14393.0	Activation Client
activationmanager.dll	10.0.14393.0	Activation Manager
activeds.dll	10.0.14393.0	ADs Router Layer DLL
activesyncprovider.dll	10.0.14393.0	The engine that syncs ActiveSync accounts
actxprxy.dll	10.0.14393.0	ActiveX Interface Marshaling Library
addressparser.dll	10.0.14393.187	ADDRESSPARSER
admtmpl.dll	10.0.14393.0	Administrative Templates Extension
adprovider.dll	10.0.14393.0	adprovider DLL
adrclient.dll	10.0.14393.0	Microsoft® Access Denied Remediation Client
adsldp.dll	10.0.14393.0	ADs LDAP Provider DLL
adsldpc.dll	10.0.14393.0	ADs LDAP Provider C DLL
adsmsext.dll	10.0.14393.321	ADs LDAP Provider DLL
adsnt.dll	10.0.14393.0	ADs Windows NT Provider DLL
adtschema.dll	10.0.14393.0	Security Audit Schema DLL
advapi32.dll	10.0.14393.0	Advanced Windows 32 Base API
advapi32res.dll	10.0.14393.0	Advanced Windows 32 Base API
advpack.dll	11.0.14393.0	ADVPACK
aeevts.dll	10.0.14393.0	Application Experience Event Resources
amdave32.dll	21.19.137.1	Radeon AMD AVE Driver Component
amdgfxinfo32.dll
amdhcp32.dll	21.19.137.1	Universal Adapter for Adobe
amdlvr32.dll	1.0.5.1	LiquidVR SDK 1.0
amdmcl32.dll	1.6.0.0	Radeon MCL Universal Driver
amdpcom32.dll	21.19.137.1	Radeon PCOM Universal Driver
amdvlk32.dll	1.0.21.0	Vulkan driver, support for SI family and above
amfrt32.dll	1.3.0.5	Advanced Media Framework
amsi.dll	10.0.14393.0	Anti-Malware Scan Interface
amstream.dll	10.0.14393.0	DirectShow Runtime.
apds.dll	10.0.14393.0	Microsoft® Help Data Services Module
aphostclient.dll	10.0.14393.0	Accounts Host Service RPC Client
appcapture.dll	10.0.14393.447	Windows Runtime AppCapture DLL
appcontracts.dll	10.0.14393.206	Windows AppContracts API Server
appextension.dll	10.0.14393.0	AppExtension API
apphelp.dll	10.0.14393.0	Application Compatibility Client Library
apphlpdm.dll	10.0.14393.0	Application Compatibility Help Module
appidapi.dll	10.0.14393.0	Application Identity APIs Dll
appidpolicyengineapi.dll	10.0.14393.0	AppId Policy Engine API Module
applockercsp.dll	10.0.14393.0	AppLockerCSP
appmanagementconfiguration.dll	10.0.14393.0	Application Management Configuration
appmgmts.dll	10.0.14393.0	Software installation Service
appmgr.dll	10.0.14393.0	Software Installation Snapin Extenstion
appointmentactivation.dll	10.0.14393.187	DLL for AppointmentActivation
appointmentapis.dll	10.0.14393.321	DLL for CalendarRT
apprepapi.dll	10.0.14393.321	Application Reputation APIs Dll
apprepsync.dll	10.0.14393.321	AppRepSync Task
appvclientps.dll	10.0.14393.0	Microsoft Application Virtualization Client API Proxy Stub
appventsubsystems32.dll	10.0.14393.0	Client Virtualization Subsystems
appvsentinel.dll	10.0.14393.0	Microsoft Application Virtualization Client Sentinel DLL
appvterminator.dll	10.0.14393.0	Microsoft Application Virtualization Terminator
appxalluserstore.dll	10.0.14393.0	AppX All User Store DLL
appxapplicabilityengine.dll	10.0.14393.0	AppX Applicability Engine
appxdeploymentclient.dll	10.0.14393.351	AppX Deployment Client DLL
appxpackaging.dll	10.0.14393.321	Native Code Appx Packaging Library
appxsip.dll	10.0.14393.0	Appx Subject Interface Package
asferror.dll	12.0.14393.0	ASF Error Definitions
aspnet_counters.dll	4.6.1586.0	Microsoft ASP.NET Performance Counter Shim DLL
asycfilt.dll	10.0.14393.447	ASYCFILT.DLL
atiadlxx.dll	21.19.137.1	ADL
atiadlxy.dll	21.19.137.1	ADL
aticfx32.dll	8.17.10.1484	aticfxstub32.dll
atidxx32.dll	8.17.10.690	atidxxstub32.dll
atigktxx.dll	21.19.137.1	atigktxx.dll
atimpc32.dll	21.19.137.1	Radeon PCOM Universal Driver
atisamu32.dll	21.19.137.1	Radeon spu api dll
atl.dll	3.5.2284.0	ATL Module for Windows XP (Unicode)
atl100.dll	10.0.40219.325	ATL Module for Windows
atl110.dll	11.0.50727.1	ATL Module for Windows
atlthunk.dll	10.0.14393.0	atlthunk.dll
atmfd.dll	5.1.2.250	Windows NT OpenType/Type 1 Font Driver
atmlib.dll	5.1.2.250	Windows NT OpenType/Type 1 API Library.
audiodev.dll	10.0.14393.0	Portable Media Devices Shell Extension
audioeng.dll	10.0.14393.0	Audio Engine
audiokse.dll	10.0.14393.0	Audio Ks Endpoint
audioses.dll	10.0.14393.447	Audio Session
auditnativesnapin.dll	10.0.14393.0	Audit Policy Group Policy Editor Extension
auditpolcore.dll	10.0.14393.0	Audit Policy Program
auditpolicygpinterop.dll	10.0.14393.0	Audit Policy GP Module
auditpolmsg.dll	10.0.14393.0	Audit Policy MMC SnapIn Messages
authbroker.dll	10.0.14393.321	Web Authentication WinRT API
authbrokerui.dll	10.0.14393.0	AuthBroker UI
authext.dll	10.0.14393.447	Authentication Extensions
authfwcfg.dll	10.0.14393.0	Windows Firewall with Advanced Security Configuration Helper
authfwgp.dll	10.0.14393.0	Windows Firewall with Advanced Security Group Policy Editor Extension
authfwsnapin.dll	10.0.14393.0	Microsoft.WindowsFirewall.SnapIn
authfwwizfwk.dll	10.0.14393.0	Wizard Framework
authui.dll	10.0.14393.447	Windows Authentication UI
authz.dll	10.0.14393.0	Authorization Framework
autoplay.dll	10.0.14393.351	AutoPlay Control Panel
avicap32.dll	10.0.14393.0	AVI Capture window class
avifil32.dll	10.0.14393.0	Microsoft AVI File support library
avrt.dll	10.0.14393.0	Multimedia Realtime Runtime
azroles.dll	10.0.14393.0	azroles Module
azroleui.dll	10.0.14393.0	Authorization Manager
azsqlext.dll	10.0.14393.0	AzMan Sql Audit Extended Stored Procedures Dll
azuresettingsyncprovider.dll	10.0.14393.321	Azure Setting Sync Provider
backgroundmediapolicy.dll	10.0.14393.206	<d> Background Media Policy DLL
basecsp.dll	10.0.14393.0	Microsoft Base Smart Card Crypto Provider
batmeter.dll	10.0.14393.0	Battery Meter Helper DLL
bcastdvr.proxy.dll	10.0.14393.0	Broadcast DVR Proxy
bcastdvrhelper.dll	10.0.14393.447	Windows Runtime BcastDVRHelper DLL
bcd.dll	10.0.14393.0	BCD DLL
bcp47langs.dll	10.0.14393.0	BCP47 Language Classes
bcrypt.dll	10.0.14393.0	Windows Cryptographic Primitives Library
bcryptprimitives.dll	10.0.14393.0	Windows Cryptographic Primitives Library
bidispl.dll	10.0.14393.0	Bidispl DLL
bingmaps.dll	10.0.14393.351	Bing Map Control
bingonlineservices.dll	10.0.14393.187	Bing online services
biocredprov.dll	10.0.14393.0	WinBio Credential Provider
bitsperf.dll	7.8.14393.0	Perfmon Counter Access
bitsproxy.dll	7.8.14393.0	Background Intelligent Transfer Service Proxy
biwinrt.dll	10.0.14393.206	Windows Background Broker Infrastructure
bluetoothapis.dll	10.0.14393.351	Bluetooth Usermode Api host
bootvid.dll	10.0.14393.0	VGA Boot Driver
browcli.dll	10.0.14393.0	Browser Service Client DLL
browsersettingsync.dll	10.0.14393.0	Browser Setting Synchronization
browseui.dll	10.0.14393.0	Shell Browser UI Library
bthtelemetry.dll	10.0.14393.0	Bluetooth Telemetry Agent
btpanui.dll	10.0.14393.0	Bluetooth PAN User Interface
bwcontexthandler.dll	1.0.0.1	ContextH Application
c_g18030.dll	10.0.14393.103	GB18030 DBCS-Unicode Conversion DLL
c_gsm7.dll	10.0.14393.103	GSM 7bit Code Page Translation DLL for SMS
c_is2022.dll	10.0.14393.103	ISO-2022 Code Page Translation DLL
c_iscii.dll	10.0.14393.0	ISCII Code Page Translation DLL
cabapi.dll	10.0.14393.0	Mobile Cabinet Library
cabinet.dll	5.0.1.1	Microsoft® Cabinet File API
cabview.dll	10.0.14393.0	Cabinet File Viewer Shell Extension
callbuttons.dll	10.0.14393.0	Windows Runtime CallButtonsServer DLL
callbuttons.proxystub.dll	10.0.14393.0	Windows Runtime CallButtonsServer ProxyStub DLL
callhistoryclient.dll	10.0.14393.0	Client DLL for accessing CallHistory information
cameracaptureui.dll	10.0.14393.0	Microsoft® Windows® Operating System
capauthz.dll	10.0.14393.0	Capability Authorization APIs
capiprovider.dll	10.0.14393.0	capiprovider DLL
capisp.dll	10.0.14393.0	Sysprep cleanup dll for CAPI
castingshellext.dll	10.0.14393.0	Casting Shell Extensions
catsrv.dll	2001.12.10941.16384	COM+ Configuration Catalog Server
catsrvps.dll	2001.12.10941.16384	COM+ Configuration Catalog Server Proxy/Stub
catsrvut.dll	2001.12.10941.16384	COM+ Configuration Catalog Server Utilities
cca.dll	10.0.14393.0	CCA DirectShow Filter.
cdosys.dll	6.6.14393.0	Microsoft CDO for Windows Library
cdp.dll	10.0.14393.447	Microsoft (R) CDP Client API
cdprt.dll	10.0.14393.0	Microsoft (R) CDP Client WinRT API
cemapi.dll	10.0.14393.0	CEMAPI
certca.dll	10.0.14393.0	Microsoft® Active Directory Certificate Services CA
certcli.dll	10.0.14393.0	Microsoft® Active Directory Certificate Services Client
certcredprovider.dll	10.0.14393.0	Cert Credential Provider
certenc.dll	10.0.14393.0	Active Directory Certificate Services Encoding
certenroll.dll	10.0.14393.321	Microsoft® Active Directory Certificate Services Enrollment Client
certenrollui.dll	10.0.14393.0	X509 Certificate Enrollment UI
certmgr.dll	10.0.14393.0	Certificates snap-in
certpkicmdlet.dll	10.0.14393.0	Microsoft® PKI Client Cmdlets
certpoleng.dll	10.0.14393.0	Certificate Policy Engine
cewmdm.dll	12.0.14393.0	Windows CE WMDM Service Provider
cfgbkend.dll	10.0.14393.0	Configuration Backend Interface
cfgmgr32.dll	10.0.14393.0	Configuration Manager DLL
cfmifs.dll	10.0.14393.0	FmIfs Engine
cfmifsproxy.dll	10.0.14393.0	Microsoft® FmIfs Proxy Library
chakra.dll	11.0.14393.447	Microsoft ® Chakra (Private)
chakradiag.dll	11.0.14393.51	Microsoft ® Chakra Diagnostics (Private)
chakrathunk.dll	10.0.14393.51	chakrathunk.dll
chartv.dll	10.0.14393.447	Chart View
chatapis.dll	10.0.14393.321	DLL for ChatRT
chxreadingstringime.dll	10.0.14393.0	CHxReadingStringIME
cic.dll	10.0.14393.0	CIC - MMC controls for Taskpad
clb.dll	10.0.14393.0	Column List Box
clbcatq.dll	2001.12.10941.16384	COM+ Configuration Catalog
clfsw32.dll	10.0.14393.0	Common Log Marshalling Win32 DLL
cliconfg.dll	10.0.14393.0	SQL Client Configuration Utility DLL
clipboardserver.dll	10.0.14393.206	Modern Clipboard API Server
clipc.dll	10.0.14393.0	Client Licensing Platform Client
cloudbackupsettings.dll	10.0.14393.82	Cloud Backup Setting Provider
cloudexperiencehostcommon.dll	10.0.14393.321	CloudExperienceHostCommon
cloudexperiencehostuser.dll	10.0.14393.103	CloudExperienceHost User Operations
clrhost.dll	10.0.14393.0	In Proc server for managed servers in the Windows Runtime
clusapi.dll	10.0.14393.206	Cluster API Library
cmcfg32.dll	7.2.14393.0	Microsoft Connection Manager Configuration Dll
cmdext.dll	10.0.14393.0	cmd.exe Extension DLL
cmdial32.dll	7.2.14393.0	Microsoft Connection Manager
cmifw.dll	10.0.14393.351	Windows Firewall rule configuration plug-in
cmlua.dll	7.2.14393.0	Connection Manager Admin API Helper
cmpbk32.dll	7.2.14393.0	Microsoft Connection Manager Phonebook
cmstplua.dll	7.2.14393.0	Connection Manager Admin API Helper for Setup
cmutil.dll	7.2.14393.0	Microsoft Connection Manager Utility Lib
cngcredui.dll	10.0.14393.0	Microsoft CNG CredUI Provider
cngprovider.dll	10.0.14393.0	cngprovider DLL
cnvfat.dll	10.0.14393.0	FAT File System Conversion Utility DLL
colbact.dll	2001.12.10941.16384	COM+
colorcnv.dll	10.0.14393.0	Windows Media Color Conversion
colorui.dll	10.0.14393.0	Microsoft Color Control Panel
combase.dll	10.0.14393.351	Microsoft COM for Windows
comcat.dll	10.0.14393.0	Microsoft Component Category Manager Library
comctl32.dll	5.82.14393.447	User Experience Controls Library
comdlg32.dll	10.0.14393.447	Common Dialogs DLL
coml2.dll	10.0.14393.0	Microsoft COM for Windows
compobj.dll	3.10.0.103	Windows Win16 Application Launcher
comppkgsup.dll	10.0.14393.0	Component Package Support DLL
compstui.dll	10.0.14393.0	Common Property Sheet User Interface DLL
comrepl.dll	2001.12.10941.16384	COM+
comres.dll	2001.12.10941.16384	COM+ Resources
comsnap.dll	2001.12.10941.16384	COM+ Explorer MMC Snapin
comsvcs.dll	2001.12.10941.16384	COM+ Services
comuid.dll	2001.12.10941.16384	COM+ Explorer UI
configmanager2.dll	10.0.14393.0	ConfigManager
configureexpandedstorage.dll	10.0.14393.321	ConfigureExpandedStorage
connect.dll	10.0.14393.0	Get Connected Wizards
connectedaccountstate.dll	10.0.14393.0	ConnectedAccountState.dll
console.dll	10.0.14393.0	Control Panel Console Applet
contactactivation.dll	10.0.14393.187	DLL for ContactActivation
contactapis.dll	10.0.14393.321	DLL for ContactsRT
container.dll	10.0.14393.82	Windows Containers
coredpus.dll	10.0.14393.0	coredpus
coremessaging.dll	10.0.14393.206	Microsoft CoreMessaging Dll
coremmres.dll	10.0.14393.0	General Core Multimedia Resources
coreuicomponents.dll
cortana.persona.dll	10.0.14393.0	Cortana.Persona
cortanamapihelper.dll	10.0.14393.0	CortanaMapiHelper
cortanamapihelper.proxystub.dll	10.0.14393.0	CortanaMapiHelper.ProxyStub
cpfilters.dll	10.0.14393.351	PTFilter & Encypter/Decrypter Tagger Filters.
credentialmigrationhandler.dll	10.0.14393.0	Credential Migration Handler
credprovdatamodel.dll	10.0.14393.206	Cred Prov Data Model
credprovhost.dll	10.0.14393.206	Credential Provider Framework Host
credprovs.dll	10.0.14393.321	Credential Providers
credprovslegacy.dll	10.0.14393.206	Credential Providers Legacy
credssp.dll	10.0.14393.0	Credential Delegation Security Package
credui.dll	10.0.14393.0	Credential Manager User Interface
crtdll.dll	4.0.1183.1	Microsoft C Runtime Library
crypt32.dll	10.0.14393.351	Crypto API32
cryptbase.dll	10.0.14393.0	Base cryptographic API DLL
cryptdlg.dll	10.0.14393.0	Microsoft Common Certificate Dialogs
cryptdll.dll	10.0.14393.0	Cryptography Manager
cryptext.dll	10.0.14393.0	Crypto Shell Extensions
cryptnet.dll	10.0.14393.0	Crypto Network Related API
cryptngc.dll	10.0.14393.206	Microsoft Passport API
cryptowinrt.dll	10.0.14393.206	Crypto WinRT Library
cryptsp.dll	10.0.14393.0	Cryptographic Service Provider API
crypttpmeksvc.dll	10.0.14393.0	Cryptographic TPM Endorsement Key Services
cryptui.dll	10.0.14393.0	Microsoft Trust UI Provider
cryptuiwizard.dll	10.0.14393.0	Microsoft Trust UI Provider
cryptxml.dll	10.0.14393.0	XML DigSig API
cscapi.dll	10.0.14393.0	Offline Files Win32 API
cscdll.dll	10.0.14393.0	Offline Files Temporary Shim
cscobj.dll	10.0.14393.0	In-proc COM object used by clients of CSC API
ctl3d32.dll	2.31.0.0	Ctl3D 3D Windows Controls
d2d1.dll	10.0.14393.206	Microsoft D2D Library
d3d10.dll	10.0.14393.0	Direct3D 10 Runtime
d3d10_1.dll	10.0.14393.0	Direct3D 10.1 Runtime
d3d10_1core.dll	10.0.14393.0	Direct3D 10.1 Runtime
d3d10core.dll	10.0.14393.0	Direct3D 10 Runtime
d3d10level9.dll	10.0.14393.0	Direct3D 10 to Direct3D9 Translation Runtime
d3d10warp.dll	10.0.14393.447	Direct3D 10 Rasterizer
d3d11.dll	10.0.14393.351	Direct3D 11 Runtime
d3d12.dll	10.0.14393.351	Direct3D 12 Runtime
d3d8.dll	10.0.14393.447	Microsoft Direct3D
d3d8thk.dll	10.0.14393.0	Microsoft Direct3D OS Thunk Layer
d3d9.dll	10.0.14393.447	Direct3D 9 Runtime
d3dcompiler_47.dll	10.0.14393.351	Direct3D HLSL Compiler
d3dim.dll	10.0.14393.0	Microsoft Direct3D
d3dim700.dll	10.0.14393.0	Microsoft Direct3D
d3dramp.dll	10.0.14393.0	Microsoft Direct3D
d3dx9_27.dll	9.8.299.0	Microsoft® DirectX for Windows®
d3dxof.dll	10.0.14393.0	DirectX Files DLL
dabapi.dll	10.0.14393.0	Desktop Activity Broker API
dafcdp.dll	10.0.10586.0	DAF CDP Provider
dafprintprovider.dll	10.0.14393.0	DAF Print Provider DLL
daotpcredentialprovider.dll	10.0.14393.0	DirectAccess One-Time Password Credential Provider
dataclen.dll	10.0.14393.0	Disk Space Cleaner for Windows
dataexchange.dll	10.0.14393.206	Data exchange
davclnt.dll	10.0.14393.0	Web DAV Client DLL
davhlpr.dll	10.0.14393.0	DAV Helper DLL
davsyncprovider.dll	10.0.14393.0	DAV sync engine for contacts, calendar
daxexec.dll	10.0.14393.351	daxexec
dbgcore.dll	10.0.14321.1024	Windows Core Debugging Helpers
dbgeng.dll	10.0.14321.1024	Windows Symbolic Debugger Engine
dbghelp.dll	10.0.14321.1024	Windows Image Helper
dbgmodel.dll	10.0.14321.1024	Windows Debugger Data Model
dbnetlib.dll	10.0.14393.0	Winsock Oriented Net DLL for SQL Clients
dbnmpntw.dll	10.0.14393.0	Named Pipes Net DLL for SQL Clients
dciman32.dll	10.0.14393.0	DCI Manager
dcomp.dll	10.0.14393.0	Microsoft DirectComposition Library
ddaclsys.dll	10.0.14393.0	SysPrep module for Resetting Data Drive ACL
ddoiproxy.dll	10.0.14393.0	DDOI Interface Proxy
ddores.dll	10.0.14393.0	Device Category information and resources
ddraw.dll	10.0.14393.447	Microsoft DirectDraw
ddrawex.dll	10.0.14393.0	Direct Draw Ex
defaultdevicemanager.dll	10.0.14393.0	Default Device Manager
defaultprinterprovider.dll	10.0.14393.0	Microsoft Windows Default Printer Provider
delegatorprovider.dll	10.0.14393.103	WMI PassThru Provider for Storage Management
deskadp.dll	10.0.14393.0	Advanced display adapter properties
deskmon.dll	10.0.14393.0	Advanced display monitor properties
detoured.dll	21.19.137.1	Marks process modified by Detours technology.
devdispitemprovider.dll	10.0.14393.0	DeviceItem inproc devquery subsystem
devenum.dll	10.0.14393.206	Device enumeration.
deviceaccess.dll	10.0.14393.0	Device Broker And Policy COM Server
deviceassociation.dll	10.0.14393.82	Device Association Client DLL
devicecenter.dll	10.0.14393.0	Device Center
devicecredential.dll	10.0.14393.0	Microsoft Companion Authenticator Client
devicedisplaystatusmanager.dll	10.0.14393.0	Device Display Status Manager
deviceflows.datamodel.dll	10.0.14393.187	DeviceFlows DataModel
devicengccredprov.dll	10.0.14393.0	Microsoft Companion Authenticator Credential Provider
devicepairing.dll	10.0.14393.447	Shell extensions for Device Pairing
devicepairingfolder.dll	10.0.14393.0	Device Pairing Folder
devicepairingproxy.dll	10.0.14393.0	Device Pairing Proxy Dll
devicesetupstatusprovider.dll	10.0.14393.0	Device Setup Status Provider Dll
deviceuxres.dll	10.0.14393.0	Windows Device User Experience Resource File
devmgr.dll	10.0.14393.0	Device Manager MMC Snapin
devobj.dll	10.0.14393.0	Device Information Set DLL
devrtl.dll	10.0.14393.0	Device Management Run Time Library
dfscli.dll	10.0.14393.0	Windows NT Distributed File System Client DLL
dfshim.dll	10.0.14393.0	ClickOnce Application Deployment Support Library
dfsshlex.dll	10.0.14393.0	Distributed File System shell extension
dhcpcmonitor.dll	10.0.14393.0	DHCP Client Monitor Dll
dhcpcore.dll	10.0.14393.0	DHCP Client Service
dhcpcore6.dll	10.0.14393.351	DHCPv6 Client
dhcpcsvc.dll	10.0.14393.0	DHCP Client Service
dhcpcsvc6.dll	10.0.14393.0	DHCPv6 Client
dhcpsapi.dll	10.0.14393.0	DHCP Server API Stub DLL
dialclient.dll	10.0.14393.321	DIAL DLL
dictationmanager.dll	10.0.0.1	Dictation Manager
difxapi.dll	2.1.0.0	Driver Install Frameworks for API library module
dimsjob.dll	10.0.14393.0	DIMS Job DLL
dimsroam.dll	10.0.14393.0	Key Roaming DIMS Provider DLL
dinput.dll	10.0.14393.0	Microsoft DirectInput
dinput8.dll	10.0.14393.0	Microsoft DirectInput
direct2ddesktop.dll	10.0.14393.0	Microsoft Direct2D Desktop Components
directdb.dll	10.0.14393.0	Microsoft Direct Database API
directmanipulation.dll	10.0.14393.0	Microsoft Direct Manipulation Component
dismapi.dll	10.0.14393.0	DISM API Framework
dispex.dll	5.812.10240.16384	Microsoft ® DispEx
display.dll	10.0.14393.0	Display Control Panel
displaymanager.dll	10.0.14393.206	DisplayManager
dlnashext.dll	10.0.14393.206	DLNA Namespace DLL
dmband.dll	10.0.14393.0	Microsoft DirectMusic Band
dmcfgutils.dll	10.0.14393.0	dmcfgutils
dmcmnutils.dll	10.0.14393.0	dmcmnutils
dmcommandlineutils.dll	10.0.14393.0	dmcommandlineutils
dmcompos.dll	10.0.14393.0	Microsoft DirectMusic Composer
dmdlgs.dll	10.0.14393.0	Disk Management Snap-in Dialogs
dmdskmgr.dll	10.0.14393.0	Disk Management Snap-in Support Library
dmdskres.dll	10.0.14393.0	Disk Management Snap-in Resources
dmdskres2.dll	10.0.14393.0	Disk Management Snap-in Resources
dmenrollengine.dll	10.0.14393.206	Enroll Engine DLL
dmime.dll	10.0.14393.0	Microsoft DirectMusic Interactive Engine
dmintf.dll	10.0.14393.0	Disk Management DCOM Interface Stub
dmiso8601utils.dll	10.0.14393.0	dmiso8601utils
dmloader.dll	10.0.14393.0	Microsoft DirectMusic Loader
dmocx.dll	10.0.14393.0	TreeView OCX
dmoleaututils.dll	10.0.14393.0	dmoleaututils
dmprocessxmlfiltered.dll	10.0.14393.0	dmprocessxmlfiltered
dmpushproxy.dll	10.0.14393.0	dmpushproxy
dmscript.dll	10.0.14393.0	Microsoft DirectMusic Scripting
dmstyle.dll	10.0.14393.0	Microsoft DirectMusic Style Engline
dmsynth.dll	10.0.14393.0	Microsoft DirectMusic Software Synthesizer
dmusic.dll	10.0.14393.0	Microsoft DirectMusic Core Services
dmutil.dll	10.0.14393.0	Logical Disk Manager Utility Library
dmvdsitf.dll	10.0.14393.0	Disk Management Snap-in Support Library
dmxmlhelputils.dll	10.0.14393.0	dmxmlhelputils
dnsapi.dll	10.0.14393.206	DNS Client API DLL
dnscmmc.dll	10.0.14393.0	DNS Client MMC Snap-in DLL
docprop.dll	10.0.14393.0	OLE DocFile Property Page
dolbydecmft.dll	10.0.14393.351	Media Foundation Dolby Digital Decoders
dot3api.dll	10.0.14393.0	802.3 Autoconfiguration API
dot3cfg.dll	10.0.14393.0	802.3 Netsh Helper
dot3dlg.dll	10.0.14393.0	802.3 UI Helper
dot3gpclnt.dll	10.0.14393.0	802.3 Group Policy Client
dot3gpui.dll	10.0.14393.0	802.3 Network Policy Management Snap-in
dot3hc.dll	10.0.14393.0	Dot3 Helper Class
dot3msm.dll	10.0.14393.0	802.3 Media Specific Module
dot3ui.dll	10.0.14393.0	802.3 Advanced UI
dpapi.dll	10.0.14393.0	Data Protection API
dpapiprovider.dll	10.0.14393.0	dpapiprovider DLL
dplayx.dll	10.0.14393.0	DirectPlay Stub
dpmodemx.dll	10.0.14393.0	DirectPlay Stub
dpnaddr.dll	10.0.14393.0	DirectPlay Stub
dpnathlp.dll	10.0.14393.0	DirectPlay Stub
dpnet.dll	10.0.14393.0	DirectPlay Stub
dpnhpast.dll	10.0.14393.0	DirectPlay Stub
dpnhupnp.dll	10.0.14393.0	DirectPlay Stub
dpnlobby.dll	10.0.14393.0	DirectPlay Stub
dpwsockx.dll	10.0.14393.0	DirectPlay Stub
dpx.dll	5.0.1.1	Microsoft(R) Delta Package Expander
drprov.dll	10.0.14393.0	Microsoft Remote Desktop Session Host Server Network Provider
drt.dll	10.0.14393.0	Distributed Routing Table
drtprov.dll	10.0.14393.0	Distributed Routing Table Providers
drttransport.dll	10.0.14393.0	Distributed Routing Table Transport Provider
drvstore.dll	10.0.14393.351	Driver Store API
dsauth.dll	10.0.14393.0	DS Authorization for Services
dsccoreconfprov.dll	6.2.9200.16384	DSC
dsclient.dll	10.0.14393.0	Data Sharing Service Client DLL
dsdmo.dll	10.0.14393.0	DirectSound Effects
dskquota.dll	10.0.14393.0	Windows Shell Disk Quota Support DLL
dskquoui.dll	10.0.14393.0	Windows Shell Disk Quota UI DLL
dsound.dll	10.0.14393.0	DirectSound
dsparse.dll	10.0.14393.0	Active Directory Domain Services API
dsprop.dll	10.0.14393.0	Windows Active Directory Property Pages
dsquery.dll	10.0.14393.0	Directory Service Find
dsreg.dll	10.0.14393.321	AD/AAD User Device Registration
dsrole.dll	10.0.14393.0	DS Setup Client DLL
dssec.dll	10.0.14393.0	Directory Service Security UI
dssenh.dll	10.0.14393.0	Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
dsui.dll	10.0.14393.0	Device Setup UI Pages
dsuiext.dll	10.0.14393.0	Directory Service Common UI
dswave.dll	10.0.14393.0	Microsoft DirectMusic Wave
dtsh.dll	10.0.14393.0	Detection and Sharing Status API
dui70.dll	10.0.14393.0	Windows DirectUI Engine
duser.dll	10.0.14393.0	Windows DirectUser Engine
dwmapi.dll	10.0.14393.206	Microsoft Desktop Window Manager API
dwmcore.dll	10.0.14393.351	Microsoft DWM Core Library
dwrite.dll	10.0.14393.351	Microsoft DirectX Typography Services
dxdiagn.dll	10.0.14393.0	Microsoft DirectX Diagnostic Tool
dxgi.dll	10.0.14393.0	DirectX Graphics Infrastructure
dxmasf.dll	12.0.14393.82	Microsoft Windows Media Component Removal File.
dxptasksync.dll	10.0.14393.0	Microsoft Windows DXP Sync.
dxtmsft.dll	11.0.14393.0	DirectX Media -- Image DirectX Transforms
dxtrans.dll	11.0.14393.447	DirectX Media -- DirectX Transform Core
dxva2.dll	10.0.14393.0	DirectX Video Acceleration 2.0 DLL
eapp3hst.dll	10.0.14393.187	Microsoft ThirdPartyEapDispatcher
eappcfg.dll	10.0.14393.187	Eap Peer Config
eappgnui.dll	10.0.14393.187	EAP Generic UI
eapphost.dll	10.0.14393.187	Microsoft EAPHost Peer service
eappprxy.dll	10.0.14393.187	Microsoft EAPHost Peer Client DLL
eapprovp.dll	10.0.14393.0	EAP extension DLL
eapsimextdesktop.dll	10.0.14393.0	EAP SIM EXT config dll
easwrt.dll	10.0.14393.0	Exchange ActiveSync Windows Runtime DLL
edgehtml.dll	11.0.14393.447	Microsoft Edge Web Platform
editbuffertesthook.dll	10.0.14393.0	"EditBufferTestHook.DYNLINK"
edpauditapi.dll	10.0.14393.0	EDP Audit API
edputil.dll	10.0.14393.0	EDP util
efsadu.dll	10.0.14393.0	File Encryption Utility
efsext.dll	10.0.14393.447	EFSEXT.DLL
efsutil.dll	10.0.14393.0	EFS Utility Library
efswrt.dll	10.0.14393.321	Storage Protection Windows Runtime DLL
ehstorapi.dll	10.0.14393.0	Windows Enhanced Storage API
ehstorpwdmgr.dll	10.0.14393.0	Microsoft Enhanced Storage Password Manager
els.dll	10.0.14393.0	Event Viewer Snapin
elscore.dll	10.0.14393.0	Els Core Platform DLL
elshyph.dll	10.0.14393.0	ELS Hyphenation Service
elslad.dll	10.0.14393.0	ELS Language Detection
elstrans.dll	10.0.14393.0	ELS Transliteration Service
emailapis.dll	10.0.14393.321	DLL for EmailRT
embeddedmodesvcapi.dll	10.0.14393.0	Embedded Mode Service Client DLL
encapi.dll	10.0.14393.105	Encoder API
encdec.dll	10.0.14393.0	XDSCodec & Encypter/Decrypter Tagger Filters.
encdump.dll	5.0.1.1	Media Foundation Crash Dump Encryption DLL
enrollmentapi.dll	10.0.14393.0	Legacy Phone Enrollment API BackCompat Shim
enterpriseresourcemanager.dll	10.0.14393.0	enterpriseresourcemanager DLL
eqossnap.dll	10.0.14393.0	EQoS Snapin extension
errordetails.dll	10.0.14393.447	Microsoft Windows operating system.
errordetailsupdate.dll	10.0.14393.447	Error Details Update Task
es.dll	2001.12.10941.16384	COM+
esdsip.dll	10.0.14393.0	Crypto SIP provider for signing and verifying .esd Electronic Software Distribution files
esent.dll	10.0.14393.351	Extensible Storage Engine for Microsoft(R) Windows(R)
esentprf.dll	10.0.14393.0	Extensible Storage Engine Performance Monitoring Library for Microsoft(R) Windows(R)
esevss.dll	10.0.14393.0	Microsoft(R) ESENT shadow utilities
etwcoreuicomponentsresources.dll	10.0.14393.0	Microsoft CoreComponents UI ETW manifest Dll
etweseproviderresources.dll	10.0.14393.0	Microsoft ESE ETW
etwrundown.dll	10.0.14393.0	Etw Rundown Helper Library
eventcls.dll	10.0.14393.0	Microsoft® Volume Shadow Copy Service event class
evr.dll	10.0.14393.187	Enhanced Video Renderer DLL
execmodelclient.dll	10.0.14393.0	ExecModelClient
execmodelproxy.dll	10.0.14393.0	ExecModelProxy
explorerframe.dll	10.0.14393.447	ExplorerFrame
expsrv.dll	6.0.72.9589	Visual Basic for Applications Runtime - Expression Service
exsmime.dll	10.0.14393.187	LExsmime
extrasxmlparser.dll	10.0.14393.187	Extras XML parser used to extract extension information from XML
f3ahvoas.dll	10.0.14393.0	JP Japanese Keyboard Layout for Fujitsu FMV oyayubi-shift keyboard
familysafetyext.dll	10.0.14393.0	FamilySafety ChildAccount Extensions
faultrep.dll	10.0.14393.0	Windows User Mode Crash Reporting DLL
fdbth.dll	10.0.14393.0	Function Discovery Bluetooth Provider Dll
fdbthproxy.dll	10.0.14393.0	Bluetooth Provider Proxy Dll
fddevquery.dll	10.0.14393.0	Microsoft Windows Device Query Helper
fde.dll	10.0.14393.0	Folder Redirection Snapin Extension
fdeploy.dll	10.0.14393.0	Folder Redirection Group Policy Extension
fdpnp.dll	10.0.14393.0	Pnp Provider Dll
fdprint.dll	10.0.14393.0	Function Discovery Print Provider Dll
fdproxy.dll	10.0.14393.0	Function Discovery Proxy Dll
fdssdp.dll	10.0.14393.0	Function Discovery SSDP Provider Dll
fdwcn.dll	10.0.14393.0	Windows Connect Now - Config Function Discovery Provider DLL
fdwnet.dll	10.0.14393.0	Function Discovery WNet Provider Dll
fdwsd.dll	10.0.14393.0	Function Discovery WS Discovery Provider Dll
feclient.dll	10.0.14393.0	Windows NT File Encryption Client Interfaces
filemgmt.dll	10.0.14393.0	Services and Shared Folders
findnetprinters.dll	10.0.14393.206	Find Network Printers COM Component
fingerprintcredential.dll	10.0.14393.0	WinBio Fingerprint Credential
firewallapi.dll	10.0.14393.0	Windows Firewall API
firewallcontrolpanel.dll	10.0.14393.0	Windows Firewall Control Panel
fltlib.dll	10.0.14393.0	Filter Library
fm20.dll	12.0.4518.1014	Microsoft® Forms DLL
fm20enu.dll	12.0.4518.1014	Microsoft® Forms International DLL
fmifs.dll	10.0.14393.0	FM IFS Utility DLL
fms.dll	10.0.14393.0	Font Management Services
fontext.dll	10.0.14393.447	Windows Font Folder
fontglyphanimator.dll	10.0.14393.0	Font Glyph Animator
fontsub.dll	10.0.14393.0	Font Subsetting DLL
fphc.dll	10.0.14393.0	Filtering Platform Helper Class
framedyn.dll	10.0.14393.0	WMI SDK Provider Framework
framedynos.dll	10.0.14393.0	WMI SDK Provider Framework
frprov.dll	10.0.14393.0	Folder Redirection WMI Provider
fsclient.dll	10.0.14393.447	Frame Server Client DLL
fsutilext.dll	10.0.14393.0	FS Utility Extension DLL
fundisc.dll	10.0.14393.0	Function Discovery Dll
fwbase.dll	10.0.14393.0	Firewall Base DLL
fwcfg.dll	10.0.14393.0	Windows Firewall Configuration Helper
fwpolicyiomgr.dll	10.0.14393.0	FwPolicyIoMgr DLL
fwpuclnt.dll	10.0.14393.0	FWP/IPsec User-Mode API
fwremotesvr.dll	10.0.14393.0	Windows Firewall Remote APIs Server
fxsapi.dll	10.0.14393.0	Microsoft Fax API Support DLL
fxscom.dll	10.0.14393.0	Microsoft Fax Server COM Client Interface
fxscomex.dll	10.0.14393.0	Microsoft Fax Server Extended COM Client Interface
fxsext32.dll	10.0.14393.0	Microsoft Fax Exchange Command Extension
fxsresm.dll	10.0.14393.0	Microsoft Fax Resource DLL
fxsxp32.dll	10.0.14393.0	Microsoft Fax Transport Provider
gamebarpresencewriter.proxy.dll	10.0.14393.0	GameBar Presence Writer Proxy
gamemanager32.dll
gamepanelexternalhook.dll
gameux.dll	10.0.14393.447	Games Explorer
gameuxlegacygdfs.dll	1.0.0.1	Legacy GDF resource DLL
gamingtcui.dll	10.0.14393.0	Windows Gaming Internal CallableUI dll
gcdef.dll	10.0.14393.0	Game Controllers Default Sheets
gdi32.dll	10.0.14393.206	GDI Client DLL
gdi32full.dll	10.0.14393.447	GDI Client DLL
gdiplus.dll	10.0.14393.321	Microsoft GDI+
geocommon.dll	10.0.14393.0	Geocommon
geolocation.dll	10.0.14393.351	Geolocation Runtime DLL
getuname.dll	10.0.14393.0	Unicode name Dll for UCE
glmf32.dll	10.0.14393.0	OpenGL Metafiling DLL
globcollationhost.dll	10.0.14393.447	GlobCollationHost
globinputhost.dll	10.0.14393.0	Windows Globalization Extension API for Input
glu32.dll	10.0.14393.0	OpenGL Utility Library DLL
gmsaclient.dll	10.0.14393.0	"gmsaclient.DYNLINK"
gpapi.dll	10.0.14393.0	Group Policy Client API
gpedit.dll	10.0.14393.0	GPEdit
gpprefcl.dll	10.0.14393.0	Group Policy Preference Client
gpprnext.dll	10.0.14393.0	Group Policy Printer Extension
gpscript.dll	10.0.14393.0	Script Client Side Extension
gptext.dll	10.0.14393.0	GPTExt
hbaapi.dll	10.0.14393.0	HBA API data interface dll for HBA_API_Rev_2-18_2002MAR1.doc
hcproviders.dll	10.0.14393.0	Security and Maintenance Providers
hdcphandler.dll	10.0.14393.0	Hdcp Handler DLL
helppaneproxy.dll	10.0.14393.0	Microsoft® Help Proxy
hevcdecoder.dll	10.0.14393.351	Windows H265 Video Decoder
hgcpl.dll	10.0.14393.447	HomeGroup Control Panel
hhsetup.dll	10.0.14393.0	Microsoft® HTML Help
hid.dll	10.0.14393.0	Hid User Library
hidserv.dll	10.0.14393.0	Human Interface Device Service
hlink.dll	10.0.14393.0	Microsoft Office 2000 component
hmkd.dll	10.0.14393.0	Windows HMAC Key Derivation API
hnetcfg.dll	10.0.14393.0	Home Networking Configuration Manager
hnetmon.dll	10.0.14393.0	Home Networking Monitor DLL
hrtfapo.dll
hsa-thunk.dll
httpapi.dll	10.0.14393.0	HTTP Protocol Stack API
htui.dll	10.0.14393.0	Common halftone Color Adjustment Dialogs
ias.dll	10.0.14393.0	Network Policy Server
iasacct.dll	10.0.14393.0	NPS Accounting Provider
iasads.dll	10.0.14393.0	NPS Active Directory Data Store
iasdatastore.dll	10.0.14393.0	NPS Datastore server
iashlpr.dll	10.0.14393.0	NPS Surrogate Component
iasmigplugin.dll	10.0.14393.0	NPS Migration DLL
iasnap.dll	10.0.14393.0	NPS NAP Provider
iaspolcy.dll	10.0.14393.0	NPS Pipeline
iasrad.dll	10.0.14393.0	NPS RADIUS Protocol Component
iasrecst.dll	10.0.14393.0	NPS XML Datastore Access
iassam.dll	10.0.14393.0	NPS NT SAM Provider
iassdo.dll	10.0.14393.0	NPS SDO Component
iassvcs.dll	10.0.14393.0	NPS Services Component
iccvid.dll	1.10.0.12	Cinepak® Codec
icm32.dll	10.0.14393.0	Microsoft Color Management Module (CMM)
icmp.dll	10.0.14393.0	ICMP DLL
icmui.dll	10.0.14393.0	Microsoft Color Matching System User Interface DLL
iconcodecservice.dll	10.0.14393.0	Converts a PNG part of the icon to a legacy bmp icon
icsigd.dll	10.0.14393.0	Internet Gateway Device properties
idctrls.dll	10.0.14393.0	Identity Controls
idndl.dll	10.0.14393.0	Downlevel DLL
idstore.dll	10.0.14393.0	Identity Store
ieadvpack.dll	11.0.14393.0	ADVPACK
ieapfltr.dll	11.0.14393.447	Microsoft SmartScreen Filter
iedkcs32.dll	18.0.14393.206	IEAK branding
ieframe.dll	11.0.14393.447	Internet Browser
iepeers.dll	11.0.14393.447	Internet Explorer Peer Objects
ieproxy.dll	11.0.14393.447	IE ActiveX Interface Marshaling Library
iernonce.dll	11.0.14393.82	Extended RunOnce processing with UI
iertutil.dll	11.0.14393.447	Run time utility for Internet Explorer
iesetup.dll	11.0.14393.82	IOD Version Map
iesysprep.dll	11.0.14393.0	IE Sysprep Provider
ieui.dll	11.0.14393.0	Internet Explorer UI Engine
ifmon.dll	10.0.14393.0	IF Monitor DLL
ifsutil.dll	10.0.14393.0	IFS Utility DLL
ifsutilx.dll	10.0.14393.0	IFS Utility Extension DLL
imagehlp.dll	10.0.14393.0	Windows NT Image Helper
imageres.dll	10.0.14393.0	Windows Image Resource
imagesp1.dll	10.0.14393.0	Windows SP1 Image Resource
imapi.dll	10.0.14393.0	Image Mastering API
imapi2.dll	10.0.14393.206	Image Mastering API v2
imapi2fs.dll	10.0.14393.0	Image Mastering File System Imaging API v2
imgutil.dll	11.0.14393.0	IE plugin image decoder support DLL
imm32.dll	10.0.14393.0	Multi-User Windows IMM32 API Client DLL
indexeddbserver.dll	10.0.14393.447	IndexedDb host
inetcomm.dll	10.0.14393.447	Microsoft Internet Messaging API Resources
inetmib1.dll	10.0.14393.0	Microsoft MIB-II subagent
inetres.dll	10.0.14393.0	Microsoft Internet Messaging API Resources
inkanalysis.dll	10.0.14393.0	InkAnalysis DLL
inkanalysislegacycom.dll	10.0.14393.0	InkAnalysisLegacyCom DLL
inked.dll	10.0.14393.0	Microsoft Tablet PC InkEdit Control
inkobjcore.dll	10.0.14393.0	Microsoft Tablet PC Ink Platform Component
input.dll	10.0.14393.447	InputSetting DLL
inputinjectionbroker.dll	10.0.14393.0	Broker for WinRT input injection.
inputlocalemanager.dll	10.0.14393.0	"InputLocaleManager.DYNLINK"
inputservice.dll	10.0.14393.206	Microsoft Text InputService Dll
inputswitch.dll	10.0.14393.0	Microsoft Windows Input Switcher
inseng.dll	11.0.14393.0	Install engine
iologmsg.dll	10.0.14393.0	IO Logging DLL
ipeloggingdictationhelper.dll	1.0.0.1	IPE Logging Library Helper
iphlpapi.dll	10.0.14393.0	IP Helper API
iprop.dll	10.0.14393.0	OLE PropertySet Implementation
iprtprio.dll	10.0.14393.0	IP Routing Protocol Priority DLL
iprtrmgr.dll	10.0.14393.0	IP Router Manager
ipsecsnp.dll	10.0.14393.0	IP Security Policy Management Snap-in
ipsmsnap.dll	10.0.14393.0	IP Security Monitor Snap-in
ir32_32.dll	10.0.14393.0	IR32_32 WRAPPER DLL
ir32_32original.dll	3.24.15.3	Intel Indeo(R) Video R3.2 32-bit Driver
ir41_32original.dll	4.51.16.3	Intel Indeo® Video 4.5
ir41_qc.dll	10.0.14393.0	IR41_QC WRAPPER DLL
ir41_qcoriginal.dll	4.30.62.2	Intel Indeo® Video Interactive Quick Compressor
ir41_qcx.dll	10.0.14393.0	IR41_QCX WRAPPER DLL
ir41_qcxoriginal.dll	4.30.64.1	Intel Indeo® Video Interactive Quick Compressor
ir50_32.dll	10.0.14393.0	IR50_32 WRAPPER DLL
ir50_32original.dll	5.2562.15.55	Intel Indeo® video 5.10
ir50_qc.dll	10.0.14393.0	IR50_QC WRAPPER DLL
ir50_qcoriginal.dll	5.0.63.48	Intel Indeo® video 5.10 Quick Compressor
ir50_qcx.dll	10.0.14393.0	IR50_QCX WRAPPER DLL
ir50_qcxoriginal.dll	5.0.64.48	Intel Indeo® video 5.10 Quick Compressor
irclass.dll	10.0.14393.0	Infrared Class Coinstaller
iri.dll	10.0.14393.0	iri
iscsicpl.dll	5.2.3790.1830	iSCSI Initiator Control Panel Applet
iscsidsc.dll	10.0.14393.0	iSCSI Discovery api
iscsied.dll	10.0.14393.0	iSCSI Extension DLL
iscsium.dll	10.0.14393.0	iSCSI Discovery api
iscsiwmi.dll	10.0.14393.351	MS iSCSI Initiator WMI Provider
iscsiwmiv2.dll	10.0.14393.0	WMI Provider for iSCSI
itircl.dll	10.0.14393.0	Microsoft® InfoTech IR Local DLL
itss.dll	10.0.14393.0	Microsoft® InfoTech Storage System Library
iyuv_32.dll	10.0.14393.0	Intel Indeo(R) Video YUV Codec
javascriptcollectionagent.dll	11.0.14393.0	JavaScript Performance Collection Agent
joinproviderol.dll	10.0.14393.0	Online Join Provider DLL
joinutil.dll	10.0.14393.0	Join Utility DLL
jpmapcontrol.dll	10.0.14393.351	Jupiter Map Control
jscript.dll	5.812.10240.16384	Microsoft ® JScript
jscript9.dll	11.0.14393.447	Microsoft ® JScript
jscript9diag.dll	11.0.14393.447	Microsoft ® JScript Diagnostics
jsproxy.dll	11.0.14393.187	JScript Proxy Auto-Configuration
kbd101.dll	10.0.14393.0	JP Japanese Keyboard Layout for 101
kbd101a.dll	10.0.14393.0	KO Hangeul Keyboard Layout for 101 (Type A)
kbd101b.dll	10.0.14393.0	KO Hangeul Keyboard Layout for 101(Type B)
kbd101c.dll	10.0.14393.0	KO Hangeul Keyboard Layout for 101(Type C)
kbd103.dll	10.0.14393.0	KO Hangeul Keyboard Layout for 103
kbd106.dll	10.0.14393.0	JP Japanese Keyboard Layout for 106
kbd106n.dll	10.0.14393.0	JP Japanese Keyboard Layout for 106
kbda1.dll	10.0.14393.0	Arabic_English_101 Keyboard Layout
kbda2.dll	10.0.14393.0	Arabic_2 Keyboard Layout
kbda3.dll	10.0.14393.0	Arabic_French_102 Keyboard Layout
kbdal.dll	10.0.14393.0	Albania Keyboard Layout
kbdarme.dll	10.0.14393.0	Eastern Armenian Keyboard Layout
kbdarmph.dll	10.0.14393.0	Armenian Phonetic Keyboard Layout
kbdarmty.dll	10.0.14393.0	Armenian Typewriter Keyboard Layout
kbdarmw.dll	10.0.14393.0	Western Armenian Keyboard Layout
kbdax2.dll	10.0.14393.0	JP Japanese Keyboard Layout for AX2
kbdaze.dll	10.0.14393.0	Azerbaijan_Cyrillic Keyboard Layout
kbdazel.dll	10.0.14393.0	Azeri-Latin Keyboard Layout
kbdazst.dll	10.0.14393.0	Azerbaijani (Standard) Keyboard Layout
kbdbash.dll	10.0.14393.0	Bashkir Keyboard Layout
kbdbe.dll	10.0.14393.0	Belgian Keyboard Layout
kbdbene.dll	10.0.14393.0	Belgian Dutch Keyboard Layout
kbdbgph.dll	10.0.14393.0	Bulgarian Phonetic Keyboard Layout
kbdbgph1.dll	10.0.14393.0	Bulgarian (Phonetic Traditional) Keyboard Layout
kbdbhc.dll	10.0.14393.0	Bosnian (Cyrillic) Keyboard Layout
kbdblr.dll	10.0.14393.0	Belarusian Keyboard Layout
kbdbr.dll	10.0.14393.0	Brazilian Keyboard Layout
kbdbu.dll	10.0.14393.0	Bulgarian (Typewriter) Keyboard Layout
kbdbug.dll	10.0.14393.0	Buginese Keyboard Layout
kbdbulg.dll	10.0.14393.0	Bulgarian Keyboard Layout
kbdca.dll	10.0.14393.0	Canadian Multilingual Keyboard Layout
kbdcan.dll	10.0.14393.0	Canadian Multilingual Standard Keyboard Layout
kbdcher.dll	10.0.14393.0	Cherokee Nation Keyboard Layout
kbdcherp.dll	10.0.14393.0	Cherokee Phonetic Keyboard Layout
kbdcr.dll	10.0.14393.0	Croatian/Slovenian Keyboard Layout
kbdcz.dll	10.0.14393.0	Czech Keyboard Layout
kbdcz1.dll	10.0.14393.0	Czech_101 Keyboard Layout
kbdcz2.dll	10.0.14393.0	Czech_Programmer's Keyboard Layout
kbdda.dll	10.0.14393.0	Danish Keyboard Layout
kbddiv1.dll	10.0.14393.0	Divehi Phonetic Keyboard Layout
kbddiv2.dll	10.0.14393.0	Divehi Typewriter Keyboard Layout
kbddv.dll	10.0.14393.0	Dvorak US English Keyboard Layout
kbddzo.dll	10.0.14393.0	Dzongkha Keyboard Layout
kbdes.dll	10.0.14393.0	Spanish Alernate Keyboard Layout
kbdest.dll	10.0.14393.0	Estonia Keyboard Layout
kbdfa.dll	10.0.14393.0	Persian Keyboard Layout
kbdfar.dll	10.0.14393.0	Persian Standard Keyboard Layout
kbdfc.dll	10.0.14393.0	Canadian French Keyboard Layout
kbdfi.dll	10.0.14393.0	Finnish Keyboard Layout
kbdfi1.dll	10.0.14393.0	Finnish-Swedish with Sami Keyboard Layout
kbdfo.dll	10.0.14393.0	Færoese Keyboard Layout
kbdfr.dll	10.0.14393.0	French Keyboard Layout
kbdfthrk.dll	10.0.14393.0	Futhark Keyboard Layout
kbdgae.dll	10.0.14393.0	Scottish Gaelic (United Kingdom) Keyboard Layout
kbdgeo.dll	10.0.14393.0	Georgian Keyboard Layout
kbdgeoer.dll	10.0.14393.0	Georgian (Ergonomic) Keyboard Layout
kbdgeome.dll	10.0.14393.0	Georgian (MES) Keyboard Layout
kbdgeooa.dll	10.0.14393.0	Georgian (Old Alphabets) Keyboard Layout
kbdgeoqw.dll	10.0.14393.0	Georgian (QWERTY) Keyboard Layout
kbdgkl.dll	10.0.14393.0	Greek_Latin Keyboard Layout
kbdgn.dll	10.0.14393.0	Guarani Keyboard Layout
kbdgr.dll	10.0.14393.0	German Keyboard Layout
kbdgr1.dll	10.0.14393.0	German_IBM Keyboard Layout
kbdgrlnd.dll	10.0.14393.0	Greenlandic Keyboard Layout
kbdgthc.dll	10.0.14393.0	Gothic Keyboard Layout
kbdhau.dll	10.0.14393.0	Hausa Keyboard Layout
kbdhaw.dll	10.0.14393.0	Hawaiian Keyboard Layout
kbdhe.dll	10.0.14393.0	Greek Keyboard Layout
kbdhe220.dll	10.0.14393.0	Greek IBM 220 Keyboard Layout
kbdhe319.dll	10.0.14393.0	Greek IBM 319 Keyboard Layout
kbdheb.dll	10.0.14393.0	KBDHEB Keyboard Layout
kbdhebl3.dll	10.0.14393.0	Hebrew Standard Keyboard Layout
kbdhela2.dll	10.0.14393.0	Greek IBM 220 Latin Keyboard Layout
kbdhela3.dll	10.0.14393.0	Greek IBM 319 Latin Keyboard Layout
kbdhept.dll	10.0.14393.0	Greek_Polytonic Keyboard Layout
kbdhu.dll	10.0.14393.0	Hungarian Keyboard Layout
kbdhu1.dll	10.0.14393.0	Hungarian 101-key Keyboard Layout
kbdibm02.dll	10.0.14393.0	JP Japanese Keyboard Layout for IBM 5576-002/003
kbdibo.dll	10.0.14393.0	Igbo Keyboard Layout
kbdic.dll	10.0.14393.0	Icelandic Keyboard Layout
kbdinasa.dll	10.0.14393.0	Assamese (Inscript) Keyboard Layout
kbdinbe1.dll	10.0.14393.0	Bengali - Inscript (Legacy) Keyboard Layout
kbdinbe2.dll	10.0.14393.0	Bengali (Inscript) Keyboard Layout
kbdinben.dll	10.0.14393.0	Bengali Keyboard Layout
kbdindev.dll	10.0.14393.0	Devanagari Keyboard Layout
kbdinen.dll	10.0.14393.0	English (India) Keyboard Layout
kbdinguj.dll	10.0.14393.0	Gujarati Keyboard Layout
kbdinhin.dll	10.0.14393.0	Hindi Keyboard Layout
kbdinkan.dll	10.0.14393.0	Kannada Keyboard Layout
kbdinmal.dll	10.0.14393.0	Malayalam Keyboard Layout Keyboard Layout
kbdinmar.dll	10.0.14393.0	Marathi Keyboard Layout
kbdinori.dll	10.0.14393.0	Odia Keyboard Layout
kbdinpun.dll	10.0.14393.0	Punjabi/Gurmukhi Keyboard Layout
kbdintam.dll	10.0.14393.0	Tamil Keyboard Layout
kbdintel.dll	10.0.14393.0	Telugu Keyboard Layout
kbdinuk2.dll	10.0.14393.0	Inuktitut Naqittaut Keyboard Layout
kbdir.dll	10.0.14393.0	Irish Keyboard Layout
kbdit.dll	10.0.14393.0	Italian Keyboard Layout
kbdit142.dll	10.0.14393.0	Italian 142 Keyboard Layout
kbdiulat.dll	10.0.14393.0	Inuktitut Latin Keyboard Layout
kbdjav.dll	10.0.14393.0	Javanese Keyboard Layout
kbdjpn.dll	10.0.14393.0	JP Japanese Keyboard Layout Stub driver
kbdkaz.dll	10.0.14393.0	Kazak_Cyrillic Keyboard Layout
kbdkhmr.dll	10.0.14393.0	Cambodian Standard Keyboard Layout
kbdkni.dll	10.0.14393.0	Khmer (NIDA) Keyboard Layout
kbdkor.dll	10.0.14393.0	KO Hangeul Keyboard Layout Stub driver
kbdkurd.dll	10.0.14393.0	Central Kurdish Keyboard Layout
kbdkyr.dll	10.0.14393.0	Kyrgyz Keyboard Layout
kbdla.dll	10.0.14393.0	Latin-American Spanish Keyboard Layout
kbdlao.dll	10.0.14393.0	Lao Standard Keyboard Layout
kbdlisub.dll	10.0.14393.0	Lisu Basic Keyboard Layout
kbdlisus.dll	10.0.14393.0	Lisu Standard Keyboard Layout
kbdlk41a.dll	10.0.14393.0	DEC LK411-AJ Keyboard Layout
kbdlt.dll	10.0.14393.0	Lithuania Keyboard Layout
kbdlt1.dll	10.0.14393.0	Lithuanian Keyboard Layout
kbdlt2.dll	10.0.14393.0	Lithuanian Standard Keyboard Layout
kbdlv.dll	10.0.14393.0	Latvia Keyboard Layout
kbdlv1.dll	10.0.14393.0	Latvia-QWERTY Keyboard Layout
kbdlvst.dll	10.0.14393.0	Latvian (Standard) Keyboard Layout
kbdmac.dll	10.0.14393.0	Macedonian (FYROM) Keyboard Layout
kbdmacst.dll	10.0.14393.0	Macedonian (FYROM) - Standard Keyboard Layout
kbdmaori.dll	10.0.14393.0	Maori Keyboard Layout
kbdmlt47.dll	10.0.14393.0	Maltese 47-key Keyboard Layout
kbdmlt48.dll	10.0.14393.0	Maltese 48-key Keyboard Layout
kbdmon.dll	10.0.14393.0	Mongolian Keyboard Layout
kbdmonmo.dll	10.0.14393.0	Mongolian (Mongolian Script) Keyboard Layout
kbdmonst.dll	10.0.14393.0	Traditional Mongolian (Standard) Keyboard Layout
kbdmyan.dll	10.0.14393.0	Myanmar Keyboard Layout
kbdne.dll	10.0.14393.0	Dutch Keyboard Layout
kbdnec.dll	10.0.14393.0	JP Japanese Keyboard Layout for (NEC PC-9800)
kbdnec95.dll	10.0.14393.0	JP Japanese Keyboard Layout for (NEC PC-9800 Windows 95)
kbdnecat.dll	10.0.14393.0	JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX)
kbdnecnt.dll	10.0.14393.0	JP Japanese NEC PC-9800 Keyboard Layout
kbdnepr.dll	10.0.14393.0	Nepali Keyboard Layout
kbdnko.dll	10.0.14393.0	N'Ko Keyboard Layout
kbdno.dll	10.0.14393.0	Norwegian Keyboard Layout
kbdno1.dll	10.0.14393.0	Norwegian with Sami Keyboard Layout
kbdnso.dll	10.0.14393.0	Sesotho sa Leboa Keyboard Layout
kbdntl.dll	10.0.14393.0	New Tai Leu Keyboard Layout
kbdogham.dll	10.0.14393.0	Ogham Keyboard Layout
kbdolch.dll	10.0.14393.0	Ol Chiki Keyboard Layout
kbdoldit.dll	10.0.14393.0	Old Italic Keyboard Layout
kbdosm.dll	10.0.14393.0	Osmanya Keyboard Layout
kbdpash.dll	10.0.14393.0	Pashto (Afghanistan) Keyboard Layout
kbdphags.dll	10.0.14393.0	Phags-pa Keyboard Layout
kbdpl.dll	10.0.14393.0	Polish Keyboard Layout
kbdpl1.dll	10.0.14393.0	Polish Programmer's Keyboard Layout
kbdpo.dll	10.0.14393.0	Portuguese Keyboard Layout
kbdro.dll	10.0.14393.0	Romanian (Legacy) Keyboard Layout
kbdropr.dll	10.0.14393.0	Romanian (Programmers) Keyboard Layout
kbdrost.dll	10.0.14393.0	Romanian (Standard) Keyboard Layout
kbdru.dll	10.0.14393.0	Russian Keyboard Layout
kbdru1.dll	10.0.14393.0	Russia(Typewriter) Keyboard Layout
kbdrum.dll	10.0.14393.0	Russian - Mnemonic Keyboard Layout
kbdsf.dll	10.0.14393.0	Swiss French Keyboard Layout
kbdsg.dll	10.0.14393.0	Swiss German Keyboard Layout
kbdsl.dll	10.0.14393.0	Slovak Keyboard Layout
kbdsl1.dll	10.0.14393.0	Slovak(QWERTY) Keyboard Layout
kbdsmsfi.dll	10.0.14393.0	Sami Extended Finland-Sweden Keyboard Layout
kbdsmsno.dll	10.0.14393.0	Sami Extended Norway Keyboard Layout
kbdsn1.dll	10.0.14393.0	Sinhala Keyboard Layout
kbdsora.dll	10.0.14393.0	Sora Keyboard Layout
kbdsorex.dll	10.0.14393.0	Sorbian Extended Keyboard Layout
kbdsors1.dll	10.0.14393.0	Sorbian Standard Keyboard Layout
kbdsorst.dll	10.0.14393.0	Sorbian Standard (Legacy) Keyboard Layout
kbdsp.dll	10.0.14393.0	Spanish Keyboard Layout
kbdsw.dll	10.0.14393.0	Swedish Keyboard Layout
kbdsw09.dll	10.0.14393.0	Sinhala - Wij 9 Keyboard Layout
kbdsyr1.dll	10.0.14393.0	Syriac Standard Keyboard Layout
kbdsyr2.dll	10.0.14393.0	Syriac Phoenetic Keyboard Layout
kbdtaile.dll	10.0.14393.0	Tai Le Keyboard Layout
kbdtajik.dll	10.0.14393.0	Tajik Keyboard Layout
kbdtat.dll	10.0.14393.0	Tatar (Legacy) Keyboard Layout
kbdth0.dll	10.0.14393.0	Thai Kedmanee Keyboard Layout
kbdth1.dll	10.0.14393.0	Thai Pattachote Keyboard Layout
kbdth2.dll	10.0.14393.0	Thai Kedmanee (non-ShiftLock) Keyboard Layout
kbdth3.dll	10.0.14393.0	Thai Pattachote (non-ShiftLock) Keyboard Layout
kbdtifi.dll	10.0.14393.0	Tifinagh (Basic) Keyboard Layout
kbdtifi2.dll	10.0.14393.0	Tifinagh (Extended) Keyboard Layout
kbdtiprc.dll	10.0.14393.0	Tibetan (PRC) Keyboard Layout
kbdtiprd.dll	10.0.14393.0	Tibetan (PRC) - Updated Keyboard Layout
kbdtt102.dll	10.0.14393.0	Tatar Keyboard Layout
kbdtuf.dll	10.0.14393.0	Turkish F Keyboard Layout
kbdtuq.dll	10.0.14393.0	Turkish Q Keyboard Layout
kbdturme.dll	10.0.14393.0	Turkmen Keyboard Layout
kbdtzm.dll	10.0.14393.0	Central Atlas Tamazight Keyboard Layout
kbdughr.dll	10.0.14393.0	Uyghur (Legacy) Keyboard Layout
kbdughr1.dll	10.0.14393.0	Uyghur Keyboard Layout
kbduk.dll	10.0.14393.0	United Kingdom Keyboard Layout
kbdukx.dll	10.0.14393.0	United Kingdom Extended Keyboard Layout
kbdur.dll	10.0.14393.0	Ukrainian Keyboard Layout
kbdur1.dll	10.0.14393.0	Ukrainian (Enhanced) Keyboard Layout
kbdurdu.dll	10.0.14393.0	Urdu Keyboard Layout
kbdus.dll	10.0.14393.0	United States Keyboard Layout
kbdusa.dll	10.0.14393.0	US IBM Arabic 238_L Keyboard Layout
kbdusl.dll	10.0.14393.0	Dvorak Left-Hand US English Keyboard Layout
kbdusr.dll	10.0.14393.0	Dvorak Right-Hand US English Keyboard Layout
kbdusx.dll	10.0.14393.0	US Multinational Keyboard Layout
kbduzb.dll	10.0.14393.0	Uzbek_Cyrillic Keyboard Layout
kbdvntc.dll	10.0.14393.0	Vietnamese Keyboard Layout
kbdwol.dll	10.0.14393.0	Wolof Keyboard Layout
kbdyak.dll	10.0.14393.0	Sakha - Russia Keyboard Layout
kbdyba.dll	10.0.14393.0	Yoruba Keyboard Layout
kbdycc.dll	10.0.14393.0	Serbian (Cyrillic) Keyboard Layout
kbdycl.dll	10.0.14393.0	Serbian (Latin) Keyboard Layout
kerbclientshared.dll	10.0.14393.0	Kerberos Client Shared Functionality
kerberos.dll	10.0.14393.187	Kerberos Security Package
kernel.appcore.dll	10.0.14393.0	AppModel API Host
kernel32.dll	10.0.14393.0	Windows NT BASE API Client DLL
kernelbase.dll	10.0.14393.321	Windows NT BASE API Client DLL
keyiso.dll	10.0.14393.0	CNG Key Isolation Service
keymgr.dll	10.0.14393.0	Stored User Names and Passwords
ksuser.dll	10.0.14393.0	User CSA Library
ktmw32.dll	10.0.14393.0	Windows KTM Win32 Client DLL
l2gpstore.dll	10.0.14393.0	Policy Storage dll
l2nacp.dll	10.0.14393.0	Windows Onex Credential Provider
l2sechc.dll	10.0.14393.0	Layer 2 Security Diagnostics Helper Classes
laprxy.dll	12.0.14393.0	Windows Media Logagent Proxy
licensemanager.dll	10.0.14393.206	LicenseManager
licensemanagerapi.dll	10.0.14393.206	"LicenseManagerApi.DYNLINK"
licensingdiagspp.dll	10.0.14393.0	Licensing Diagnostics SPP Plugin
licmgr10.dll	11.0.14393.0	Microsoft® License Manager DLL
linkinfo.dll	10.0.14393.0	Windows Volume Tracking
loadperf.dll	10.0.14393.0	Load & Unload Performance Counters
localsec.dll	10.0.14393.0	Local Users and Groups MMC Snapin
locationapi.dll	10.0.14393.0	Microsoft Windows Location API
locationframeworkinternalps.dll	10.0.14393.0	Windows Geolocation Framework Internal PS
locationframeworkps.dll	10.0.14393.0	Windows Geolocation Framework PS
lockappbroker.dll	10.0.14393.447	Windows Lock App Broker DLL
loghours.dll	10.0.14393.0	Schedule Dialog
logoncli.dll	10.0.14393.0	Net Logon Client DLL
logoncontroller.dll	10.0.14393.206	Logon UX Controller
lpk.dll	10.0.14393.0	Language Pack
lsmproxy.dll	10.0.14393.0	LSM interfaces proxy Dll
luainstall.dll	10.0.14393.0	Lua manifest install
lz32.dll	5.0.1.1	LZ Expand/Compress API DLL
magnification.dll	10.0.14393.0	Microsoft Magnification API
mantle32.dll	21.19.137.1	Mantle loader
mantleaxl32.dll	21.19.137.1	Mantle extension library
mapconfiguration.dll	10.0.14393.187	MapConfiguration
mapcontrolcore.dll	10.0.14393.351	Map Control Core
mapcontrolstringsres.dll	10.0.14393.187	Map control resource strings
mapgeocoder.dll	10.0.14393.187	Maps Geocoder
mapi32.dll	1.0.2536.0	Extended MAPI 1.0 for Windows NT
mapistub.dll	1.0.2536.0	Extended MAPI 1.0 for Windows NT
maprouter.dll	10.0.14393.187	Maps Router
mapsbtsvc.dll	10.0.14393.187	Maps Background Transfer Service
mbaeapi.dll	10.0.14393.0	Mobile Broadband Account Experience API
mbaeapipublic.dll	10.0.14393.206	Mobile Broadband Account API
mbsmsapi.dll	10.0.14393.206	Microsoft Windows Mobile Broadband SMS API
mbussdapi.dll	10.0.14393.0	Microsoft Windows Mobile Broadband USSD API
mccsengineshared.dll	10.0.14393.0	Utilies shared among OneSync engines
mciavi32.dll	10.0.14393.0	Video For Windows MCI driver
mcicda.dll	10.0.14393.0	MCI driver for cdaudio devices
mciqtz32.dll	10.0.14393.0	DirectShow MCI Driver
mciseq.dll	10.0.14393.0	MCI driver for MIDI sequencer
mciwave.dll	10.0.14393.0	MCI driver for waveform audio
mcrecvsrc.dll	10.0.14393.321	Miracast Media Foundation Source DLL
mdminst.dll	10.0.14393.0	Modem Class Installer
mdmregistration.dll	10.0.14393.0	MDM Registration DLL
messagingdatamodel2.dll	10.0.14393.0	MessagingDataModel2
mf.dll	10.0.14393.187	Media Foundation DLL
mf3216.dll	10.0.14393.0	32-bit to 16-bit Metafile Conversion DLL
mfaacenc.dll	10.0.14393.0	Media Foundation AAC Encoder
mfasfsrcsnk.dll	10.0.14393.0	Media Foundation ASF Source and Sink DLL
mfaudiocnv.dll	10.0.14393.0	Media Foundation Audio Converter DLL
mfc100.dll	10.0.40219.325	MFCDLL Shared Library - Retail Version
mfc100chs.dll	10.0.40219.325	MFC Language Specific Resources
mfc100cht.dll	10.0.40219.325	MFC Language Specific Resources
mfc100deu.dll	10.0.40219.325	MFC Language Specific Resources
mfc100enu.dll	10.0.40219.325	MFC Language Specific Resources
mfc100esn.dll	10.0.40219.325	MFC Language Specific Resources
mfc100fra.dll	10.0.40219.325	MFC Language Specific Resources
mfc100ita.dll	10.0.40219.325	MFC Language Specific Resources
mfc100jpn.dll	10.0.40219.325	MFC Language Specific Resources
mfc100kor.dll	10.0.40219.325	MFC Language Specific Resources
mfc100rus.dll	10.0.40219.325	MFC Language Specific Resources
mfc100u.dll	10.0.40219.325	MFCDLL Shared Library - Retail Version
mfc110.dll	11.0.50727.1	MFCDLL Shared Library - Retail Version
mfc110chs.dll	11.0.50727.1	MFC Language Specific Resources
mfc110cht.dll	11.0.50727.1	MFC Language Specific Resources
mfc110deu.dll	11.0.50727.1	MFC Language Specific Resources
mfc110enu.dll	11.0.50727.1	MFC Language Specific Resources
mfc110esn.dll	11.0.50727.1	MFC Language Specific Resources
mfc110fra.dll	11.0.50727.1	MFC Language Specific Resources
mfc110ita.dll	11.0.50727.1	MFC Language Specific Resources
mfc110jpn.dll	11.0.50727.1	MFC Language Specific Resources
mfc110kor.dll	11.0.50727.1	MFC Language Specific Resources
mfc110rus.dll	11.0.50727.1	MFC Language Specific Resources
mfc110u.dll	11.0.50727.1	MFCDLL Shared Library - Retail Version
mfc120.dll	12.0.21005.1	MFCDLL Shared Library - Retail Version
mfc120chs.dll	12.0.21005.1	MFC Language Specific Resources
mfc120cht.dll	12.0.21005.1	MFC Language Specific Resources
mfc120deu.dll	12.0.21005.1	MFC Language Specific Resources
mfc120enu.dll	12.0.21005.1	MFC Language Specific Resources
mfc120esn.dll	12.0.21005.1	MFC Language Specific Resources
mfc120fra.dll	12.0.21005.1	MFC Language Specific Resources
mfc120ita.dll	12.0.21005.1	MFC Language Specific Resources
mfc120jpn.dll	12.0.21005.1	MFC Language Specific Resources
mfc120kor.dll	12.0.21005.1	MFC Language Specific Resources
mfc120rus.dll	12.0.21005.1	MFC Language Specific Resources
mfc120u.dll	12.0.21005.1	MFCDLL Shared Library - Retail Version
mfc40.dll	4.1.0.6140	MFCDLL Shared Library - Retail Version
mfc40u.dll	4.1.0.6140	MFCDLL Shared Library - Retail Version
mfc42.dll	6.6.8063.0	MFCDLL Shared Library - Retail Version
mfc42u.dll	6.6.8063.0	MFCDLL Shared Library - Retail Version
mfcaptureengine.dll	10.0.14393.0	Media Foundation CaptureEngine DLL
mfcm100.dll	10.0.40219.325	MFC Managed Library - Retail Version
mfcm100u.dll	10.0.40219.325	MFC Managed Library - Retail Version
mfcm110.dll	11.0.50727.1	MFC Managed Library - Retail Version
mfcm110u.dll	11.0.50727.1	MFC Managed Library - Retail Version
mfcm120.dll	12.0.21005.1	MFC Managed Library - Retail Version
mfcm120u.dll	12.0.21005.1	MFC Managed Library - Retail Version
mfcore.dll	10.0.14393.447	Media Foundation Core DLL
mfcsubs.dll	2001.12.10941.16384	COM+
mfds.dll	10.0.14393.0	Media Foundation Direct Show wrapper DLL
mfdvdec.dll	10.0.14393.0	Media Foundation DV Decoder
mferror.dll	10.0.14393.0	Media Foundation Error DLL
mfh263enc.dll	10.0.14393.0	Media Foundation h263 Encoder
mfh264enc.dll	10.0.14393.0	Media Foundation H264 Encoder
mfh265enc.dll	10.0.14393.0	Media Foundation H265 Encoder
mfksproxy.dll	10.0.14393.351	Dshow MF Bridge DLL DLL
mfmediaengine.dll	10.0.14393.447	Media Foundation Media Engine DLL
mfmjpegdec.dll	10.0.14393.0	Media Foundation MJPEG Decoder
mfmkvsrcsnk.dll	10.0.14393.0	Media Foundation MKV Media Source and Sink DLL
mfmp4srcsnk.dll	10.0.14393.351	Media Foundation MPEG4 Source and Sink DLL
mfmpeg2srcsnk.dll	10.0.14393.206	Media Foundation MPEG2 Source and Sink DLL
mfnetcore.dll	10.0.14393.321	Media Foundation Net Core DLL
mfnetsrc.dll	10.0.14393.321	Media Foundation Net Source DLL
mfperfhelper.dll	10.0.14393.0	MFPerf DLL
mfplat.dll	10.0.14393.351	Media Foundation Platform DLL
mfplay.dll	10.0.14393.0	Media Foundation Playback API DLL
mfps.dll	10.0.14393.105	Media Foundation Proxy DLL
mfreadwrite.dll	10.0.14393.206	Media Foundation ReadWrite DLL
mfsensorgroup.dll	10.0.14393.447	Media Foundation Sensor Group DLL
mfsrcsnk.dll	10.0.14393.82	Media Foundation Source and Sink DLL
mfsvr.dll	10.0.14393.447	Media Foundation Simple Video Renderer DLL
mftranscode.dll	10.0.14393.0	Media Foundation Transcode DLL
mfvdsp.dll	10.0.14393.0	Windows Media Foundation Video DSP Components
mfvfw.dll	10.0.14393.0	MF VFW MFT
mfwmaaec.dll	10.0.14393.0	Windows Media Audio AEC for Media Foundation
mgmtapi.dll	10.0.14393.0	Microsoft SNMP Manager API (uses WinSNMP)
mi.dll	10.0.14393.0	Management Infrastructure
mibincodec.dll	10.0.14393.0	Management Infrastructure binary codec component
microsoft.management.infrastructure.native.unmanaged.dll	10.0.14393.0	Microsoft.Management.Infrastructure.Native.Unmanaged.dll
microsoft.uev.appagent.dll	10.0.14393.0	Microsoft.Uev.AppAgent DLL
microsoft.uev.office2010customactions.dll	10.0.14393.0	Microsoft.Uev.Office2010CustomActions DLL
microsoft.uev.office2013customactions.dll	10.0.14393.0	Microsoft.Uev.Office2013CustomActions DLL
microsoftaccountextension.dll	10.0.14393.0	Microsoft Account Extension DLL
microsoftaccounttokenprovider.dll	10.0.14393.0	Microsoft® Account Token Provider
microsoft-windows-mapcontrols.dll	10.0.14393.187	Map Event Resources
microsoft-windows-moshost.dll	10.0.14393.187	MosHost Event Resources
microsoft-windows-mostrace.dll	10.0.14393.187	MOS Event Resources
midimap.dll	10.0.14393.0	Microsoft MIDI Mapper
migisol.dll	10.0.14393.0	Migration System Isolation Layer
miguiresource.dll	10.0.14393.0	MIG wini32 resources
mimefilt.dll	2008.0.14393.0	MIME Filter
mimofcodec.dll	10.0.14393.0	Management Infrastructure mof codec component
minstoreevents.dll	10.0.14393.0	Minstore Event Resource
mintdh.dll	10.0.14393.0	Event Trace Helper Library
miracastreceiver.dll	10.0.14393.206	Miracast Receiver API
mirrordrvcompat.dll	10.0.14393.0	Mirror Driver Compatibility Helper
mispace.dll	10.0.14393.351	Storage Management Provider for Spaces
miutils.dll	10.0.14393.0	Management Infrastructure
mlang.dll	10.0.14393.0	Multi Language Support DLL
mmcbase.dll	10.0.14393.0	MMC Base DLL
mmci.dll	10.0.14393.0	Media class installer
mmcico.dll	10.0.14393.0	Media class co-installer
mmcndmgr.dll	10.0.14393.0	MMC Node Manager DLL
mmcshext.dll	10.0.14393.0	MMC Shell Extension DLL
mmdevapi.dll	10.0.14393.0	MMDevice API
mmres.dll	10.0.14393.0	General Audio Resources
modemui.dll	10.0.14393.0	Windows Modem Properties
moricons.dll	10.0.14393.0	Windows NT Setup Icon Resources Library
mos.dll	10.0.14393.351	mos
moshostclient.dll	10.0.14393.187	MosHostClient
mosresource.dll	10.0.14393.187	Mos resource
mosstorage.dll	10.0.14393.187	MosStorage
mp3dmod.dll	10.0.14393.0	Microsoft MP3 Decoder DMO
mp43decd.dll	10.0.14393.0	Windows Media MPEG-4 Video Decoder
mp4sdecd.dll	10.0.14393.0	Windows Media MPEG-4 S Video Decoder
mpg4decd.dll	10.0.14393.0	Windows Media MPEG-4 Video Decoder
mpr.dll	10.0.14393.0	Multiple Provider Router DLL
mprapi.dll	10.0.14393.206	Windows NT MP Router Administration DLL
mprddm.dll	10.0.14393.206	Demand Dial Manager Supervisor
mprdim.dll	10.0.14393.206	Dynamic Interface Manager
mprext.dll	10.0.14393.0	Multiple Provider Router Extension DLL
mprmsg.dll	10.0.14393.0	Multi-Protocol Router Service Messages DLL
mqcertui.dll	10.0.10586.0	Message Queuing Certificate Dialogs
mqsnap.dll	10.0.10586.0	Message Queuing Snapin
mrmcorer.dll	10.0.14393.0	Microsoft Windows MRM
mrmindexer.dll	10.0.14393.0	Microsoft Windows MRM
mrt_map.dll	1.0.24120.0	Microsoft .NET Native Error Reporting Helper
mrt100.dll	1.0.24120.0	Microsoft .NET Native Runtime
ms3dthumbnailprovider.dll	10.0.14393.0	3MF Metadata Handler
msaatext.dll	2.0.10413.0	Active Accessibility text support
msac3enc.dll	10.0.14393.206	Microsoft AC-3 Encoder
msacm32.dll	10.0.14393.0	Microsoft ACM Audio Filter
msadce.dll	10.0.14393.0	OLE DB Cursor Engine
msadcer.dll	10.0.14393.0	OLE DB Cursor Engine Resources
msadco.dll	10.0.14393.0	Remote Data Services Data Control
msadcor.dll	10.0.14393.0	Remote Data Services Data Control Resources
msadds.dll	10.0.14393.0	OLE DB Data Shape Provider
msaddsr.dll	10.0.14393.0	OLE DB Data Shape Provider Resources
msader15.dll	10.0.14393.0	ActiveX Data Objects Resources
msado15.dll	10.0.14393.0	ActiveX Data Objects
msadomd.dll	10.0.14393.0	ActiveX Data Objects (Multi-Dimensional)
msador15.dll	10.0.14393.0	Microsoft ActiveX Data Objects Recordset
msadox.dll	10.0.14393.0	ActiveX Data Objects Extensions
msadrh15.dll	10.0.14393.0	ActiveX Data Objects Rowset Helper
msafd.dll	10.0.14393.0	Microsoft Windows Sockets 2.0 Service Provider
msajapi.dll	10.0.14393.187	AllJoyn API Library
msalacdecoder.dll	10.0.14393.0	Media Foundation ALAC Decoder
msalacencoder.dll	10.0.14393.0	Media Foundation ALAC Encoder
msamrnbdecoder.dll	10.0.14393.0	AMR Narrowband Decoder DLL
msamrnbencoder.dll	10.0.14393.0	AMR Narrowband Encoder DLL
msamrnbsink.dll	10.0.14393.0	AMR Narrowband Sink DLL
msamrnbsource.dll	10.0.14393.0	AMR Narrowband Source DLL
msasn1.dll	10.0.14393.0	ASN.1 Runtime APIs
msauddecmft.dll	10.0.14393.0	Media Foundation Audio Decoders
msaudite.dll	10.0.14393.0	Security Audit Events DLL
msauserext.dll	10.0.14393.0	MSA USER Extension DLL
mscandui.dll	10.0.14393.0	MSCANDUI Server DLL
mscat32.dll	10.0.14393.0	MSCAT32 Forwarder DLL
msclmd.dll	10.0.14393.0	Microsoft Class Mini-driver
mscms.dll	10.0.14393.0	Microsoft Color Matching System DLL
mscoree.dll	10.0.14393.0	Microsoft .NET Runtime Execution Engine
mscorier.dll	10.0.14393.0	Microsoft .NET Runtime IE resources
mscories.dll	2.0.50727.8745	Microsoft .NET IE SECURITY REGISTRATION
mscpx32r.dll	10.0.14393.0	ODBC Code Page Translator Resources
mscpxl32.dll	10.0.14393.0	ODBC Code Page Translator
msctf.dll	10.0.14393.447	MSCTF Server DLL
msctfmonitor.dll	10.0.14393.0	MsCtfMonitor DLL
msctfp.dll	10.0.14393.0	MSCTFP Server DLL
msctfui.dll	10.0.14393.0	MSCTFUI Server DLL
msctfuimanager.dll	10.0.14393.0	Microsoft UIManager DLL
msdadc.dll	10.0.14393.0	OLE DB Data Conversion Stub
msdadiag.dll	10.0.14393.0	Built-In Diagnostics
msdaenum.dll	10.0.14393.0	OLE DB Root Enumerator Stub
msdaer.dll	10.0.14393.0	OLE DB Error Collection Stub
msdaora.dll	10.0.14393.0	OLE DB Provider for Oracle
msdaorar.dll	10.0.14393.0	OLE DB Provider for Oracle Resources
msdaosp.dll	10.0.14393.0	OLE DB Simple Provider
msdaprsr.dll	10.0.14393.0	OLE DB Persistence Services Resources
msdaprst.dll	10.0.14393.0	OLE DB Persistence Services
msdaps.dll	10.0.14393.0	OLE DB Interface Proxies/Stubs
msdarem.dll	10.0.14393.0	OLE DB Remote Provider
msdaremr.dll	10.0.14393.0	OLE DB Remote Provider Resources
msdart.dll	10.0.14393.0	OLE DB Runtime Routines
msdasc.dll	10.0.14393.0	OLE DB Service Components Stub
msdasql.dll	10.0.14393.0	OLE DB Provider for ODBC Drivers
msdasqlr.dll	10.0.14393.0	OLE DB Provider for ODBC Drivers Resources
msdatl3.dll	10.0.14393.0	OLE DB Implementation Support Routines
msdatt.dll	10.0.14393.0	OLE DB Temporary Table Services
msdaurl.dll	10.0.14393.0	OLE DB RootBinder Stub
msdelta.dll	5.0.1.1	Microsoft Patch Engine
msdfmap.dll	10.0.14393.0	Data Factory Handler
msdmeng.dll	8.0.2039.0	Microsoft Data Mining Engine
msdmine.dll	8.0.2039.0	Microsoft OLE DB Provider for Data Mining Services
msdmo.dll	10.0.14393.0	DMO Runtime
msdrm.dll	10.0.14393.0	Windows Rights Management client
msdtcprx.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator OLE Transactions Interface Proxy DLL
msdtcuiu.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator Administrative DLL
msdtcvsp1res.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator Resources for Vista SP1
msexch40.dll	4.0.9756.0	Microsoft Jet Exchange Isam
msexcl40.dll	4.0.9756.0	Microsoft Jet Excel Isam
msfeeds.dll	11.0.14393.321	Microsoft Feeds Manager
msfeedsbs.dll	11.0.14393.0	Microsoft Feeds Background Sync
msflacdecoder.dll	10.0.14393.0	Media Foundation FLAC Decoder
msflacencoder.dll	10.0.14393.0	Media Foundation FLAC Encoder
msftedit.dll	10.0.14393.206	Rich Text Edit Control, v8.5
mshtml.dll	11.0.14393.447	Microsoft (R) HTML Viewer
mshtmldac.dll	11.0.14393.0	DAC for Trident DOM
mshtmled.dll	11.0.14393.447	Microsoft® HTML Editing Component
mshtmler.dll	11.0.14393.0	Microsoft® HTML Editing Component's Resource DLL
msi.dll	5.0.14393.321	Windows Installer
msidcrl40.dll	10.0.14393.0	Microsoft® Account Dynamic Link Library
msident.dll	10.0.14393.0	Microsoft Identity Manager
msidle.dll	10.0.14393.0	User Idle Monitor
msidntld.dll	10.0.14393.0	Microsoft Identity Manager
msieftp.dll	10.0.14393.0	Microsoft Internet Explorer FTP Folder Shell Extension
msihnd.dll	5.0.14393.0	Windows® installer
msiltcfg.dll	5.0.14393.0	Windows Installer Configuration API Stub
msimg32.dll	10.0.14393.0	GDIEXT Client DLL
msimsg.dll	5.0.14393.0	Windows® Installer International Messages
msimtf.dll	10.0.14393.0	Active IMM Server DLL
msisip.dll	5.0.14393.0	MSI Signature SIP Provider
msiwer.dll	5.0.14393.0	MSI Windows Error Reporting
msjet40.dll	4.0.9765.0	Microsoft Jet Engine Library
msjetoledb40.dll	4.0.9756.0
msjint40.dll	4.0.9765.0	Microsoft Jet Database Engine International DLL
msjro.dll	10.0.14393.0	Jet and Replication Objects
msjter40.dll	4.0.9756.0	Microsoft Jet Database Engine Error DLL
msjtes40.dll	4.0.9756.0	Microsoft Jet Expression Service
mskeyprotcli.dll	10.0.14393.0	Windows Client Key Protection Provider
mskeyprotect.dll	10.0.14393.0	Microsoft Key Protection Provider
msls31.dll	3.10.349.0	Microsoft Line Services library file
msltus40.dll	4.0.9756.0	Microsoft Jet Lotus 1-2-3 Isam
msmapi32.dll	12.0.4518.1014	Extended MAPI 1.0 for Windows NT
msmdcb80.dll	8.0.2039.0	PivotTable Service dll
msmdgd80.dll	8.0.2039.0	Microsoft SQL Server Analysis Services driver
msmdlocal.dll	9.0.3017.0	Microsoft SQL Server Analysis Services
msmdun80.dll	2000.80.2039.0	String Function .DLL for SQL Enterprise Components
msmgdsrv.dll	9.0.3017.0	Microsoft SQL Server Analysis Services Managed Module
msmpeg2adec.dll	10.0.14393.0	Microsoft DTV-DVD Audio Decoder
msmpeg2enc.dll	10.0.14393.0	Microsoft MPEG-2 Encoder
msmpeg2vdec.dll	10.0.14393.187	Microsoft DTV-DVD Video Decoder
msobjs.dll	10.0.14393.0	System object audit names
msoeacct.dll	10.0.14393.0	Microsoft Internet Account Manager
msoert2.dll	10.0.14393.0	Microsoft Windows Mail RT Lib
msolap80.dll	8.0.2216.0	Microsoft OLE DB Provider for Analysis Services 8.0
msolap90.dll	9.0.3017.0	Microsoft OLE DB Provider for Analysis Services 9.0
msolui80.dll	8.0.0.2039	Microsoft OLE DB provider for Analysis Services connection dialog 8.0
msolui90.dll	9.0.3017.0	Microsoft OLE DB Provider for Analysis Services Connection Dialog 9.0
msopusdecoder.dll	10.0.14393.0	Media Foundation Opus Decoder
msorc32r.dll	10.0.14393.0	ODBC Driver for Oracle Resources
msorcl32.dll	10.0.14393.0	ODBC Driver for Oracle
mspatcha.dll	5.0.1.1	Microsoft File Patch Application API
mspatchc.dll	5.0.1.1	Microsoft Patch Creation Engine
mspbde40.dll	4.0.9756.0	Microsoft Jet Paradox Isam
msphotography.dll	10.0.14393.0	MS Photography DLL
msports.dll	10.0.14393.0	Ports Class Installer
msrating.dll	10.0.14393.0	"msrating.DYNLINK"
msrd2x40.dll	4.0.9756.0	Microsoft (R) Red ISAM
msrd3x40.dll	4.0.9756.0	Microsoft (R) Red ISAM
msrdc.dll	10.0.14393.0	Remote Differential Compression COM server
msrdpwebaccess.dll	10.0.14393.0	Microsoft Remote Desktop Services Web Access Control
msrepl40.dll	4.0.9756.0	Microsoft Replication Library
msrle32.dll	10.0.14393.0	Microsoft RLE Compressor
msscntrs.dll	7.0.14393.0	PKM Perfmon Counter DLL
mssign32.dll	10.0.14393.0	Microsoft Trust Signing APIs
mssip32.dll	10.0.14393.0	MSSIP32 Forwarder DLL
mssitlb.dll	7.0.14393.0	mssitlb
msspellcheckingfacility.dll	10.0.14393.0	Microsoft Spell Checking Facility
mssph.dll	7.0.14393.0	Microsoft Search Protocol Handler
mssphtb.dll	7.0.14393.0	Outlook MSSearch Connector
mssprxy.dll	7.0.14393.0	Microsoft Search Proxy
mssrch.dll	7.0.14393.206	Microsoft Embedded Search
msstdfmt.dll	6.0.84.50	Microsoft Standard Data Formating Object DLL
mssvp.dll	7.0.14393.0	MSSearch Vista Platform
mstask.dll	10.0.14393.0	Task Scheduler interface DLL
mstext40.dll	4.0.9756.0	Microsoft Jet Text Isam
mstscax.dll	10.0.14393.447	Remote Desktop Services ActiveX Client
msutb.dll	10.0.14393.0	MSUTB Server DLL
msv1_0.dll	10.0.14393.447	Microsoft Authentication Package v1.0
msvbvm60.dll	6.0.98.15	Visual Basic Virtual Machine
msvcirt.dll	7.0.14393.0	Windows NT IOStreams DLL
msvcp_win.dll	10.0.14393.0	Microsoft® C Runtime Library
msvcp100.dll	10.0.40219.325	Microsoft® C Runtime Library
msvcp110.dll	11.0.51106.1	Microsoft® C Runtime Library
msvcp110_win.dll	10.0.14393.0	Microsoft® STL110 C++ Runtime Library
msvcp120.dll	12.0.21005.1	Microsoft® C Runtime Library
msvcp120_clr0400.dll	12.0.52512.0	Microsoft® C Runtime Library
msvcp60.dll	7.0.14393.0	Windows NT C++ Runtime Library DLL
msvcp71.dll	7.10.3077.0	Microsoft® C++ Runtime Library
msvcr100.dll	10.0.40219.325	Microsoft® C Runtime Library
msvcr100_clr0400.dll	14.6.1586.0	Microsoft® .NET Framework
msvcr110.dll	11.0.51106.1	Microsoft® C Runtime Library
msvcr120.dll	12.0.21005.1	Microsoft® C Runtime Library
msvcr120_clr0400.dll	12.0.52512.0	Microsoft® C Runtime Library
msvcr71.dll	7.10.3052.4	Microsoft® C Runtime Library
msvcrt.dll	7.0.14393.0	Windows NT CRT DLL
msvcrt20.dll	2.12.0.0	Microsoft® C Runtime Library
msvcrt40.dll	10.0.14393.0	VC 4.x CRT DLL (Forwarded to msvcrt.dll)
msvfw32.dll	10.0.14393.0	Microsoft Video for Windows DLL
msvidc32.dll	10.0.14393.0	Microsoft Video 1 Compressor
msvidctl.dll	6.5.14393.447	ActiveX control for streaming video
msvideodsp.dll	10.0.14393.0	Video Stabilization MFT
msvp9dec.dll	10.0.14393.0	Windows VP9 Video Decoder
msvproc.dll	10.0.14393.351	Media Foundation Video Processor
msvpxenc.dll	10.0.14393.206	Windows VPX Video Encoder
mswb7.dll	10.0.14393.0	MSWB7 DLL
mswdat10.dll	4.0.9756.0	Microsoft Jet Sort Tables
mswmdm.dll	12.0.14393.0	Windows Media Device Manager Core
mswsock.dll	10.0.14393.0	Microsoft Windows Sockets 2.0 Service Provider
mswstr10.dll	4.0.9765.0	Microsoft Jet Sort Library
msxactps.dll	10.0.14393.0	OLE DB Transaction Proxies/Stubs
msxbde40.dll	4.0.9756.0	Microsoft Jet xBASE Isam
msxml3.dll	8.110.14393.0	MSXML 3.0
msxml3r.dll	8.110.14393.0	XML Resources
msxml6.dll	6.30.14393.321	MSXML 6.0
msxml6r.dll	6.30.14393.187	XML Resources
msyuv.dll	10.0.14393.0	Microsoft UYVY Video Decompressor
mtf.dll	10.0.14393.0	"MTF.DYNLINK"
mtxclu.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator Failover Clustering Support DLL
mtxdm.dll	2001.12.10941.16384	COM+
mtxex.dll	2001.12.10941.16384	COM+
mtxlegih.dll	2001.12.10941.16384	COM+
mtxoci.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator Database Support DLL for Oracle
muifontsetup.dll	10.0.14393.0	MUI Callback for font registry settings
mycomput.dll	10.0.14393.0	Computer Management
mydocs.dll	10.0.14393.0	My Documents Folder UI
napcrypt.dll	10.0.14393.0	NAP Cryptographic API helper
napinsp.dll	10.0.14393.0	E-mail Naming Shim Provider
naturallanguage6.dll	10.0.14393.206	Natural Language Development Platform 6
ncaapi.dll	10.0.14393.0	Microsoft Network Connectivity Assistant API
ncdprop.dll	10.0.14393.0	Advanced network device properties
nci.dll	10.0.14393.0	CoInstaller: NET
ncobjapi.dll	10.0.14393.0	Microsoft® Windows® Operating System
ncrypt.dll	10.0.14393.0	Windows NCrypt Router
ncryptprov.dll	10.0.14393.0	Microsoft KSP
ncryptsslp.dll	10.0.14393.0	Microsoft SChannel Provider
nddeapi.dll	10.0.14393.0	Network DDE Share Management APIs
ndfapi.dll	10.0.14393.0	Network Diagnostic Framework Client API
ndfetw.dll	10.0.14393.0	Network Diagnostic Engine Event Interface
ndfhcdiscovery.dll	10.0.14393.0	Network Diagnostic Framework HC Discovery API
ndishc.dll	10.0.14393.0	NDIS Helper Classes
ndproxystub.dll	10.0.14393.0	Network Diagnostic Engine Proxy/Stub
negoexts.dll	10.0.14393.0	NegoExtender Security Package
netapi32.dll	10.0.14393.0	Net Win32 API DLL
netbios.dll	10.0.14393.0	NetBIOS Interface Library
netcenter.dll	10.0.14393.0	Network Center control panel
netcfgx.dll	10.0.14393.0	Network Configuration Objects
netcorehc.dll	10.0.14393.0	Networking Core Diagnostics Helper Classes
netdiagfx.dll	10.0.14393.0	Network Diagnostic Framework
netevent.dll	10.0.14393.0	Net Event Handler
netfxperf.dll	10.0.14393.0	Extensible Performance Counter Shim
neth.dll	10.0.14393.0	Net Help Messages DLL
netid.dll	10.0.14393.0	System Control Panel Applet; Network ID Page
netiohlp.dll	10.0.14393.0	Netio Helper DLL
netjoin.dll	10.0.14393.0	Domain Join DLL
netlogon.dll	10.0.14393.0	Net Logon Services DLL
netmsg.dll	10.0.14393.0	Net Messages DLL
netplwiz.dll	10.0.14393.0	Map Network Drives/Network Places Wizard
netprofm.dll	10.0.14393.0	Network List Manager
netprovfw.dll	10.0.14393.0	Provisioning Service Framework DLL
netprovisionsp.dll	10.0.14393.0	Provisioning Service Provider DLL
netsetupapi.dll	10.0.14393.447	Network Configuration API
netsetupengine.dll	10.0.14393.447	Network Configuration Engine
netsetupshim.dll	10.0.14393.0	Network Configuration API
netshell.dll	10.0.14393.321	Network Connections Shell
netutils.dll	10.0.14393.0	Net Win32 API Helpers DLL
networkcollectionagent.dll	11.0.14393.206	Network Collection Agent
networkexplorer.dll	10.0.14393.0	Network Explorer
networkhelper.dll	10.0.14393.0	Network utilities for mail, contacts, calendar
networkitemfactory.dll	10.0.14393.0	NetworkItem Factory
newdev.dll	6.0.5054.0	Add Hardware Device Library
ngccredprov.dll	10.0.14393.206	Microsoft Passport Credential Provider
ngckeyenum.dll	10.0.14393.0	Microsoft Passport Key Enumeration Manager
ngcksp.dll	10.0.14393.0	Microsoft Passport Key Storage Provider
ninput.dll	10.0.14393.0	Microsoft Pen and Touch Input Component
nlaapi.dll	10.0.14393.0	Network Location Awareness 2
nlhtml.dll	2008.0.14393.0	HTML filter
nlmgp.dll	10.0.14393.0	Network List Manager Snapin
nlmproxy.dll	10.0.14393.0	Network List Manager Public Proxy
nlmsprep.dll	10.0.14393.0	Network List Manager Sysprep Module
nlsbres.dll	10.0.14393.0	NLSBuild resource DLL
nlsdata0000.dll	10.0.14393.0	Microsoft Neutral Natural Language Server Data and Code
nlsdata0009.dll	10.0.14393.0	Microsoft English Natural Language Server Data and Code
nlsdl.dll	10.0.14393.0	Nls Downlevel DLL
nlslexicons0009.dll	10.0.14393.0	Microsoft English Natural Language Server Data and Code
nmaa.dll	10.0.14393.351	NMAA
nmadirect.dll	10.0.14393.187	Nma Direct
normaliz.dll	10.0.14393.0	Unicode Normalization DLL
notificationobjfactory.dll	10.0.14393.0	Notifications Object Factory
npmproxy.dll	10.0.14393.0	Network List Manager Proxy
npsm.dll	10.0.14393.447	NPSM
npsmdesktopprovider.dll	10.0.14393.0	<d> NPSM Desktop Local Provider DLL
nshhttp.dll	10.0.14393.0	HTTP netsh DLL
nshipsec.dll	10.0.14393.0	Net Shell IP Security helper DLL
nshwfp.dll	10.0.14393.206	Windows Filtering Platform Netsh Helper
nsi.dll	10.0.14393.0	NSI User-mode interface DLL
ntasn1.dll	10.0.14393.0	Microsoft ASN.1 API
ntdll.dll	10.0.14393.447	NT Layer DLL
ntdsapi.dll	10.0.14393.0	Active Directory Domain Services API
ntlanman.dll	10.0.14393.0	Microsoft® Lan Manager
ntlanui2.dll	10.0.14393.0	Network object shell UI
ntlmshared.dll	10.0.14393.0	NTLM Shared Functionality
ntmarta.dll	10.0.14393.0	Windows NT MARTA provider
ntprint.dll	10.0.14393.0	Spooler Setup DLL
ntshrui.dll	10.0.14393.447	Shell extensions for sharing
ntvdm64.dll	10.0.14393.0	16-bit Emulation on NT64
objsel.dll	10.0.14393.0	Object Picker Dialog
occache.dll	11.0.14393.0	Object Control Viewer
ocsetapi.dll	10.0.14393.0	Windows Optional Component Setup API
odbc32.dll	10.0.14393.0	ODBC Driver Manager
odbcbcp.dll	10.0.14393.0	BCP for ODBC
odbcconf.dll	10.0.14393.206	ODBC Driver Configuration Program
odbccp32.dll	10.0.14393.0	ODBC Installer
odbccr32.dll	10.0.14393.0	ODBC Cursor Library
odbccu32.dll	10.0.14393.0	ODBC Cursor Library
odbcint.dll	10.0.14393.0	ODBC Resources
odbcji32.dll	10.0.14393.0	Microsoft ODBC Desktop Driver Pack 3.5
odbcjt32.dll	10.0.14393.0	Microsoft ODBC Desktop Driver Pack 3.5
odbctrac.dll	10.0.14393.0	ODBC Driver Manager Trace
oddbse32.dll	10.0.14393.0	ODBC (3.0) driver for DBase
odexl32.dll	10.0.14393.0	ODBC (3.0) driver for Excel
odfox32.dll	10.0.14393.0	ODBC (3.0) driver for FoxPro
odpdx32.dll	10.0.14393.0	ODBC (3.0) driver for Paradox
odtext32.dll	10.0.14393.0	ODBC (3.0) driver for text files
oemlicense.dll	10.0.14393.0	Client Licensing Platform Client Provisioning
offfilt.dll	2008.0.14393.0	OFFICE Filter
offlinelsa.dll	10.0.14393.82	Windows
offlinesam.dll	10.0.14393.206	Windows
offreg.dll	10.0.14393.321	Offline registry DLL
ole2.dll	3.10.0.103	Windows Win16 Application Launcher
ole2disp.dll	3.10.0.103	Windows Win16 Application Launcher
ole2nls.dll	3.10.0.103	Windows Win16 Application Launcher
ole32.dll	10.0.14393.447	Microsoft OLE for Windows
oleacc.dll	7.2.14393.206	Active Accessibility Core Component
oleacchooks.dll	7.2.14393.0	Active Accessibility Event Hooks Library
oleaccrc.dll	7.2.14393.0	Active Accessibility Resource DLL
oleaut32.dll	10.0.14393.447	OLEAUT32.DLL
olecli32.dll	10.0.14393.0	Object Linking and Embedding Client Library
oledb32.dll	10.0.14393.206	OLE DB Core Services
oledb32r.dll	10.0.14393.0	OLE DB Core Services Resources
oledlg.dll	10.0.14393.0	OLE User Interface Support
oleprn.dll	10.0.14393.0	Oleprn DLL
olepro32.dll	10.0.14393.447	OLEPRO32.DLL
olesvr32.dll	10.0.14393.0	Object Linking and Embedding Server Library
olethk32.dll	10.0.14393.0	Microsoft OLE for Windows
omadmapi.dll	10.0.14393.0	omadmapi
ondemandbrokerclient.dll	10.0.14393.0	OnDemandBrokerClient
ondemandconnroutehelper.dll	10.0.14393.0	On Demand Connctiond Route Helper
onecorecommonproxystub.dll	10.0.14393.0	OneCore Common Proxy Stub
onecoreuapcommonproxystub.dll	10.0.14393.0	OneCoreUAP Common Proxy Stub
onedrivesettingsyncprovider.dll	10.0.14393.187	OneDrive Setting Sync
onex.dll	10.0.14393.0	IEEE 802.1X supplicant library
onexui.dll	10.0.14393.0	IEEE 802.1X supplicant UI library
oobefldr.dll	10.0.14393.0	Getting Started
opcservices.dll	10.0.14393.0	Native Code OPC Services Library
opencl.dll	21.19.137.1	OpenCL Client DLL
opengl32.dll	10.0.14393.0	OpenGL Client DLL
ortcengine.dll	6.0.8959.193	Microsoft Skype ORTC Engine
osbaseln.dll	10.0.14393.0	Service Reporting API
osksupport.dll	10.0.14393.0	Microsoft On-Screen Keyboard Support Utilities
osuninst.dll	10.0.14393.0	Uninstall Interface
p2p.dll	10.0.14393.0	Peer-to-Peer Grouping
p2pgraph.dll	10.0.14393.0	Peer-to-Peer Graphing
p2pnetsh.dll	10.0.14393.0	Peer-to-Peer NetSh Helper
packager.dll	10.0.14393.0	Object Packager2
packagestateroaming.dll	10.0.14393.0	Package State Roaming
panmap.dll	10.0.14393.0	PANOSE(tm) Font Mapper
pautoenr.dll	10.0.14393.0	Auto Enrollment DLL
pcacli.dll	10.0.14393.0	Program Compatibility Assistant Client Module
pcaui.dll	10.0.14393.0	Program Compatibility Assistant User Interface Module
pcpksp.dll	10.0.14393.0	Microsoft Platform Key Storage Provider for Platform Crypto Provider
pcptpm12.dll	10.0.14393.0	Microsoft Platform Crypto Provider for Trusted Platform Module 1.2
pcshellcommonproxystub.dll	10.0.14393.0	PCShell Common Proxy Stub
pcwum.dll	10.0.14393.0	Performance Counters for Windows Native DLL
pdh.dll	10.0.14393.206	Windows Performance Data Helper DLL
pdhui.dll	10.0.14393.0	PDH UI
peerdist.dll	10.0.14393.0	BranchCache Client Library
peerdistsh.dll	10.0.14393.0	BranchCache Netshell Helper
perfctrs.dll	10.0.14393.0	Performance Counters
perfdisk.dll	10.0.14393.0	Windows Disk Performance Objects DLL
perfnet.dll	10.0.14393.0	Windows Network Service Performance Objects DLL
perfos.dll	10.0.14393.0	Windows System Performance Objects DLL
perfproc.dll	10.0.14393.0	Windows System Process Performance Objects DLL
perfts.dll	10.0.14393.0	Windows Remote Desktop Services Performance Objects
personax.dll	10.0.14393.0	PersonaX
phonecallhistoryapis.dll	10.0.14393.0	DLL for PhoneCallHistoryRT
phoneom.dll	10.0.14393.0	Phone Object Model
phoneplatformabstraction.dll	10.0.14393.0	Phone Platform Abstraction
phoneutil.dll	10.0.14393.187	Phone utilities
phoneutilres.dll	10.0.14393.187	Resource DLL for Phone utilities
photometadatahandler.dll	10.0.14393.0	Photo Metadata Handler
photowiz.dll	10.0.14393.0	Photo Printing Wizard
pid.dll	10.0.14393.0	Microsoft PID
pidgenx.dll	10.0.14393.67	Pid Generation
pifmgr.dll	10.0.14393.0	Windows NT PIF Manager Icon Resources Library
pimindexmaintenanceclient.dll	10.0.14393.0	Client dll for Pim Index Maintenance
pimstore.dll	10.0.14393.0	POOM
pku2u.dll	10.0.14393.0	Pku2u Security Package
pla.dll	10.0.14393.0	Performance Logs & Alerts
playlistfolder.dll	10.0.14393.0	Playlist Folder
playsndsrv.dll	10.0.14393.0	PlaySound Service
playtodevice.dll	10.0.14393.206	PLAYTODEVICE DLL
playtomanager.dll	10.0.14393.206	Microsoft Windows PlayTo Manager
playtomenu.dll	12.0.14393.0	Cast to Device Menu DLL
playtoreceiver.dll	10.0.14393.206	DLNA DMR DLL
playtostatusprovider.dll	10.0.14393.0	PlayTo Status Provider Dll
pngfilt.dll	11.0.14393.0	IE PNG plugin image decoder
pnrpnsp.dll	10.0.14393.0	PNRP Name Space Provider
policymanager.dll	10.0.14393.0	Policy Manager DLL
polstore.dll	10.0.14393.0	Policy Storage dll
portabledeviceapi.dll	10.0.14393.0	Windows Portable Device API Components
portabledeviceclassextension.dll	10.0.14393.0	Windows Portable Device Class Extension Component
portabledeviceconnectapi.dll	10.0.14393.0	Portable Device Connection API Components
portabledevicestatus.dll	10.0.14393.0	Microsoft Windows Portable Device Status Provider
portabledevicesyncprovider.dll	10.0.14393.0	Microsoft Windows Portable Device Provider.
portabledevicetypes.dll	10.0.14393.0	Windows Portable Device (Parameter) Types Component
portabledevicewiacompat.dll	10.0.14393.0	PortableDevice WIA Compatibility Driver
posyncservices.dll	10.0.14393.187	Change Tracking
pots.dll	10.0.14393.0	Power Troubleshooter
powercpl.dll	10.0.14393.0	Power Options Control Panel
powrprof.dll	10.0.14393.0	Power Profile Helper DLL
presentationhostproxy.dll	10.0.14393.0	Windows Presentation Foundation Host Proxy
prflbmsg.dll	10.0.14393.0	Perflib Event Messages
printconfig.dll	0.3.14393.0	PrintConfig User Interface
printdialogs.dll	10.0.14393.206	Microsoft® Windows® Operating System
printplatformconfig.dll	10.0.14393.0	Legacy Print Platform Adapter
printui.dll	10.0.14393.0	Printer Settings User Interface
prncache.dll	10.0.14393.0	Print UI Cache
prnfldr.dll	10.0.14393.0	prnfldr dll
prnntfy.dll	10.0.14393.0	prnntfy DLL
prntvpt.dll	10.0.14393.0	Print Ticket Services Module
profapi.dll	10.0.14393.0	User Profile Basic API
profext.dll	10.0.14393.0	profext
propsys.dll	7.0.14393.0	Microsoft Property System
provcore.dll	10.0.14393.0	Microsoft Wireless Provisioning Core
provsvc.dll	10.0.14393.0	Windows HomeGroup
provthrd.dll	10.0.14393.0	WMI Provider Thread & Log Library
proximitycommon.dll	10.0.14393.0	Proximity Common Implementation
proximitycommonpal.dll	10.0.14393.0	Proximity Common PAL
proximityrtapipal.dll	10.0.14393.0	Proximity WinRT API PAL
prvdmofcomp.dll	10.0.14393.0	WMI
psapi.dll	10.0.14393.0	Process Status Helper
pshed.dll	10.0.14393.0	Platform Specific Hardware Error Driver
psisdecd.dll	10.0.14393.0	Microsoft SI/PSI parser for MPEG2 based networks.
psmodulediscoveryprovider.dll	10.0.14393.0	WMI
pstorec.dll	10.0.14393.0	Deprecated Protected Storage COM interfaces
puiapi.dll	10.0.14393.0	puiapi DLL
puiobj.dll	10.0.14393.0	PrintUI Objects DLL
pwrshplugin.dll	10.0.14393.206	pwrshplugin.dll
qasf.dll	12.0.14393.0	DirectShow ASF Support
qcap.dll	10.0.14393.0	DirectShow Runtime.
qdv.dll	10.0.14393.0	DirectShow Runtime.
qdvd.dll	10.0.14393.187	DirectShow DVD PlayBack Runtime.
qedit.dll	10.0.14393.0	DirectShow Editing.
qedwipes.dll	10.0.14393.0	DirectShow Editing SMPTE Wipes
quartz.dll	10.0.14393.0	DirectShow Runtime.
query.dll	10.0.14393.0	Content Index Utility DLL
qwave.dll	10.0.14393.0	Windows NT
racengn.dll	10.0.14393.0	Reliability analysis metrics calculation engine
racpldlg.dll	10.0.14393.0	Remote Assistance Contact List
radardt.dll	10.0.14393.0	Microsoft Windows Resource Exhaustion Detector
radarrs.dll	10.0.14393.0	Microsoft Windows Resource Exhaustion Resolver
radcui.dll	10.0.14393.0	RemoteApp and Desktop Connection UI Component
rasadhlp.dll	10.0.14393.0	Remote Access AutoDial Helper
rasapi32.dll	10.0.14393.0	Remote Access API
raschap.dll	10.0.14393.0	Remote Access PPP CHAP
raschapext.dll	10.0.14393.0	Windows Extension library for raschap
rasctrs.dll	10.0.14393.0	Windows NT Remote Access Perfmon Counter dll
rasdiag.dll	10.0.14393.0	RAS Diagnostics Helper Classes
rasdlg.dll	10.0.14393.0	Remote Access Common Dialog API
rasgcw.dll	10.0.14393.0	RAS Wizard Pages
rasman.dll	10.0.14393.0	Remote Access Connection Manager
rasmontr.dll	10.0.14393.0	RAS Monitor DLL
rasplap.dll	10.0.14393.0	RAS PLAP Credential Provider
rasppp.dll	10.0.14393.0	Remote Access PPP
rastapi.dll	10.0.14393.0	Remote Access TAPI Compliance Layer
rastls.dll	10.0.14393.0	Remote Access PPP EAP-TLS
rastlsext.dll	10.0.14393.0	Windows Extension library for rastls
rdpcore.dll	10.0.14393.447	RDP Core DLL
rdpencom.dll	10.0.14393.0	RDPSRAPI COM Objects
rdpendp.dll	10.0.14393.0	RDP Audio Endpoint
rdpsaps.dll	10.0.14393.0	RDP Session Agent Proxy Stub
rdvgocl32.dll	10.0.14393.0	Microsoft RemoteFX OpenCL ICD
rdvgogl32.dll	10.0.14393.0	Microsoft RemoteFX OpenGL
rdvgu1132.dll	10.0.14393.0	Microsoft RemoteFX Virtual GPU
rdvgumd32.dll	10.0.14393.0	Microsoft RemoteFX Virtual GPU
rdvvmtransport.dll	10.0.14393.0	RdvVmTransport EndPoints
reagent.dll	10.0.14393.206	Microsoft Windows Recovery Agent DLL
regapi.dll	10.0.14393.0	Registry Configuration APIs
regctrl.dll	10.0.14393.0	RegCtrl
reinfo.dll	10.0.14393.0	Microsoft Windows Recovery Info DLL
remoteaudioendpoint.dll	10.0.14393.0	Remote Audio Endpoint
remotenaturallanguage.dll	1.0.0.1	Speech Client Communication To Backend Speech Services Library.
remotepg.dll	10.0.14393.0	Remote Sessions CPL Extension
removedevicecontexthandler.dll	10.0.14393.0	Devices & Printers Remove Device Context Menu Handler
removedeviceelevated.dll	10.0.14393.0	RemoveDeviceElevated Proxy Dll
resampledmo.dll	10.0.14393.0	Windows Media Resampler
resourcepolicyclient.dll	10.0.14393.0	Resource Policy Client
resutils.dll	10.0.14393.82	Microsoft Cluster Resource Utility DLL
rfxvmt.dll	10.0.14393.0	Microsoft RemoteFX VM Transport
rgb9rast.dll	10.0.14393.0	Microsoft® Windows® Operating System
riched20.dll	5.31.23.1231	Rich Text Edit Control, v3.1
riched32.dll	10.0.14393.0	Wrapper Dll for Richedit 1.0
rmclient.dll	10.0.14393.0	Resource Manager Client
rnr20.dll	10.0.14393.0	Windows Socket2 NameSpace DLL
rometadata.dll	4.6.1586.0	Microsoft MetaData Library
rpchttp.dll	10.0.14393.0	RPC HTTP DLL
rpcns4.dll	10.0.14393.0	Remote Procedure Call Name Service Client
rpcnsh.dll	10.0.14393.0	RPC Netshell Helper
rpcrt4.dll	10.0.14393.82	Remote Procedure Call Runtime
rpcrtremote.dll	10.0.14393.0	Remote RPC Extension
rsaenh.dll	10.0.14393.0	Microsoft Enhanced Cryptographic Provider
rshx32.dll	10.0.14393.0	Security Shell Extension
rstrtmgr.dll	10.0.14393.0	Restart Manager
rtffilt.dll	2008.0.14393.0	RTF Filter
rtm.dll	10.0.14393.0	Routing Table Manager
rtmcodecs.dll	6.0.8959.193	Microsoft Real Time Media Codec Library
rtmediaframe.dll	10.0.14393.206	Windows Runtime MediaFrame DLL
rtmmvrortc.dll	6.0.8959.193	Microsoft Real Time Media ORTC Video Renderer
rtmpal.dll	6.0.8959.193	Microsoft Real Time Media Stack PAL for ORTC
rtmpltfm.dll	6.0.8959.193	Microsoft Real Time Media Stack
rtutils.dll	10.0.14393.0	Routing Utilities
rtworkq.dll	10.0.14393.0	Realtime WorkQueue DLL
samcli.dll	10.0.14393.0	Security Accounts Manager Client DLL
samlib.dll	10.0.14393.82	SAM Library DLL
sas.dll	10.0.14393.0	WinLogon Software SAS Library
sbe.dll	10.0.14393.0	DirectShow Stream Buffer Filter.
sbeio.dll	12.0.14393.0	Stream Buffer IO DLL
sberes.dll	10.0.14393.0	DirectShow Stream Buffer Filter Resouces.
scansetting.dll	10.0.14393.0	Microsoft® Windows(TM) ScanSettings Profile and Scanning implementation
scarddlg.dll	10.0.14393.0	SCardDlg - Smart Card Common Dialog
scecli.dll	10.0.14393.0	Windows Security Configuration Editor Client Engine
scesrv.dll	10.0.14393.0	Windows Security Configuration Editor Engine
schannel.dll	10.0.14393.103	TLS / SSL Security Provider
schedcli.dll	10.0.14393.0	Scheduler Service Client DLL
scksp.dll	10.0.14393.0	Microsoft Smart Card Key Storage Provider
scp32.dll	2.0.330.0	Code Page Translation Library
scripto.dll	6.6.14393.0	Microsoft ScriptO
scrobj.dll	5.812.10240.16384	Windows ® Script Component Runtime
scrptadm.dll	10.0.14393.0	Script Adm Extension
scrrun.dll	5.812.10240.16384	Microsoft ® Script Runtime
sdiageng.dll	10.0.14393.0	Scripted Diagnostics Execution Engine
sdiagprv.dll	10.0.14393.0	Windows Scripted Diagnostic Provider API
sdohlp.dll	10.0.14393.0	NPS SDO Helper Component
search.protocolhandler.mapi2.dll	7.0.14393.206	Microsoft Search Protocol Handler for MAPI2
searchfolder.dll	10.0.14393.0	SearchFolder
sechost.dll	10.0.14393.0	Host for SCM/SDDL/LSA Lookup APIs
secproc.dll	10.0.14393.0	Windows Rights Management Desktop Security Processor
secproc_isv.dll	10.0.14393.0	Windows Rights Management Desktop Security Processor
secproc_ssp.dll	10.0.14393.0	Windows Rights Management Services Server Security Processor
secproc_ssp_isv.dll	10.0.14393.0	Windows Rights Management Services Server Security Processor (Pre-production)
secur32.dll	10.0.14393.0	Security Support Provider Interface
security.dll	10.0.14393.0	Security Support Provider Interface
sendmail.dll	10.0.14393.0	Send Mail
sensapi.dll	10.0.14393.0	SENS Connectivity API DLL
sensorsapi.dll	10.0.14393.0	Sensor API
sensorscpl.dll	10.0.14393.0	Open Location and Other Sensors
sensorsnativeapi.dll	10.0.14393.0	Sensors Native API
sensorsnativeapi.v2.dll	10.0.14393.0	Sensors Native API (V2 stack)
sensorsutilsv2.dll	10.0.14393.0	Sensors v2 Utilities DLL
serialui.dll	10.0.14393.0	Serial Port Property Pages
serwvdrv.dll	10.0.14393.0	Unimodem Serial Wave driver
sessenv.dll	10.0.14393.206	Remote Desktop Configuration service
settingmonitor.dll	10.0.14393.0	Setting Synchronization Change Monitor
settingsync.dll	10.0.14393.187	Setting Synchronization
settingsynccore.dll	10.0.14393.187	Setting Synchronization Core
settingsyncpolicy.dll	10.0.14393.82	SettingSync Policy
setupapi.dll	10.0.14393.0	Windows Setup API
setupcln.dll	10.0.14393.0	Setup Files Cleanup
sfc.dll	10.0.14393.0	Windows File Protection
sfc_os.dll	10.0.14393.0	Windows File Protection
shacct.dll	10.0.14393.0	Shell Accounts Classes
shacctprofile.dll	10.0.14393.0	Shell Accounts Profile Classes
sharehost.dll	10.0.14393.321	ShareHost
shcore.dll	10.0.14393.0	SHCORE
shdocvw.dll	10.0.14393.0	Shell Doc Object and Control Library
shell32.dll	10.0.14393.447	Windows Shell Common Dll
shellcommoncommonproxystub.dll	10.0.14393.0	ShellCommon Common Proxy Stub
shellstyle.dll	10.0.14393.0	Windows Shell Style Resource Dll
shfolder.dll	10.0.14393.0	Shell Folder Service
shgina.dll	10.0.14393.0	Windows Shell User Logon
shimeng.dll	10.0.14393.0	Shim Engine DLL
shimgvw.dll	10.0.14393.0	Photo Gallery Viewer
shlwapi.dll	10.0.14393.0	Shell Light-weight Utility Library
shpafact.dll	10.0.14393.0	Windows Shell LUA/PA Elevation Factory Dll
shsetup.dll	10.0.14393.0	Shell setup helper
shsvcs.dll	10.0.14393.0	Windows Shell Services Dll
shunimpl.dll	10.0.14393.0	Windows Shell Obsolete APIs
shutdownext.dll	10.0.14393.0	Shutdown Graphic User Interface
shwebsvc.dll	10.0.14393.0	Windows Shell Web Services
signdrv.dll	10.0.14393.0	WMI provider for Signed Drivers
simauth.dll	10.0.14393.0	EAP SIM run-time dll
simcfg.dll	10.0.14393.0	EAP SIM config dll
slc.dll	10.0.14393.67	Software Licensing Client Dll
slcext.dll	10.0.14393.67	Software Licensing Client Extension Dll
slwga.dll	10.0.14393.0	Software Licensing WGA API
smartcardcredentialprovider.dll	10.0.14393.0	Windows Smartcard Credential Provider
smartscreenps.dll	10.0.14393.0	SmartScreenPS
smbhelperclass.dll	1.0.0.1	SMB (File Sharing) Helper Class for Network Diagnostic Framework
smphost.dll	10.0.14393.82	Storage Management Provider (SMP) host service
sndvolsso.dll	10.0.14393.351	SCA Volume
snmpapi.dll	10.0.14393.0	SNMP Utility Library
socialapis.dll	10.0.14393.0	DLL for SocialRT
softkbd.dll	10.0.14393.0	Soft Keyboard Server and Tip
softpub.dll	10.0.14393.0	Softpub Forwarder DLL
sortserver2003compat.dll	10.0.14393.0	Sort Version Server 2003
sortwindows61.dll	10.0.14393.0	SortWindows61 Dll
sortwindows6compat.dll	10.0.14393.0	Sort Version Windows 6.0
spbcd.dll	10.0.14393.0	BCD Sysprep Plugin
spfileq.dll	10.0.14393.0	Windows SPFILEQ
spinf.dll	10.0.14393.0	Windows SPINF
spnet.dll	10.0.14393.0	Net Sysprep Plugin
spopk.dll	10.0.14393.0	OPK Sysprep Plugin
spp.dll	10.0.14393.0	Microsoft® Windows Shared Protection Point Library
sppc.dll	10.0.14393.67	Software Licensing Client Dll
sppcext.dll	10.0.14393.206	Software Protection Platform Client Extension Dll
sppinst.dll	10.0.14393.0	SPP CMI Installer Plug-in DLL
sppwmi.dll	10.0.14393.0	Software Protection Platform WMI provider
spwinsat.dll	10.0.14393.0	WinSAT Sysprep Plugin
spwizeng.dll	10.0.14393.0	Setup Wizard Framework
spwizimg.dll	10.0.14393.0	Setup Wizard Framework Resources
spwizres.dll	10.0.14393.0	Setup Wizard Framework Resources
spwmp.dll	12.0.14393.82	Windows Media Player System Preparation DLL
sqlcecompact40.dll	4.0.8275.1	Database Repair Tool (32-bit)
sqlceoledb40.dll	4.0.14393.1	OLEDB Provider (32-bit)
sqlceqp40.dll	4.0.14393.1	Query Processor (32-bit)
sqlcese40.dll	4.0.14393.1	Storage Engine (32-bit)
sqloledb.dll	10.0.14393.0	OLE DB Provider for SQL Server
sqlsrv32.dll	10.0.14393.0	SQL Server ODBC Driver
sqlunirl.dll	2000.80.2039.0	String Function .DLL for SQL Enterprise Components
sqlwid.dll	2000.80.2039.0	Unicode Function .DLL for SQL Enterprise Components
sqlwoa.dll	2000.80.2040.0	Unicode/ANSI Function .DLL for SQL Enterprise Components
sqlxmlx.dll	10.0.14393.0	XML extensions for SQL Server
sqmapi.dll	10.0.14393.0	SQM Client
srchadmin.dll	7.0.14393.0	Indexing Options
srclient.dll	10.0.14393.0	Microsoft® Windows System Restore Client Library
srm.dll	10.0.14393.0	Microsoft® File Server Resource Manager Common Library
srm_ps.dll	10.0.14393.0	Microsoft® FSRM internal proxy/stub
srmclient.dll	10.0.14393.0	Microsoft® File Server Resource Management Client Extensions
srmlib.dll	10.0.14393.0	Microsoft (R) File Server Resource Management Interop Assembly
srmscan.dll	10.0.14393.0	Microsoft® File Server Storage Reports Scan Engine
srmshell.dll	10.0.14393.0	Microsoft® File Server Resource Management Shell Extension
srmstormod.dll	10.0.14393.0	Microsoft® File Server Resource Management Office Parser
srmtrace.dll	10.0.14393.0	Microsoft® File Server Resource Management Tracing Library
srpapi.dll	10.0.14393.0	SRP APIs Dll
srpuxnativesnapin.dll	10.0.14393.0	Application Control Policies Group Policy Editor Extension
srumapi.dll	10.0.14393.0	System Resource Usage Monitor API
srumsvc.dll	10.0.14393.0	System Resource Usage Monitor Service
srvcli.dll	10.0.14393.0	Server Service Client DLL
sscore.dll	10.0.14393.0	Server Service Core DLL
ssdpapi.dll	10.0.14393.0	SSDP Client API DLL
sspicli.dll	10.0.14393.187	Security Support Provider Interface
ssshim.dll	10.0.14393.0	Windows Componentization Platform Servicing API
startupscan.dll	10.0.14393.0	Startup scan task DLL
staterepository.core.dll	10.0.14393.0	StateRepository Core
stclient.dll	2001.12.10941.16384	COM+ Configuration Catalog Client
sti.dll	10.0.14393.0	Still Image Devices client DLL
stobject.dll	10.0.14393.447	Systray shell service object
storage.dll	3.10.0.103	Windows Win16 Application Launcher
storagecontexthandler.dll	10.0.14393.0	Device Center Storage Context Menu Handler
storagewmi.dll	10.0.14393.206	WMI Provider for Storage Management
storagewmi_passthru.dll	10.0.14393.103	WMI PassThru Provider for Storage Management
storeagent.dll	10.0.14393.447	StoreAgent
storprop.dll	10.0.14393.0	Property Pages for Storage Devices
structuredquery.dll	7.0.14393.0	Structured Query
sud.dll	10.0.14393.447	SUD Control Panel
sxproxy.dll	10.0.14393.0	Microsoft® Windows System Protection Proxy Library
sxs.dll	10.0.14393.0	Fusion 2.5
sxshared.dll	10.0.14393.0	Microsoft® Windows SX Shared Library
sxsstore.dll	10.0.14393.0	Sxs Store DLL
synccenter.dll	10.0.14393.0	Microsoft Sync Center
synccontroller.dll	10.0.14393.0	SyncController for managing sync of mail, contacts, calendar
synceng.dll	10.0.14393.0	Windows Briefcase Engine
synchostps.dll	10.0.14393.0	Proxystub for sync host
syncinfrastructure.dll	10.0.14393.0	Microsoft Windows Sync Infrastructure.
syncinfrastructureps.dll	10.0.14393.0	Microsoft Windows sync infrastructure proxy stub.
syncproxy.dll	10.0.14393.0	SyncProxy for RPC communication about sync of mail, contacts, calendar
syncreg.dll	2007.94.14393.0	Microsoft Synchronization Framework Registration
syncres.dll	10.0.14393.0	ActiveSync Resources
syncsettings.dll	10.0.14393.206	Sync Settings
syncui.dll	10.0.14393.0	Windows Briefcase
syncutil.dll	10.0.14393.0	Sync utilities for mail, contacts, calendar
syssetup.dll	10.0.14393.0	Windows NT System Setup
systemcpl.dll	10.0.14393.351	My System CPL
systemeventsbrokerclient.dll	10.0.14393.0	system Events Broker Client Library
t2embed.dll	10.0.14393.0	Microsoft T2Embed Font Embedding
tapi3.dll	10.0.14393.0	Microsoft TAPI3
tapi32.dll	10.0.14393.0	Microsoft® Windows(TM) Telephony API Client DLL
tapimigplugin.dll	10.0.14393.0	Microsoft® Windows(TM) TAPI Migration Plugin Dll
tapiperf.dll	10.0.14393.0	Microsoft® Windows(TM) Telephony Performance Monitor
tapisrv.dll	10.0.14393.0	Microsoft® Windows(TM) Telephony Server
tapisysprep.dll	10.0.14393.0	Microsoft® Windows(TM) Telephony Sysprep Work
tapiui.dll	10.0.14393.0	Microsoft® Windows(TM) Telephony API UI DLL
taskcomp.dll	10.0.14393.0	Task Scheduler Backward Compatibility Plug-in
taskschd.dll	10.0.14393.0	Task Scheduler COM API
taskschdps.dll	10.0.14393.0	Task Scheduler Interfaces Proxy
tbauth.dll	10.0.14393.0	TBAuth protocol handler
tbs.dll	10.0.14393.0	TBS
tcpipcfg.dll	10.0.14393.82	Network Configuration Objects
tcpmib.dll	10.0.14393.0	Standard TCP/IP Port Monitor Helper DLL
tcpmonui.dll	10.0.14393.0	Standard TCP/IP Port Monitor UI DLL
tdh.dll	10.0.14393.206	Event Trace Helper Library
tempsignedlicenseexchangetask.dll	10.0.14393.206	TempSignedLicenseExchangeTask Task
termmgr.dll	10.0.14393.0	Microsoft TAPI3 Terminal Manager
tetheringclient.dll	10.0.14393.0	Tethering Client
textinputframework.dll	10.0.14393.0	"TextInputFramework.DYNLINK"
themecpl.dll	10.0.14393.447	Personalization CPL
themeui.dll	10.0.14393.0	Windows Theme API
threadpoolwinrt.dll	10.0.14393.0	Windows WinRT Threadpool
thumbcache.dll	10.0.14393.0	Microsoft Thumbnail Cache
timedatemuicallback.dll	10.0.14393.0	Time Date Control UI Language Change plugin
tlscsp.dll	10.0.14393.0	Microsoft® Remote Desktop Services Cryptographic Utility
tokenbinding.dll	10.0.14393.0	Token Binding Protocol
tokenbroker.dll	10.0.14393.206	Token Broker
tokenbrokerui.dll	10.0.14393.0	Token Broker UI
tpmcertresources.dll	10.0.14393.0	TpmCertResources
tpmcompc.dll	10.0.14393.0	Computer Chooser Dialog
tpmcoreprovisioning.dll	10.0.14393.206	TPM Core Provisioning Library
tquery.dll	7.0.14393.206	Microsoft Tripoli Query
traffic.dll	10.0.14393.0	Microsoft Traffic Control 1.0 DLL
tsbyuv.dll	10.0.14393.0	Toshiba Video Codec
tsgqec.dll	10.0.14393.0	RD Gateway QEC
tsmf.dll	10.0.14393.206	RDP MF Plugin
tspkg.dll	10.0.14393.447	Web Service Security Package
tsworkspace.dll	10.0.14393.0	RemoteApp and Desktop Connection Component
tvratings.dll	10.0.14393.0	Module for managing TV ratings
twext.dll	10.0.14393.0	Previous Versions property page
twinapi.appcore.dll	10.0.14393.206	twinapi.appcore
twinapi.dll	10.0.14393.447	twinapi
twinui.appcore.dll	10.0.14393.206	TWINUI.APPCORE
twinui.dll	10.0.14393.447	TWINUI
txflog.dll	2001.12.10941.16384	COM+
txfw32.dll	10.0.14393.0	TxF Win32 DLL
typelib.dll	3.10.0.103	Windows Win16 Application Launcher
tzres.dll	10.0.14393.187	Time Zones resource DLL
ucmhc.dll	10.0.14393.0	UCM Helper Class
ucrtbase.dll	10.0.14393.0	Microsoft® C Runtime Library
udhisapi.dll	10.0.14393.0	UPnP Device Host ISAPI Extension
uexfat.dll	10.0.14393.0	eXfat Utility DLL
ufat.dll	10.0.14393.0	FAT Utility DLL
uianimation.dll	10.0.14393.447	Windows Animation Manager
uiautomationcore.dll	7.2.14393.206	Microsoft UI Automation Core
uicom.dll	10.0.14393.0	Add/Remove Modems
uireng.dll	10.0.14393.0	UI Recording Engine Library
uiribbon.dll	10.0.14393.0	Windows Ribbon Framework
uiribbonres.dll	10.0.14393.321	Windows Ribbon Framework Resources
ulib.dll	10.0.14393.0	File Utilities Support DLL
umdmxfrm.dll	10.0.14393.0	Unimodem Tranform Module
unenrollhook.dll	10.0.14393.0	unenrollhook DLL
unimdmat.dll	10.0.14393.0	Unimodem Service Provider AT Mini Driver
uniplat.dll	10.0.14393.0	Unimodem AT Mini Driver Platform Driver for Windows NT
unistore.dll	10.0.14393.0	Unified Store
untfs.dll	10.0.14393.0	NTFS Utility DLL
updatepolicy.dll	10.0.14393.351	Update Policy Reader
upnp.dll	10.0.14393.0	UPnP Control Point API
upnphost.dll	10.0.14393.0	UPnP Device Host
urefs.dll	10.0.14393.206	NTFS Utility DLL
urefsv1.dll	10.0.14393.0	NTFS Utility DLL
ureg.dll	10.0.14393.0	Registry Utility DLL
url.dll	11.0.14393.0	Internet Shortcut Shell Extension DLL
urlmon.dll	11.0.14393.447	OLE32 Extensions for Win32
usbceip.dll	10.0.14393.0	USBCEIP Task
usbperf.dll	10.0.14393.0	USB Performance Objects DLL
usbui.dll	10.0.14393.0	USB UI Dll
user32.dll	10.0.14393.351	Multi-User Windows USER API Client DLL
useraccountcontrolsettings.dll	10.0.14393.0	UserAccountControlSettings
usercpl.dll	10.0.14393.447	User control panel
userdataaccessres.dll	10.0.14393.187	Resource DLL for the UserDataAccess stack
userdataaccountapis.dll	10.0.14393.321	DLL for UserDataAccountsRT
userdatalanguageutil.dll	10.0.14393.187	Language-related helper functions for user data
userdataplatformhelperutil.dll	10.0.14393.187	Platform Utilities for data access
userdatatimeutil.dll	10.0.14393.206	Time-related helper functions for user data
userdatatypehelperutil.dll	10.0.14393.187	Type Utilities for data access
userdeviceregistration.dll	10.0.14393.321	AAD User Device Registration WinRT
userdeviceregistration.ngc.dll	10.0.14393.321	AD/AAD User Device Registration WinRT
userenv.dll	10.0.14393.0	Userenv
userinitext.dll	10.0.14393.0	UserInit Utility Extension DLL
userlanguageprofilecallback.dll	10.0.14393.0	MUI Callback for User Language profile changed
userlanguagescpl.dll	10.0.14393.0	My Languages Configuration Control Panel
usermgrcli.dll	10.0.14393.0	UserMgr API DLL
usermgrproxy.dll	10.0.14393.321	UserMgrProxy
usoapi.dll	10.0.14393.0	Update Session Orchestrator API
usp10.dll	10.0.14393.0	Uniscribe Unicode script processor
ustprov.dll	10.0.14393.0	User State WMI Provider
utildll.dll	10.0.14393.0	WinStation utility support DLL
uudf.dll	10.0.14393.0	UDF Utility DLL
uxinit.dll	10.0.14393.0	Windows User Experience Session Initialization Dll
uxlib.dll	10.0.14393.0	Setup Wizard Framework
uxlibres.dll	10.0.14393.0	UXLib Resources
uxtheme.dll	10.0.14393.0	Microsoft UxTheme Library
van.dll	10.0.14393.0	View Available Networks
vault.dll	10.0.14393.0	Windows vault Control Panel
vaultcli.dll	10.0.14393.0	Credential Vault Client Library
vbajet32.dll	6.0.1.9431	Visual Basic for Applications Development Environment - Expression Service Loader
vbame.dll	2.0.2.5	VBA : Middle East Support
vbscript.dll	5.812.10240.16384	Microsoft ® VBScript
vcamp110.dll	11.0.51106.1	Microsoft® C++ AMP Runtime
vcamp120.dll	12.0.21005.1	Microsoft® C++ AMP Runtime
vcardparser.dll	10.0.14393.187	Supports the parsing of VCard and ICal formatted data
vccorlib110.dll	11.0.51106.1	Microsoft ® VC WinRT core library
vccorlib120.dll	12.0.21005.1	Microsoft ® VC WinRT core library
vcomp100.dll	10.0.40219.325	Microsoft® C/C++ OpenMP Runtime
vcomp110.dll	11.0.51106.1	Microsoft® C/C++ OpenMP Runtime
vcomp120.dll	12.0.21005.1	Microsoft® C/C++ OpenMP Runtime
vdmdbg.dll	10.0.14393.0	VDMDBG.DLL
vds_ps.dll	10.0.14393.0	Microsoft® Virtual Disk Service proxy/stub
vedatalayerhelpers.dll	10.0.14393.0	Visual Element DataLayer Helpers
veeventdispatcher.dll	10.0.14393.0	Visual Element Event dispatcher
verifier.dll	10.0.14393.0	Standard application verifier provider dll
version.dll	10.0.14393.0	Version Checking and File Installation Libraries
vfwwdm32.dll	10.0.14393.0	VfW MM Driver for WDM Video Capture Devices
vidreszr.dll	10.0.14393.0	Windows Media Resizer
virtdisk.dll	10.0.14393.0	Virtual Disk API DLL
voiceactivationmanager.dll	10.0.14393.0	Windows Voice Activation Manager
voiprt.dll	10.0.14393.0	Voip Runtime
vpnikeapi.dll	10.0.14393.0	VPN IKE API's
vscmgrps.dll	10.0.14393.0	Microsoft Virtual Smart Card Manager Proxy/Stub
vss_ps.dll	10.0.14393.0	Microsoft® Volume Shadow Copy Service proxy/stub
vssapi.dll	10.0.14393.0	Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL
vsstrace.dll	10.0.14393.0	Microsoft® Volume Shadow Copy Service Tracing Library
w32topl.dll	10.0.14393.0	Windows NT Topology Maintenance Tool
wab32.dll	10.0.14393.0	Microsoft (R) Contacts DLL
wab32res.dll	10.0.14393.0	Microsoft (R) Contacts DLL
wabsyncprovider.dll	10.0.14393.0	Microsoft Windows Contacts Sync Provider
walletbackgroundserviceproxy.dll	10.0.14393.0	Wallet Background Proxy
walletproxy.dll	10.0.14393.0	Wallet proxy
wavemsp.dll	10.0.14393.0	Microsoft Wave MSP
wbemcomn.dll	10.0.14393.0	WMI
wcmapi.dll	10.0.14393.0	Windows Connection Manager Client API
wcnapi.dll	10.0.14393.0	Windows Connect Now - API Helper DLL
wcnwiz.dll	10.0.14393.0	Windows Connect Now Wizards
wdc.dll	10.0.14393.0	Performance Monitor
wdi.dll	10.0.14393.0	Windows Diagnostic Infrastructure
wdigest.dll	10.0.14393.0	Microsoft Digest Access
wdscore.dll	10.0.14393.0	Panther Engine Module
webcamui.dll	10.0.14393.187	Microsoft® Windows® Operating System
webcheck.dll	11.0.14393.0	Web Site Monitor
webclnt.dll	10.0.14393.0	Web DAV Service DLL
webio.dll	10.0.14393.206	Web Transfer Protocols API
webservices.dll	10.0.14393.0	Windows Web Services Runtime
websocket.dll	10.0.14393.0	Web Socket API
wecapi.dll	10.0.14393.0	Event Collector Configuration API
wer.dll	10.0.14393.447	Windows Error Reporting DLL
werdiagcontroller.dll	10.0.14393.0	WER Diagnostic Controller
weretw.dll	10.0.14393.447	WERETW.DLL
werui.dll	10.0.14393.0	Windows Error Reporting UI DLL
wevtapi.dll	10.0.14393.5	Eventing Consumption and Configuration API
wevtfwd.dll	10.0.14393.0	WS-Management Event Forwarding Plug-in
wfapigp.dll	10.0.14393.0	Windows Firewall GPO Helper dll
wfdprov.dll	10.0.14393.82	Private WPS provisioning API DLL for Wi-Fi Direct
wfhc.dll	10.0.14393.0	Windows Firewall Helper Class
whhelper.dll	10.0.14393.0	Net shell helper DLL for winHttp
wiaaut.dll	10.0.14393.0	WIA Automation Layer
wiadefui.dll	10.0.14393.0	WIA Scanner Default UI
wiadss.dll	10.0.14393.0	WIA TWAIN compatibility layer
wiascanprofiles.dll	10.0.14393.0	Microsoft Windows ScanProfiles
wiashext.dll	10.0.14393.0	Imaging Devices Shell Folder UI
wiatrace.dll	10.0.14393.0	WIA Tracing
wifidisplay.dll	10.0.14393.0	Wi-Fi Display DLL
wimgapi.dll	10.0.14393.0	Windows Imaging Library
win32u.dll	10.0.14393.51	Win32u
winbio.dll	10.0.14393.0	Windows Biometrics Client API
winbioext.dll	10.0.14393.0	Windows Biometrics Client Extension API
winbrand.dll	10.0.14393.0	Windows Branding Resources
wincorlib.dll	10.0.14393.103	Microsoft Windows ® WinRT core library
wincredprovider.dll	10.0.14393.0	wincredprovider DLL
wincredui.dll	10.0.14393.0	Credential Manager User Internal Interface
windows.accountscontrol.dll	10.0.14393.206	Windows Accounts Control
windows.applicationmodel.background.systemeventsbroker.dll	10.0.14393.206	Windows Background System Events Broker API Server
windows.applicationmodel.background.timebroker.dll	10.0.14393.0	Windows Background Time Broker API Server
windows.applicationmodel.core.dll	10.0.14393.206	Windows Application Model Core API
windows.applicationmodel.dll	10.0.14393.206	Windows ApplicationModel API Server
windows.applicationmodel.lockscreen.dll	10.0.14393.447	Windows Lock Application Framework DLL
windows.applicationmodel.store.dll	10.0.14393.321	Windows Store Runtime DLL
windows.applicationmodel.store.testingframework.dll	10.0.14393.82	Windows Store Testing Framework Runtime DLL
windows.applicationmodel.wallet.dll	10.0.14393.321	Windows ApplicationModel Wallet Runtime DLL
windows.cortana.proxystub.dll	10.0.14393.0	Windows.Cortana.ProxyStub
windows.data.pdf.dll	10.0.14393.351	PDF WinRT APIs
windows.devices.alljoyn.dll	10.0.14393.321	Windows.Devices.AllJoyn DLL
windows.devices.background.dll	10.0.14393.0	Windows.Devices.Background
windows.devices.background.ps.dll	10.0.14393.0	Windows.Devices.Background Interface Proxy
windows.devices.bluetooth.dll	10.0.14393.206	Windows.Devices.Bluetooth DLL
windows.devices.custom.dll	10.0.14393.0	Windows.Devices.Custom
windows.devices.custom.ps.dll	10.0.14393.0	Windows.Devices.Custom Interface Proxy
windows.devices.enumeration.dll	10.0.14393.0	Windows.Devices.Enumeration
windows.devices.humaninterfacedevice.dll	10.0.14393.447	Windows.Devices.HumanInterfaceDevice DLL
windows.devices.lights.dll	10.0.14393.0	Windows Runtime Lights DLL
windows.devices.lowlevel.dll	10.0.14393.206	Windows.Devices.LowLevel DLL
windows.devices.midi.dll	10.0.14393.206	Windows Runtime MIDI Device server DLL
windows.devices.perception.dll	10.0.14393.206	Windows Devices Perception API
windows.devices.picker.dll	10.0.14393.206	Device Picker
windows.devices.pointofservice.dll	10.0.14393.206	Windows Runtime PointOfService DLL
windows.devices.portable.dll	10.0.14393.0	Windows Runtime Portable Devices DLL
windows.devices.printers.dll	10.0.14393.0	Windows Runtime Devices Printers DLL
windows.devices.printers.extensions.dll	10.0.14393.0	Windows.Devices.Printers.Extensions
windows.devices.radios.dll	10.0.14393.206	Windows.Devices.Radios DLL
windows.devices.scanners.dll	10.0.14393.206	Windows Runtime Devices Scanners DLL
windows.devices.sensors.dll	10.0.14393.321	Windows Runtime Sensors DLL
windows.devices.serialcommunication.dll	10.0.14393.206	Windows.Devices.SerialCommunication DLL
windows.devices.smartcards.dll	10.0.14393.206	Windows Runtime Smart Card API DLL
windows.devices.usb.dll	10.0.14393.206	Windows Runtime Usb DLL
windows.devices.wifi.dll	10.0.14393.351	Windows.Devices.WiFi DLL
windows.devices.wifidirect.dll	10.0.14393.206	Windows.Devices.WiFiDirect DLL
windows.energy.dll	10.0.14393.206	Windows Energy Runtime DLL
windows.gaming.input.dll	10.0.14393.206	Windows Gaming Input API
windows.gaming.preview.dll	10.0.14393.0	Windows Gaming API Preview
windows.gaming.ui.gamebar.dll	10.0.14393.0	Windows Gaming UI API GameBar
windows.gaming.xboxlive.storage.dll	10.0.14393.206	Xbox Connected Storage WinRT implementation
windows.globalization.dll	10.0.14393.447	Windows Globalization
windows.globalization.fontgroups.dll	10.0.14393.0	Fonts Mapping API
windows.globalization.phonenumberformatting.dll	10.0.14393.0	Windows Libphonenumber OSS component
windows.graphics.dll	10.0.14393.0	WinRT Windows Graphics DLL
windows.graphics.printing.3d.dll	10.0.14393.206	Microsoft Windows Printing Support
windows.graphics.printing.dll	10.0.14393.206	Microsoft Windows Printing Support
windows.internal.bluetooth.dll	10.0.14393.206	Windows.Internal.Bluetooth DLL
windows.internal.management.dll	10.0.14393.206	Windows Managent Service DLL
windows.internal.ui.logon.proxystub.dll	10.0.14393.187	Logon User Experience Proxy Stub
windows.management.lockdown.dll	10.0.14393.0	Windows Runtime Lockdown Management DLL
windows.management.workplace.dll	10.0.14393.0	Windows Runtime MdmPolicy DLL
windows.management.workplace.workplacesettings.dll	10.0.14393.0	Windows Runtime WorkplaceSettings DLL
windows.media.audio.dll	10.0.14393.206	Windows Runtime Window Media Audio server DLL
windows.media.backgroundmediaplayback.dll	10.0.14393.351	Windows Media BackgroundMediaPlayback DLL
windows.media.devices.dll	10.0.14393.0	Windows Runtime media device server DLL
windows.media.dll	10.0.14393.351	Windows Media Runtime DLL
windows.media.editing.dll	10.0.14393.206	Windows Media Editing DLL
windows.media.faceanalysis.dll	10.0.14393.206	Microsoft (R) Face Detection DLL
windows.media.import.dll	10.0.14393.206	Windows Photo Import API (WinRT/COM)
windows.media.mediacontrol.dll	10.0.14393.0	Windows Runtime MediaControl server DLL
windows.media.ocr.dll	10.0.14393.206	Windows OCR Runtime DLL
windows.media.playback.backgroundmediaplayer.dll	10.0.14393.351	Windows Media Playback BackgroundMediaPlayer DLL
windows.media.playback.mediaplayer.dll	10.0.14393.351	Windows Media Playback MediaPlayer DLL
windows.media.playback.proxystub.dll	10.0.14393.0	BackgroundMediaPlayer Proxy Stub DLL
windows.media.protection.playready.dll	10.0.14393.447	Microsoft PlayReady Client Framework Dll
windows.media.speech.dll	10.0.14393.351	Windows Speech Runtime DLL
windows.media.speech.uxres.dll	10.0.14393.67	Windows Media Speech UX Resources DLL
windows.media.streaming.dll	10.0.14393.187	DLNA DLL
windows.media.streaming.ps.dll	10.0.14393.0	DLNA Proxy-Stub DLL
windows.networking.backgroundtransfer.backgroundmanagerpolicy.dll	10.0.14393.0	Background Transfer Background Manager Policy DLL
windows.networking.backgroundtransfer.dll	10.0.14393.321	Windows.Networking.BackgroundTransfer DLL
windows.networking.connectivity.dll	10.0.14393.351	Windows Networking Connectivity Runtime DLL
windows.networking.dll	10.0.14393.351	Windows.Networking DLL
windows.networking.hostname.dll	10.0.14393.321	Windows.Networking.HostName DLL
windows.networking.networkoperators.hotspotauthentication.dll	10.0.14393.0	Microsoft Windows Hotspot Authentication API
windows.networking.proximity.dll	10.0.14393.0	Windows Runtime Proximity API DLL
windows.networking.servicediscovery.dnssd.dll	10.0.14393.321	Windows.Networking.ServiceDiscovery.Dnssd DLL
windows.networking.sockets.pushenabledapplication.dll	10.0.14393.0	Windows.Networking.Sockets.PushEnabledApplication DLL
windows.networking.xboxlive.proxystub.dll	10.0.14393.0	Windows.Networking.XboxLive Proxy Stub Dll
windows.perception.stub.dll
windows.security.authentication.identity.provider.dll	10.0.14393.206	Secondary Factor Authentication Windows Runtime DLL
windows.security.authentication.onlineid.dll	10.0.14393.447	Windows Runtime OnlineId Authentication DLL
windows.security.authentication.web.core.dll	10.0.14393.0	Token Broker WinRT API
windows.security.credentials.ui.credentialpicker.dll	10.0.14393.0	WinRT Credential Picker Server
windows.security.credentials.ui.userconsentverifier.dll	10.0.14393.0	Windows User Consent Verifier API
windows.shell.search.urihandler.dll	10.0.14393.447	Windows Search URI Handler
windows.shell.servicehostbuilder.dll	10.0.14393.0	Windows.Shell.ServiceHostBuilder
windows.speech.pal.dll	10.0.10586.494	Speech Platform Adaptation Layer DLL
windows.staterepository.dll	10.0.14393.321	Windows StateRepository API Server
windows.staterepositorybroker.dll	10.0.14393.0	Windows StateRepository API Broker
windows.staterepositoryclient.dll	10.0.14393.321	Windows StateRepository API Broker
windows.storage.applicationdata.dll	10.0.14393.206	Windows Application Data API Server
windows.storage.compression.dll	5.0.1.1	WinRT Compression
windows.storage.dll	10.0.14393.206	Microsoft WinRT Storage API
windows.storage.search.dll	10.0.14393.0	Windows.Storage.Search
windows.system.diagnostics.dll	10.0.14393.0	Windows System Diagnostics DLL
windows.system.launcher.dll	10.0.14393.0	Windows.System.Launcher
windows.system.profile.hardwareid.dll	10.0.14393.0	Windows System Profile HardwareId DLL
windows.system.profile.platformdiagnosticsandusagedatasettings.dll	10.0.14393.0	Platform Diagnostics and Usage Settings DLL
windows.system.profile.retailinfo.dll	10.0.14393.0	Windows.System.Profile.RetailInfo Runtime DLL
windows.system.profile.systemid.dll	10.0.14393.0	Windows System Profile SystemId DLL
windows.system.profile.systemmanufacturers.dll	10.0.14393.0	Windows.System.Profile.SystemManufacturers
windows.system.remotedesktop.dll	10.0.14393.0	Windows System RemoteDesktop Runtime DLL
windows.system.systemmanagement.dll	10.0.14393.0	Windows Runtime SystemManagement DLL
windows.system.userdeviceassociation.dll	10.0.14393.206	Windows System User Device Association API
windows.ui.biofeedback.dll	10.0.14393.447	Bio Feedback User Experience
windows.ui.blockedshutdown.dll	10.0.14393.447	Blocked Shutdown User Experience
windows.ui.core.textinput.dll	10.0.14393.0	Windows.UI.Core.TextInput dll
windows.ui.cred.dll	10.0.14393.447	Credential Prompt User Experience
windows.ui.creddialogcontroller.dll	10.0.14393.206	Credential UX Dialog Controller
windows.ui.dll	10.0.14393.206	Windows Runtime UI Foundation DLL
windows.ui.immersive.dll	10.0.14393.447	WINDOWS.UI.IMMERSIVE
windows.ui.input.inking.dll	10.0.14393.206	WinRT Windows Inking DLL
windows.ui.logon.dll	10.0.14393.447	Logon User Experience
windows.ui.search.dll	10.0.14393.447	Windows.UI.Search
windows.ui.xaml.dll	10.0.14393.351	Windows.UI.Xaml dll
windows.ui.xaml.inkcontrols.dll	10.0.14393.206	Windows UI XAML InkControls API
windows.ui.xaml.maps.dll	10.0.14393.206	Windows UI XAML Maps API
windows.ui.xaml.phone.dll	10.0.14393.206	Windows UI XAML Phone API
windows.ui.xaml.resources.dll	10.0.14393.351	Windows.UI.Xaml.Resources dll
windows.ui.xamlhost.dll	10.0.14393.0	XAML Host
windows.web.diagnostics.dll	10.0.14393.0	Windows.Web.Diagnostics
windows.web.dll	10.0.14393.321	Web Client DLL
windows.web.http.dll	10.0.14393.321	Windows.Web.Http DLL
windowsaccessbridge-32.dll	8.0.1010.13	Java(TM) Platform SE binary
windowscodecs.dll	10.0.14393.206	Microsoft Windows Codecs Library
windowscodecsext.dll	10.0.14393.0	Microsoft Windows Codecs Extended Library
windowscodecsraw.dll	10.0.14393.0	Microsoft Camera Codec Pack
windowslivelogin.dll	10.0.14393.0	Microsoft® Account Login Helper
winfax.dll	10.0.14393.0	Microsoft Fax API Support DLL
winhttp.dll	10.0.14393.351	Windows HTTP Services
winhttpcom.dll	10.0.14393.0	Windows COM interface for WinHttp
wininet.dll	11.0.14393.447	Internet Extensions for Win32
wininetlui.dll	10.0.14393.447	Provides legacy UI for wininet
wininitext.dll	10.0.14393.0	WinInit Utility Extension DLL
winipcfile.dll	10.0.14393.0	Microsoft Active Directory Rights Management Services File API
winipcsecproc.dll	10.0.14393.0	Microsoft Active Directory Rights Management Services Desktop Security Processor
winipsec.dll	10.0.14393.0	Windows IPsec SPD Client DLL
winlangdb.dll	10.0.14393.0	Windows Bcp47 Language Database
winmde.dll	10.0.14393.351	WinMDE DLL
winmm.dll	10.0.14393.0	MCI API DLL
winmmbase.dll	10.0.14393.0	Base Multimedia Extension API DLL
winmsipc.dll	10.0.14393.0	Microsoft Active Directory Rights Management Services Client
winmsoirmprotector.dll	10.0.14393.0	Windows Office file format IRM Protector
winnlsres.dll	10.0.14393.0	NLSBuild resource DLL
winnsi.dll	10.0.14393.0	Network Store Information RPC interface
winopcirmprotector.dll	10.0.14393.0	Windows Office file format IRM Protector
winrnr.dll	10.0.14393.0	LDAP RnR Provider DLL
winrscmd.dll	10.0.14393.0	remtsvc
winrsmgr.dll	10.0.14393.0	WSMan Shell API
winrssrv.dll	10.0.14393.0	winrssrv
winrttracing.dll	10.0.14393.206	Windows Diagnostics Tracing
winsatapi.dll	10.0.14393.0	Windows System Assessment Tool API
winscard.dll	10.0.14393.0	Microsoft Smart Card API
winshfhc.dll	10.0.14393.0	File Risk Estimation
winsku.dll	10.0.14393.0	Windows SKU Library
winsockhc.dll	10.0.14393.0	Winsock Network Diagnostic Helper Class
winsqlite3.dll	3.12.2.0	SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine.
winsrpc.dll	10.0.14393.0	WINS RPC LIBRARY
winsta.dll	10.0.14393.0	Winstation Library
winsync.dll	2007.94.14393.0	Synchronization Framework
winsyncmetastore.dll	2007.94.14393.0	Windows Synchronization Metadata Store
winsyncproviders.dll	2007.94.14393.0	Windows Synchronization Provider Framework
wintrust.dll	10.0.14393.351	Microsoft Trust Verification APIs
wintypes.dll	10.0.14393.351	Windows Base Types DLL
winusb.dll	10.0.14393.0	Windows USB Driver User Library
wisp.dll	10.0.14393.0	Microsoft Pen and Touch Input Component
wkscli.dll	10.0.14393.0	Workstation Service Client DLL
wkspbrokerax.dll	10.0.14393.0	Microsoft Workspace Broker ActiveX Control
wksprtps.dll	10.0.14393.0	WorkspaceRuntime ProxyStub DLL
wlanapi.dll	10.0.14393.82	Windows WLAN AutoConfig Client Side API DLL
wlancfg.dll	10.0.14393.206	Wlan Netsh Helper DLL
wlanconn.dll	10.0.14393.0	Dot11 Connection Flows
wlandlg.dll	10.0.14393.0	Wireless Lan Dialog Wizards
wlangpui.dll	10.0.14393.0	Wireless Network Policy Management Snap-in
wlanhlp.dll	10.0.14393.82	Windows Wireless LAN 802.11 Client Side Helper API
wlanmm.dll	10.0.14393.0	Dot11 Media and AdHoc Managers
wlanpref.dll	10.0.14393.0	Wireless Preferred Networks
wlanui.dll	10.0.14393.0	Wireless Profile UI
wlanutil.dll	10.0.14393.0	Windows Wireless LAN 802.11 Utility DLL
wldap32.dll	10.0.14393.0	Win32 LDAP API DLL
wldp.dll	10.0.14393.0	Windows Lockdown Policy
wlgpclnt.dll	10.0.14393.0	802.11 Group Policy Client
wlidcli.dll	10.0.14393.0	Microsoft® Account Dynamic Link Library
wlidcredprov.dll	10.0.14393.0	Microsoft® Account Credential Provider
wlidfdp.dll	10.0.14393.0	Microsoft® Account Function Discovery Provider
wlidnsp.dll	10.0.14393.0	Microsoft® Account Namespace Provider
wlidprov.dll	10.0.14393.0	Microsoft® Account Provider
wlidres.dll	10.0.14393.0	Microsoft® Windows Live ID Resource
wls0wndh.dll	10.0.14393.0	Session0 Viewer Window Hook DLL
wmadmod.dll	10.0.14393.0	Windows Media Audio Decoder
wmadmoe.dll	10.0.14393.0	Windows Media Audio 10 Encoder/Transcoder
wmasf.dll	12.0.14393.0	Windows Media ASF DLL
wmcodecdspps.dll	10.0.14393.0	Windows Media CodecDSP Proxy Stub Dll
wmdmlog.dll	12.0.14393.0	Windows Media Device Manager Logger
wmdmps.dll	12.0.14393.0	Windows Media Device Manager Proxy Stub
wmdrmsdk.dll	10.0.14393.0	WMDRM backwards compatibility stub
wmerror.dll	12.0.14393.0	Windows Media Error Definitions (English)
wmi.dll	10.0.14393.0	WMI DC and DP functionality
wmiclnt.dll	10.0.14393.0	WMI Client API
wmidcom.dll	10.0.14393.0	WMI
wmidx.dll	12.0.14393.0	Windows Media Indexer DLL
wmiprop.dll	10.0.14393.0	WDM Provider Dynamic Property Page CoInstaller
wmitomi.dll	10.0.14393.0	CIM Provider Adapter
wmnetmgr.dll	12.0.14393.0	Windows Media Network Plugin Manager DLL
wmp.dll	12.0.14393.447	Windows Media Player
wmpdui.dll	12.0.14393.0	Windows Media Player UI Engine
wmpdxm.dll	12.0.14393.351	Windows Media Player Extension
wmpeffects.dll	12.0.14393.351	Windows Media Player Effects
wmphoto.dll	10.0.14393.0	Windows Media Photo Codec
wmploc.dll	12.0.14393.82	Windows Media Player Resources
wmpmde.dll	12.0.14393.187	WMPMDE DLL
wmpps.dll	12.0.14393.0	Windows Media Player Proxy Stub Dll
wmpshell.dll	12.0.14393.351	Windows Media Player Launcher
wmsgapi.dll	10.0.14393.0	WinLogon IPC Client
wmspdmod.dll	10.0.14393.0	Windows Media Audio Voice Decoder
wmspdmoe.dll	10.0.14393.0	Windows Media Audio Voice Encoder
wmvcore.dll	12.0.14393.0	Windows Media Playback/Authoring DLL
wmvdecod.dll	10.0.14393.0	Windows Media Video Decoder
wmvdspa.dll	10.0.14393.0	Windows Media Video DSP Components - Advanced
wmvencod.dll	10.0.14393.0	Windows Media Video 9 Encoder
wmvsdecd.dll	10.0.14393.0	Windows Media Screen Decoder
wmvsencd.dll	10.0.14393.0	Windows Media Screen Encoder
wmvxencd.dll	10.0.14393.0	Windows Media Video Encoder
wofutil.dll	10.0.14393.0	Windows Overlay File System Filter user mode API
wordbreakers.dll	10.0.14393.0	"WordBreakers.DYNLINK"
workfoldersres.dll	6.2.9200.16384	Work Folders Resources
wow32.dll	10.0.14393.0	Wow32
wpbcreds.dll	10.0.14393.0	WP 8.1 upgrade support utility
wpc.dll	10.0.14393.0	WPC Settings Library
wpcwebfilter.dll	10.0.14393.321	WpcWebFilter.dll
wpdshext.dll	10.0.14393.0	Portable Devices Shell Extension
wpdshserviceobj.dll	10.0.14393.0	Windows Portable Device Shell Service Object
wpdsp.dll	10.0.14393.0	WMDM Service Provider for Windows Portable Devices
wpnapps.dll	10.0.14393.206	Windows Push Notification Apps
wpportinglibrary.dll	10.0.14393.0	<d> DLL
ws2_32.dll	10.0.14393.206	Windows Socket 2.0 32-Bit DLL
ws2help.dll	10.0.14393.0	Windows Socket 2.0 Helper for Windows NT
wscapi.dll	10.0.14393.0	Windows Security Center API
wscinterop.dll	10.0.14393.0	Windows Health Center WSC Interop
wscisvif.dll	10.0.14393.0	Windows Security Center ISV API
wsclient.dll	10.0.14393.0	Windows Store Licensing Client
wscproxystub.dll	10.0.14393.0	Windows Security Center ISV Proxy Stub
wsdapi.dll	10.0.14393.0	Web Services for Devices API DLL
wsdchngr.dll	10.0.14393.0	WSD Challenge Component
wsecedit.dll	10.0.14393.0	Security Configuration UI Module
wshbth.dll	10.0.14393.0	Windows Sockets Helper DLL
wshcon.dll	5.812.10240.16384	Microsoft ® Windows Script Controller
wshelper.dll	10.0.14393.0	Winsock Net shell helper DLL for winsock
wshext.dll	5.812.10240.16384	Microsoft ® Shell Extension for Windows Script Host
wshhyperv.dll	10.0.14393.0	Hyper-V Winsock2 Helper DLL
wship6.dll	10.0.14393.0	Winsock2 Helper DLL (TL/IPv6)
wshirda.dll	10.0.14393.0	Windows Sockets Helper DLL
wshqos.dll	10.0.14393.0	QoS Winsock2 Helper DLL
wshrm.dll	10.0.14393.0	Windows Sockets Helper DLL for PGM
wshtcpip.dll	10.0.14393.0	Winsock2 Helper DLL (TL/IPv4)
wsmagent.dll	10.0.14393.0	WinRM Agent
wsmanmigrationplugin.dll	10.0.14393.0	WinRM Migration Plugin
wsmauto.dll	10.0.14393.0	WSMAN Automation
wsmplpxy.dll	10.0.14393.0	wsmplpxy
wsmres.dll	10.0.14393.0	WSMan Resource DLL
wsmsvc.dll	10.0.14393.351	WSMan Service
wsmwmipl.dll	10.0.14393.0	WSMAN WMI Provider
wsnmp32.dll	10.0.14393.0	Microsoft WinSNMP v2.0 Manager API
wsock32.dll	10.0.14393.0	Windows Socket 32-Bit DLL
wsp_fs.dll	10.0.14393.351	Windows Storage Provider for FileShare management
wsp_health.dll	10.0.14393.351	Windows Storage Provider for Health Agent API
wsp_sr.dll	10.0.14393.206	Windows Storage Provider for Storage Replication management
wtsapi32.dll	10.0.14393.0	Windows Remote Desktop Session Host Server SDK APIs
wuapi.dll	10.0.14393.0	Windows Update Client API
wudriver.dll	10.0.14393.0	Windows Update WUDriver Stub
wups.dll	10.0.14393.0	Windows Update client proxy stub
wvc.dll	1.0.0.1	Windows Visual Components
wwaapi.dll	10.0.14393.206	Microsoft Web Application Host API library
wwaext.dll	10.0.14393.0	Microsoft Web Application Host Extension library
wwanapi.dll	10.0.14393.206	Mbnapi
wwapi.dll	10.0.14393.0	WWAN API
xaudio2_8.dll	10.0.14393.0	XAudio2 Game Audio API
xaudio2_9.dll	10.0.14393.0	XAudio2 Game Audio API
xblauthmanagerproxy.dll	10.0.14393.0	XblAuthManagerProxy
xblauthtokenbrokerext.dll	10.0.14393.0	Xbox Live Token Broker Extension
xblgamesaveproxy.dll	10.0.14393.0	Xbox Live Game Save Service Proxies and Stubs
xinput1_4.dll	10.0.14393.0	Microsoft Common Controller API
xinput9_1_0.dll	10.0.14393.0	XNA Common Controller
xinputuap.dll	10.0.14393.0	Microsoft Common Controller API
xmlfilter.dll	2008.0.14393.0	XML Filter
xmllite.dll	10.0.14393.0	Microsoft XmlLite Library
xmlprovi.dll	10.0.14393.0	Network Provisioning Service Client API
xmlrw.dll	2.0.3609.0	Microsoft XML Slim Library
xmlrwbin.dll	2.0.3609.0	Microsoft XML Slim Library
xolehlp.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator Helper APIs DLL
xpsdocumenttargetprint.dll	10.0.14393.0	XPS DocumentTargetPrint DLL
xpsfilt.dll	10.0.14393.0	XML Paper Specification Document IFilter
xpsgdiconverter.dll	10.0.14393.0	XPS to GDI Converter
xpsprint.dll	10.0.14393.0	XPS Printing DLL
xpsrasterservice.dll	10.0.14393.0	XPS Rasterization Service Component
xpsservices.dll	10.0.14393.0	Xps Object Model in memory creation and deserialization
xpsshhdr.dll	10.0.14393.0	OPC Shell Metadata Handler
xwizards.dll	10.0.14393.0	Extensible Wizards Manager Module
xwreg.dll	10.0.14393.0	Extensible Wizard Registration Manager Module
xwtpdui.dll	10.0.14393.0	Extensible Wizard Type Plugin for DUI
xwtpw32.dll	10.0.14393.0	Extensible Wizard Type Plugin for Win32
zipcontainer.dll	10.0.14393.0	Zip Container DLL
zipfldr.dll	10.0.14393.447	Compressed (zipped) Folders
ztrace_maps.dll	10.0.14393.0	ZTrace Event Resources

Certificates


[ Certificate Authorities / COMODO RSA Domain Validation Secure Server CA ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA384 RSA (1.2.840.113549.1.1.12)
		Serial Number	07 8C 7C A3 DB 6E 8A 14 6C 36 75 D9 EA 6E 2E 2B
		Validity	2/12/2014 - 2/12/2029
		MD5 Hash	83E10465B722EF33FF0B6F535E8D996B
		SHA1 Hash	339CDD57CFD5B141169B615FF31428782D1DA639

	Issuer Properties:
		Common Name	COMODO RSA Certification Authority
		Organization	COMODO CA Limited
		Country	United Kingdom
		Locality Name	Salford
		State/Province	Greater Manchester

	Subject Properties:
		Common Name	COMODO RSA Domain Validation Secure Server CA
		Organization	COMODO CA Limited
		Country	United Kingdom
		Locality Name	Salford
		State/Province	Greater Manchester

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / Microsoft Windows Hardware Compatibility ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	A0 69 FE 8F 9A 3F D1 11 8B 19
		Validity	10/1/1997 - 12/31/2002
		MD5 Hash	09C254BDE4EA50F26D1497F29C51AF6D
		SHA1 Hash	109F1CAED645BB78B3EA2B94C0697C740733031C

	Issuer Properties:
		Common Name	Microsoft Root Authority
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Corporation

	Subject Properties:
		Common Name	Microsoft Windows Hardware Compatibility
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Windows Hardware Compatibility Intermediate CA
		Organizational Unit	Microsoft Corporation

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / Root Agency ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	F4 35 5C AA D4 B8 CF 11 8A 64 00 AA 00 6C 37 06
		Validity	5/29/1996 - 1/1/2040
		MD5 Hash	C0A723F0DA35026B21EDB17597F1D470
		SHA1 Hash	FEE449EE0E3965A5246F000E87FDE2A065FD89D4

	Issuer Properties:
		Common Name	Root Agency

	Subject Properties:
		Common Name	Root Agency

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	8F 07 93 3F 23 98 60 92 0F 2F D0 B4 BA EB FC 46
		Validity	4/17/1997 - 10/25/2016
		MD5 Hash	ACD80EA27BB72CE700DC22724A5F1E92
		SHA1 Hash	D559A586669B08F46A30A133F8A9ED3D038E2EA8

	Issuer Properties:
		Organization	VeriSign, Inc.
		Organizational Unit	Class 3 Public Primary Certification Authority
		Country	United States

	Subject Properties:
		Organization	VeriSign Trust Network
		Organizational Unit	VeriSign, Inc.
		Organizational Unit	VeriSign International Server CA - Class 3

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / AVG Technologies ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	2A C6 47 57 66 A4 DB 8F 00
		Validity	1/15/2017 - 1/13/2027
		MD5 Hash	8A7AEB158F1E0C74FE41B0007B1C63DF
		SHA1 Hash	4CB8EFD6070970B2AF83931524CAD6B8313A2980

	Issuer Properties:
		Common Name	AVG Technologies
		Organization	AVG Technologies cz
		Organizational Unit	Engineering
		Country	Czech Republic
		Locality Name	Brno
		State/Province	Moravia

	Subject Properties:
		Common Name	AVG Technologies
		Organization	AVG Technologies cz
		Organizational Unit	Engineering
		Country	Czech Republic
		Locality Name	Brno
		State/Province	Moravia

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Certum Trusted Network CA ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	C0 44 04
		Validity	10/22/2008 - 12/31/2029
		MD5 Hash	D5E98140C51869FC462C8975620FAA78
		SHA1 Hash	07E032E020B72C3F192F0628A2593A19A70F069E

	Issuer Properties:
		Common Name	Certum Trusted Network CA
		Organization	Unizeto Technologies S.A.
		Organizational Unit	Certum Certification Authority
		Country	Poland

	Subject Properties:
		Common Name	Certum Trusted Network CA
		Organization	Unizeto Technologies S.A.
		Organizational Unit	Certum Certification Authority
		Country	Poland

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Certum ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	20 00 01
		Validity	6/11/2002 - 6/11/2027
		MD5 Hash	2C8F9F661D1890B147269D8E86828CA9
		SHA1 Hash	6252DC40F71143A22FDE9EF7348E064251B18118

	Issuer Properties:
		Common Name	Certum CA
		Organization	Unizeto Sp. z o.o.
		Country	Poland

	Subject Properties:
		Common Name	Certum CA
		Organization	Unizeto Sp. z o.o.
		Country	Poland

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / COMODO SECURE™ ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA384 RSA (1.2.840.113549.1.1.12)
		Serial Number	9D 86 03 5B D8 4E F7 1F E0 6F 63 DB CA F9 AA 4C
		Validity	1/19/2010 - 1/19/2038
		MD5 Hash	1B31B0714036CC143691ADC43EFDEC18
		SHA1 Hash	AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4

	Issuer Properties:
		Common Name	COMODO RSA Certification Authority
		Organization	COMODO CA Limited
		Country	United Kingdom
		Locality Name	Salford
		State/Province	Greater Manchester

	Subject Properties:
		Common Name	COMODO RSA Certification Authority
		Organization	COMODO CA Limited
		Country	United Kingdom
		Locality Name	Salford
		State/Province	Greater Manchester

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DigiCert Baltimore Root ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	B9 00 00 02
		Validity	5/13/2000 - 5/13/2025
		MD5 Hash	ACB694A59C17E0D791529BB19706A6E4
		SHA1 Hash	D4DE20D05E66FC53FE1A50882C78DB2852CAE474

	Issuer Properties:
		Common Name	Baltimore CyberTrust Root
		Organization	Baltimore
		Organizational Unit	CyberTrust
		Country	Ireland

	Subject Properties:
		Common Name	Baltimore CyberTrust Root
		Organization	Baltimore
		Organizational Unit	CyberTrust
		Country	Ireland

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DigiCert Global Root ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	A5 01
		Validity	8/13/1998 - 8/14/2018
		MD5 Hash	CA3DD368F1035CD032FAB82B59E85ADB
		SHA1 Hash	97817950D81C9670CC34D809CF794431367EF474

	Issuer Properties:
		Common Name	GTE CyberTrust Global Root
		Organization	GTE Corporation
		Organizational Unit	GTE CyberTrust Solutions, Inc.
		Country	United States

	Subject Properties:
		Common Name	GTE CyberTrust Global Root
		Organization	GTE Corporation
		Organizational Unit	GTE CyberTrust Solutions, Inc.
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DigiCert ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	39 30 F0 1B FC 60 E5 8F FE 46 D8 17 E5 E0 E7 0C
		Validity	11/10/2006 - 11/10/2031
		MD5 Hash	87CE0B7B2A0E4900E158719B37A89372
		SHA1 Hash	0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

	Issuer Properties:
		Common Name	DigiCert Assured ID Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Subject Properties:
		Common Name	DigiCert Assured ID Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DigiCert ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	4A C7 91 59 C9 6A 75 A1 B1 46 42 90 56 E0 3B 08
		Validity	11/10/2006 - 11/10/2031
		MD5 Hash	79E4A9840D7D3A96D7C04FE2434C892E
		SHA1 Hash	A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436

	Issuer Properties:
		Common Name	DigiCert Global Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Subject Properties:
		Common Name	DigiCert Global Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DigiCert ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	77 25 46 AE F2 79 0B 8F 9B 40 0B 6A 26 5C AC 02
		Validity	11/10/2006 - 11/10/2031
		MD5 Hash	D474DE575C39B2D39C8583C5C065498A
		SHA1 Hash	5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25

	Issuer Properties:
		Common Name	DigiCert High Assurance EV Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Subject Properties:
		Common Name	DigiCert High Assurance EV Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DST Root CA X3 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	6B 40 F8 2E 86 39 30 89 BA 27 A3 D6 80 B0 AF 44
		Validity	10/1/2000 - 9/30/2021
		MD5 Hash	410352DC0FF7501B16F0028EBA6F45C5
		SHA1 Hash	DAC9024F54D8F6DF94935FB1732638CA6AD77C13

	Issuer Properties:
		Common Name	DST Root CA X3
		Organization	Digital Signature Trust Co.

	Subject Properties:
		Common Name	DST Root CA X3
		Organization	Digital Signature Trust Co.

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Entrust (2048) ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	F8 DE 63 38
		Validity	12/25/1999 - 7/24/2029
		MD5 Hash	EE2931BC327E9AE6E8B5F751B4347190
		SHA1 Hash	503006091D97D4F5AE39F7CBE7927D7D652D3431

	Issuer Properties:
		Common Name	Entrust.net Certification Authority (2048)
		Organization	Entrust.net
		Organizational Unit	www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)
		Organizational Unit	(c) 1999 Entrust.net Limited

	Subject Properties:
		Common Name	Entrust.net Certification Authority (2048)
		Organization	Entrust.net
		Organizational Unit	www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)
		Organizational Unit	(c) 1999 Entrust.net Limited

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Entrust.net ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	28 8C 53 4A
		Validity	7/8/2009 - 12/8/2030
		MD5 Hash	4BE2C99196650CF40E5A9392A00AFEB2
		SHA1 Hash	8CF427FD790C3AD166068DE81E57EFBB932272D4

	Issuer Properties:
		Common Name	Entrust Root Certification Authority - G2
		Organization	Entrust, Inc.
		Organizational Unit	See www.entrust.net/legal-terms
		Organizational Unit	(c) 2009 Entrust, Inc. - for authorized use only
		Country	United States

	Subject Properties:
		Common Name	Entrust Root Certification Authority - G2
		Organization	Entrust, Inc.
		Organizational Unit	See www.entrust.net/legal-terms
		Organizational Unit	(c) 2009 Entrust, Inc. - for authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Entrust ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	54 50 6B 45
		Validity	11/28/2006 - 11/28/2026
		MD5 Hash	D6A5C3ED5DDD3E00C13D87921F1D3FE4
		SHA1 Hash	B31EB1B740E36C8402DADC37D44DF5D4674952F9

	Issuer Properties:
		Common Name	Entrust Root Certification Authority
		Organization	Entrust, Inc.
		Organizational Unit	www.entrust.net/CPS is incorporated by reference
		Organizational Unit	(c) 2006 Entrust, Inc.
		Country	United States

	Subject Properties:
		Common Name	Entrust Root Certification Authority
		Organization	Entrust, Inc.
		Organizational Unit	www.entrust.net/CPS is incorporated by reference
		Organizational Unit	(c) 2006 Entrust, Inc.
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GeoTrust Global CA ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	56 34 02
		Validity	5/21/2002 - 5/21/2022
		MD5 Hash	F775AB29FB514EB7775EFF053C998EF5
		SHA1 Hash	DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212

	Issuer Properties:
		Common Name	GeoTrust Global CA
		Organization	GeoTrust Inc.
		Country	United States

	Subject Properties:
		Common Name	GeoTrust Global CA
		Organization	GeoTrust Inc.
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GeoTrust Primary Certification Authority - G3 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	1F 0F 18 C3 A9 27 F6 41 4B 79 B2 19 94 6E AC 15
		Validity	4/2/2008 - 12/2/2037
		MD5 Hash	B5E83436C910445848706D2E83D4B805
		SHA1 Hash	039EEDB80BE7A03C6953893B20D2D9323A4C2AFD

	Issuer Properties:
		Common Name	GeoTrust Primary Certification Authority - G3
		Organization	GeoTrust Inc.
		Organizational Unit	(c) 2008 GeoTrust Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	GeoTrust Primary Certification Authority - G3
		Organization	GeoTrust Inc.
		Organizational Unit	(c) 2008 GeoTrust Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GeoTrust ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	CF F4 DE 35
		Validity	8/22/1998 - 8/22/2018
		MD5 Hash	67CB9DC013248A829BB2171ED11BECD4
		SHA1 Hash	D23209AD23D314232174E40D7F9D62139786633A

	Issuer Properties:
		Organization	Equifax
		Organizational Unit	Equifax Secure Certificate Authority
		Country	United States

	Subject Properties:
		Organization	Equifax
		Organizational Unit	Equifax Secure Certificate Authority
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GeoTrust ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	A1 C4 FA DA AF 6C 63 3A 15 B6 69 FD 6A B5 AC 18
		Validity	11/27/2006 - 7/17/2036
		MD5 Hash	0226C3015E08303743A9D07DCF37E6BF
		SHA1 Hash	323C118E1BF7B8B65254E2E2100DD6029037F096

	Issuer Properties:
		Common Name	GeoTrust Primary Certification Authority
		Organization	GeoTrust Inc.
		Country	United States

	Subject Properties:
		Common Name	GeoTrust Primary Certification Authority
		Organization	GeoTrust Inc.
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GlobalSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	94 C3 5A 4B 15 01 00 00 00 00 04
		Validity	9/1/1998 - 1/28/2028
		MD5 Hash	3E455215095192E1B75D379FB187298A
		SHA1 Hash	B1BC968BD4F49D622AA89A81F2150152A41D829C

	Issuer Properties:
		Common Name	GlobalSign Root CA
		Organization	GlobalSign nv-sa
		Organizational Unit	Root CA
		Country	Belgium

	Subject Properties:
		Common Name	GlobalSign Root CA
		Organization	GlobalSign nv-sa
		Organizational Unit	Root CA
		Country	Belgium

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GlobalSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	0D E6 26 86 0F 01 00 00 00 00 04
		Validity	12/15/2006 - 12/15/2021
		MD5 Hash	9414777E3E5EFD8F30BD41B0CFE7D030
		SHA1 Hash	75E0ABB6138512271C04F85FDDDE38E4B7242EFE

	Issuer Properties:
		Common Name	GlobalSign
		Organization	GlobalSign
		Organizational Unit	GlobalSign Root CA - R2

	Subject Properties:
		Common Name	GlobalSign
		Organization	GlobalSign
		Organizational Unit	GlobalSign Root CA - R2

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GlobalSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	A2 08 53 58 21 01 00 00 00 00 04
		Validity	3/18/2009 - 3/18/2029
		MD5 Hash	C5DFB849CA051355EE2DBA1AC33EB028
		SHA1 Hash	D69B561148F01C77C54578C10926DF5B856976AD

	Issuer Properties:
		Common Name	GlobalSign
		Organization	GlobalSign
		Organizational Unit	GlobalSign Root CA - R3

	Subject Properties:
		Common Name	GlobalSign
		Organization	GlobalSign
		Organizational Unit	GlobalSign Root CA - R3

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Go Daddy Class 2 Certification Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	00
		Validity	6/30/2004 - 6/30/2034
		MD5 Hash	91DE0625ABDAFD32170CBB25172A8467
		SHA1 Hash	2796BAE63F1801E277261BA0D77770028F20EEE4

	Issuer Properties:
		Organization	The Go Daddy Group, Inc.
		Organizational Unit	Go Daddy Class 2 Certification Authority
		Country	United States

	Subject Properties:
		Organization	The Go Daddy Group, Inc.
		Organizational Unit	Go Daddy Class 2 Certification Authority
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Go Daddy Root Certificate Authority – G2 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	00
		Validity	9/1/2009 - 1/1/2038
		MD5 Hash	803ABC22C1E6FB8D9B3B274A321B9A01
		SHA1 Hash	47BEABC922EAE80E78783462A79F45C254FDE68B

	Issuer Properties:
		Common Name	Go Daddy Root Certificate Authority - G2
		Organization	GoDaddy.com, Inc.
		Country	United States
		Locality Name	Scottsdale
		State/Province	Arizona

	Subject Properties:
		Common Name	Go Daddy Root Certificate Authority - G2
		Organization	GoDaddy.com, Inc.
		Country	United States
		Locality Name	Scottsdale
		State/Province	Arizona

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Hotspot 2.0 Trust Root CA - 03 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	B7 ED 01 DE 89 09 B9 E0 33 A4 86 F2 70 0F B3 0C
		Validity	12/8/2013 - 12/8/2043
		MD5 Hash	EB1577B40B3C8BABAE346DD98EAD0780
		SHA1 Hash	51501FBFCE69189D609CFAF140C576755DCC1FDF

	Issuer Properties:
		Common Name	Hotspot 2.0 Trust Root CA - 03
		Organization	WFA Hotspot 2.0
		Country	United States

	Subject Properties:
		Common Name	Hotspot 2.0 Trust Root CA - 03
		Organization	WFA Hotspot 2.0
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Authenticode(tm) Root ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	01
		Validity	1/1/1995 - 1/1/2000
		MD5 Hash	DC6D6FAF897CDD17332FB5BA9035E9CE
		SHA1 Hash	7F88CD7223F3C813818C994614A89C99FA3B5247

	Issuer Properties:
		Common Name	Microsoft Authenticode(tm) Root Authority
		Organization	MSFT
		Country	United States

	Subject Properties:
		Common Name	Microsoft Authenticode(tm) Root Authority
		Organization	MSFT
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	40 DF EC 63 F6 3E D1 11 88 3C 3C 8B 00 C1 00
		Validity	1/10/1997 - 12/31/2020
		MD5 Hash	2A954ECA79B2874573D92D90BAF99FB6
		SHA1 Hash	A43489159A520F0D93D032CCAF37E7FE20A8B419

	Issuer Properties:
		Common Name	Microsoft Root Authority
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Corporation

	Subject Properties:
		Common Name	Microsoft Root Authority
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Corporation

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Certificate Authority 2010 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	AA 39 43 6B 58 9B 9A 44 AC 44 BA BF 25 3A CC 28
		Validity	6/24/2010 - 6/24/2035
		MD5 Hash	A266BB7DCC38A562631361BBF61DD11B
		SHA1 Hash	3B1EFD3A66EA28B16697394703A72CA340A05BD5

	Issuer Properties:
		Common Name	Microsoft Root Certificate Authority 2010
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Subject Properties:
		Common Name	Microsoft Root Certificate Authority 2010
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Certificate Authority 2011 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	44 E1 42 6C D6 69 B5 43 96 B2 9F FC B5 C8 8B 3F
		Validity	3/23/2011 - 3/23/2036
		MD5 Hash	CE0490D5E56C34A5AE0BE98BE581185D
		SHA1 Hash	8F43288AD272F3103B6FB1428485EA3014C0BCFE

	Issuer Properties:
		Common Name	Microsoft Root Certificate Authority 2011
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Subject Properties:
		Common Name	Microsoft Root Certificate Authority 2011
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Certificate Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	65 2E 13 07 F4 58 73 4C AD A5 A0 4A A1 16 AD 79
		Validity	5/10/2001 - 5/10/2021
		MD5 Hash	E1C07EA0AABBD4B77B84C228117808A7
		SHA1 Hash	CDD4EEAE6000AC7F40C3802C171E30148030C072

	Issuer Properties:
		Common Name	Microsoft Root Certificate Authority

	Subject Properties:
		Common Name	Microsoft Root Certificate Authority

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Timestamp Root ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	01
		Validity	5/13/1997 - 12/31/1999
		MD5 Hash	556EBEF54C1D7C0360C43418BC9649C1
		SHA1 Hash	245C97DF7514E7CF2DF8BE72AE957B9E04741E85

	Issuer Properties:
		Organization	Microsoft Trust Network
		Organizational Unit	Microsoft Corporation
		Organizational Unit	Microsoft Time Stamping Service Root

	Subject Properties:
		Organization	Microsoft Trust Network
		Organizational Unit	Microsoft Corporation
		Organizational Unit	Microsoft Time Stamping Service Root

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / NetLock Arany (Class Gold) Fotanúsítvány ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	10 00 E4 2C 41 49
		Validity	12/11/2008 - 12/6/2028
		MD5 Hash	C5A1B7FF73DDD6D7343218DFFC3CAD88
		SHA1 Hash	06083F593F15A104A069A46BA903D006B7970991

	Issuer Properties:
		Common Name	NetLock Arany (Class Gold) Fotanúsítvány
		Organization	NetLock Kft.
		Organizational Unit	Tanúsítványkiadók (Certification Services)
		Country	Hungary
		Locality Name	Budapest

	Subject Properties:
		Common Name	NetLock Arany (Class Gold) Fotanúsítvány
		Organization	NetLock Kft.
		Organizational Unit	Tanúsítványkiadók (Certification Services)
		Country	Hungary
		Locality Name	Budapest

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / SECOM Trust Systems CO LTD ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	00
		Validity	9/30/2003 - 9/30/2023
		MD5 Hash	F1BC636A54E0B527F5CDE71AE34D6E4A
		SHA1 Hash	36B12B49F9819ED74C9EBC380FC6568F5DACB2F7

	Issuer Properties:
		Organization	SECOM Trust.net
		Organizational Unit	Security Communication RootCA1
		Country	Japan

	Subject Properties:
		Organization	SECOM Trust.net
		Organizational Unit	Security Communication RootCA1
		Country	Japan

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Starfield Class 2 Certification Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	00
		Validity	6/30/2004 - 6/30/2034
		MD5 Hash	324A4BBBC863699BBE749AC6DD1D4624
		SHA1 Hash	AD7E1C28B064EF8F6003402014C3D0E3370EB58A

	Issuer Properties:
		Organization	Starfield Technologies, Inc.
		Organizational Unit	Starfield Class 2 Certification Authority
		Country	United States

	Subject Properties:
		Organization	Starfield Technologies, Inc.
		Organizational Unit	Starfield Class 2 Certification Authority
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Starfield Root Certificate Authority – G2 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	00
		Validity	9/1/2009 - 1/1/2038
		MD5 Hash	D63981C6527E9669FCFCCA66ED05F296
		SHA1 Hash	B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E

	Issuer Properties:
		Common Name	Starfield Root Certificate Authority - G2
		Organization	Starfield Technologies, Inc.
		Country	United States
		Locality Name	Scottsdale
		State/Province	Arizona

	Subject Properties:
		Common Name	Starfield Root Certificate Authority - G2
		Organization	Starfield Technologies, Inc.
		Country	United States
		Locality Name	Scottsdale
		State/Province	Arizona

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / StartCom Certification Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	01
		Validity	9/18/2006 - 9/18/2036
		MD5 Hash	224D8F8AFCF735C2BB5734907B8B2216
		SHA1 Hash	3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F

	Issuer Properties:
		Common Name	StartCom Certification Authority
		Organization	StartCom Ltd.
		Organizational Unit	Secure Digital Certificate Signing
		Country	Israel

	Subject Properties:
		Common Name	StartCom Certification Authority
		Organization	StartCom Ltd.
		Organizational Unit	Secure Digital Certificate Signing
		Country	Israel

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Symantec Enterprise Mobile Root for Microsoft ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	CE D8 F4 BD A9 29 66 0F 7B 90 BF 9E 2F 55 6B 0F
		Validity	3/15/2012 - 3/15/2032
		MD5 Hash	71D0A5FF2D59741694BEE37D1E5C860B
		SHA1 Hash	92B46C76E13054E104F230517E6E504D43AB10B5

	Issuer Properties:
		Common Name	Symantec Enterprise Mobile Root for Microsoft
		Organization	Symantec Corporation
		Country	United States

	Subject Properties:
		Common Name	Symantec Enterprise Mobile Root for Microsoft
		Organization	Symantec Corporation
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / thawte Primary Root CA - G3 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	FB 90 F7 2F 4B D6 9A B4 B4 EA A7 46 B7 97 01 60
		Validity	4/2/2008 - 12/2/2037
		MD5 Hash	FB1B5D438A94CD44C676F2434B47E731
		SHA1 Hash	F18B538D1BE903B6A6F056435B171589CAF36BF2

	Issuer Properties:
		Common Name	thawte Primary Root CA - G3
		Organization	thawte, Inc.
		Organizational Unit	Certification Services Division
		Organizational Unit	(c) 2008 thawte, Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	thawte Primary Root CA - G3
		Organization	thawte, Inc.
		Organizational Unit	Certification Services Division
		Organizational Unit	(c) 2008 thawte, Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Thawte Timestamping CA ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	00
		Validity	1/1/1997 - 1/1/2021
		MD5 Hash	7F667A71D3EB6978209A51149D83DA20
		SHA1 Hash	BE36A4562FB2EE05DBB3D32323ADF445084ED656

	Issuer Properties:
		Common Name	Thawte Timestamping CA
		Organization	Thawte
		Organizational Unit	Thawte Certification
		Country	South Africa
		Locality Name	Durbanville
		State/Province	Western Cape

	Subject Properties:
		Common Name	Thawte Timestamping CA
		Organization	Thawte
		Organizational Unit	Thawte Certification
		Country	South Africa
		Locality Name	Durbanville
		State/Province	Western Cape

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / thawte ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	01
		Validity	8/1/1996 - 1/1/2021
		MD5 Hash	069F6979166690021B8C8CA2C3076F3A
		SHA1 Hash	627F8D7827656399D27D7F9044C9FEB3F33EFA9A

	Issuer Properties:
		Common Name	Thawte Premium Server CA
		Organization	Thawte Consulting cc
		Organizational Unit	Certification Services Division
		Country	South Africa
		Locality Name	Cape Town
		State/Province	Western Cape
		E-mail Address	premium-server@thawte.com

	Subject Properties:
		Common Name	Thawte Premium Server CA
		Organization	Thawte Consulting cc
		Organizational Unit	Certification Services Division
		Country	South Africa
		Locality Name	Cape Town
		State/Province	Western Cape
		E-mail Address	premium-server@thawte.com

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / thawte ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	6D 2B DB 37 CE 2F F4 49 EC ED D5 20 57 D5 4E 34
		Validity	11/17/2006 - 7/17/2036
		MD5 Hash	8CCADC0B22CEF5BE72AC411A11A8D812
		SHA1 Hash	91C6D6EE3E8AC86384E548C299295C756C817B81

	Issuer Properties:
		Common Name	thawte Primary Root CA
		Organization	thawte, Inc.
		Organizational Unit	Certification Services Division
		Organizational Unit	(c) 2006 thawte, Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	thawte Primary Root CA
		Organization	thawte, Inc.
		Organizational Unit	Certification Services Division
		Organizational Unit	(c) 2006 thawte, Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / The USERTrust Network™ ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	01
		Validity	5/30/2000 - 5/30/2020
		MD5 Hash	1D3554048578B03F42424DBF20730A3F
		SHA1 Hash	02FAF3E291435468607857694DF5E45B68851868

	Issuer Properties:
		Common Name	AddTrust External CA Root
		Organization	AddTrust AB
		Organizational Unit	AddTrust External TTP Network
		Country	Sweden

	Subject Properties:
		Common Name	AddTrust External CA Root
		Organization	AddTrust AB
		Organizational Unit	AddTrust External TTP Network
		Country	Sweden

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Trustwave ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	AD A0 8F 75 EF 97 D5 4D 9C D5 EA 18 EC 6C 94 50
		Validity	11/2/2004 - 1/1/2035
		MD5 Hash	A10B44B3CA10D8006E9D0FD80F920AD1
		SHA1 Hash	B80186D1EB9C86A54104CF3054F34C52B7E558C6

	Issuer Properties:
		Common Name	XRamp Global Certification Authority
		Organization	XRamp Security Services Inc
		Organizational Unit	www.xrampsecurity.com
		Country	United States

	Subject Properties:
		Common Name	XRamp Global Certification Authority
		Organization	XRamp Security Services Inc
		Organizational Unit	www.xrampsecurity.com
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Trustwave ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	D0 59 18 27 EB F0 7F 42 AD A5 16 08 5C 8E F0 0C
		Validity	11/8/2006 - 1/1/2030
		MD5 Hash	DC32C3A76D2557C768099DEA2DA9A2D1
		SHA1 Hash	8782C6C304353BCFD29692D2593E7D44D934FF11

	Issuer Properties:
		Common Name	SecureTrust CA
		Organization	SecureTrust Corporation
		Country	United States

	Subject Properties:
		Common Name	SecureTrust CA
		Organization	SecureTrust Corporation
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / USERTrust (Code Signing) ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	1B 5F B3 E0 2D 36 D3 11 B4 24 00 50 8B 0C BE 44
		Validity	7/10/1999 - 7/10/2019
		MD5 Hash	A7F2E41606411150306B9CE3B49CB0C9
		SHA1 Hash	E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46

	Issuer Properties:
		Common Name	UTN-USERFirst-Object
		Organization	The USERTRUST Network
		Organizational Unit	http://www.usertrust.com
		Country	United States
		Locality Name	Salt Lake City
		State/Province	UT

	Subject Properties:
		Common Name	UTN-USERFirst-Object
		Organization	The USERTRUST Network
		Organizational Unit	http://www.usertrust.com
		Country	United States
		Locality Name	Salt Lake City
		State/Province	UT

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign Class 3 Public Primary CA ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD2 RSA (1.2.840.113549.1.1.2)
		Serial Number	BF BA CC 03 7B CA 38 B6 34 29 D9 10 1D E4 BA 70
		Validity	1/29/1996 - 8/2/2028
		MD5 Hash	10FC635DF6263E0DF325BE5F79CD6767
		SHA1 Hash	742C3192E607E424EB4549542BE1BBC53E6174E2

	Issuer Properties:
		Organization	VeriSign, Inc.
		Organizational Unit	Class 3 Public Primary Certification Authority
		Country	United States

	Subject Properties:
		Organization	VeriSign, Inc.
		Organizational Unit	Class 3 Public Primary Certification Authority
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign Time Stamping CA ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	A3 DC 5D 15 5F 73 5D A5 1C 59 82 8C 38 D2 19 4A
		Validity	5/12/1997 - 1/8/2004
		MD5 Hash	EBB04F1D3A2E372F1DDA6E27D6B680FA
		SHA1 Hash	18F7C1FCC3090203FD5BAA2F861A754976C8DD25

	Issuer Properties:
		Organization	VeriSign Trust Network
		Organizational Unit	VeriSign, Inc.
		Organizational Unit	VeriSign Time Stamping Service Root
		Organizational Unit	NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.

	Subject Properties:
		Organization	VeriSign Trust Network
		Organizational Unit	VeriSign, Inc.
		Organizational Unit	VeriSign Time Stamping Service Root
		Organizational Unit	NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign Universal Root Certification Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	1D C5 1A 12 E4 BB 0E 03 21 13 B3 21 64 C4 1A 40
		Validity	4/2/2008 - 12/2/2037
		MD5 Hash	8EADB501AA4D81E48C1DD1E114009519
		SHA1 Hash	3679CA35668772304D30A5FB873B0FA77BB70D54

	Issuer Properties:
		Common Name	VeriSign Universal Root Certification Authority
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 2008 VeriSign, Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	VeriSign Universal Root Certification Authority
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 2008 VeriSign, Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	C6 34 89 A7 FB 67 79 10 B7 1E A8 CF 07 FE D9 7D
		Validity	5/18/1998 - 8/2/2028
		MD5 Hash	A2339B4C747873D46CE7C1F38DCB5CE9
		SHA1 Hash	85371CA6E550143DCE2803471BDE3A09E8F8770F

	Issuer Properties:
		Organization	VeriSign, Inc.
		Organizational Unit	Class 3 Public Primary Certification Authority - G2
		Organizational Unit	(c) 1998 VeriSign, Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Organization	VeriSign, Inc.
		Organizational Unit	Class 3 Public Primary Certification Authority - G2
		Organizational Unit	(c) 1998 VeriSign, Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	57 EF 29 71 48 90 EE D5 B9 62 3E A3 49 06 7E 9B 00
		Validity	10/1/1999 - 7/17/2036
		MD5 Hash	CD68B6A7C7C4CE75E01D4F5744619209
		SHA1 Hash	132D0D45534B6997CDB2D5C339E25576609B5CC6

	Issuer Properties:
		Common Name	VeriSign Class 3 Public Primary Certification Authority - G3
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 1999 VeriSign, Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	VeriSign Class 3 Public Primary Certification Authority - G3
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 1999 VeriSign, Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	4A 3B 6B CC CD 58 21 4A BB E8 7D 26 9E D1 DA 18
		Validity	11/8/2006 - 7/17/2036
		MD5 Hash	CB17E431673EE209FE455793F30AFA1C
		SHA1 Hash	4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5

	Issuer Properties:
		Common Name	VeriSign Class 3 Public Primary Certification Authority - G5
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 2006 VeriSign, Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	VeriSign Class 3 Public Primary Certification Authority - G5
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 2006 VeriSign, Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / WoSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	91 C5 C9 3E F3 68 00 56 50 63 94 71 11 D6 68 5E
		Validity	8/8/2009 - 8/8/2039
		MD5 Hash	A1F2F9B5D2C87A74B8F305F1D7E1848D
		SHA1 Hash	B94294BF91EA8FB64BE61097C7FB001359B676CB

	Issuer Properties:
		Common Name	Certification Authority of WoSign
		Organization	WoSign CA Limited
		Country	China

	Subject Properties:
		Common Name	Certification Authority of WoSign
		Organization	WoSign CA Limited
		Country	China

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

UpTime


Current Session:
	Last Shutdown Time	1/17/2017 10:28:13 PM
	Last Boot Time	1/18/2017 3:05:52 PM
	Current Time	1/18/2017 5:58:18 PM
	UpTime	10346 sec (0 days, 2 hours, 52 min, 26 sec)

UpTime Statistics:
	First Boot Time	10/2/2016 2:38:21 PM
	First Shutdown Time	10/2/2016 2:41:48 PM
	Total UpTime	6166979 sec (71 days, 9 hours, 2 min, 59 sec)
	Total DownTime	3176218 sec (36 days, 18 hours, 16 min, 58 sec)
	Longest UpTime	4479209 sec (51 days, 20 hours, 13 min, 29 sec)
	Longest DownTime	386130 sec (4 days, 11 hours, 15 min, 30 sec)
	Total Reboots	25
	System Availability	66.01%

Bluescreen Statistics:
	First Bluescreen Time	1/15/2017 11:09:23 AM
	Last Bluescreen Time	1/15/2017 11:09:23 AM
	Total Bluescreens	1

Information:
	Information	The above statistics are based on System Event Log entries


Share Name	Type	Remark	Local Path
ADMIN$	Folder	Remote Admin	C:\WINDOWS
C$	Folder	Default share	C:\
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
IPC$	IPC	Remote IPC

Account Security


Account Security Properties:
	Computer Role	Primary
	Domain Name	DESKTOP-8V8TQ92
	Primary Domain Controller	Not Specified
	Forced Logoff Time	Disabled
	Min / Max Password Age	0 / 42 days
	Minimum Password Length	0 chars
	Password History Length	Disabled
	Lockout Threshold	Disabled
	Lockout Duration	30 min
	Lockout Observation Window	30 min

Logon


User	Full Name	Logon Server	Logon Domain
Draku		DESKTOP-8V8TQ92	DESKTOP-8V8TQ92
Draku		DESKTOP-8V8TQ92	DESKTOP-8V8TQ92

Users


[ Administrator ]

	User Properties:
		User Name	Administrator
		Full Name	Administrator
		Comment	Built-in account for administering the computer/domain
		Member Of Groups	Administrators
		Logon Count	3
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	Yes
		Locked Out User	No
		Home Folder Required	No
		Password Required	Yes
		Read-Only Password	No
		Password Never Expires	Yes

[ DefaultAccount ]

	User Properties:
		User Name	DefaultAccount
		Full Name	DefaultAccount
		Comment	A user account managed by the system.
		Member Of Groups	System Managed Accounts Group
		Logon Count	0
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	Yes
		Locked Out User	No
		Home Folder Required	No
		Password Required	No
		Read-Only Password	No
		Password Never Expires	Yes

[ Draku ]

	User Properties:
		User Name	Draku
		Full Name	Draku
		Member Of Groups	Administrators; Users
		Logon Count	4
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	No
		Locked Out User	No
		Home Folder Required	No
		Password Required	No
		Read-Only Password	No
		Password Never Expires	Yes

[ Guest ]

	User Properties:
		User Name	Guest
		Full Name	Guest
		Comment	Built-in account for guest access to the computer/domain
		Member Of Groups	Guests
		Logon Count	0
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	Yes
		Locked Out User	No
		Home Folder Required	No
		Password Required	No
		Read-Only Password	Yes
		Password Never Expires	Yes

[ Oscar ]

	User Properties:
		User Name	Oscar
		Full Name	Oscar
		Member Of Groups	Administrators
		Logon Count	104
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	No
		Locked Out User	No
		Home Folder Required	No
		Password Required	No
		Read-Only Password	No
		Password Never Expires	Yes

[ postgres ]

	User Properties:
		User Name	postgres
		Full Name	postgres
		Comment	PostgreSQL service account
		Member Of Groups	Users
		Logon Count	17
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	No
		Locked Out User	No
		Home Folder Required	No
		Password Required	Yes
		Read-Only Password	Yes
		Password Never Expires	Yes

Local Groups


[ Access Control Assistance Operators ]

	Local Group Properties:
		Comment	Members of this group can remotely query authorization attributes and permissions for resources on this computer.

[ Administrators ]

	Local Group Properties:
		Comment	Administrators have complete and unrestricted access to the computer/domain

	Group Members:
		Administrator
		Draku
		Oscar

[ Backup Operators ]

	Local Group Properties:
		Comment	Backup Operators can override security restrictions for the sole purpose of backing up or restoring files

[ Cryptographic Operators ]

	Local Group Properties:
		Comment	Members are authorized to perform cryptographic operations.

[ Distributed COM Users ]

	Local Group Properties:
		Comment	Members are allowed to launch, activate and use Distributed COM objects on this machine.

[ Event Log Readers ]

	Local Group Properties:
		Comment	Members of this group can read event logs from local machine

[ Guests ]

	Local Group Properties:
		Comment	Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted

	Group Members:
		Guest

[ Hyper-V Administrators ]

	Local Group Properties:
		Comment	Members of this group have complete and unrestricted access to all features of Hyper-V.

[ IIS_IUSRS ]

	Local Group Properties:
		Comment	Built-in group used by Internet Information Services.

	Group Members:
		IUSR

[ Network Configuration Operators ]

	Local Group Properties:
		Comment	Members in this group can have some administrative privileges to manage configuration of networking features

[ Performance Log Users ]

	Local Group Properties:
		Comment	Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer

[ Performance Monitor Users ]

	Local Group Properties:
		Comment	Members of this group can access performance counter data locally and remotely

[ Power Users ]

	Local Group Properties:
		Comment	Power Users are included for backwards compatibility and possess limited administrative powers

[ Remote Desktop Users ]

	Local Group Properties:
		Comment	Members in this group are granted the right to logon remotely

[ Remote Management Users ]

	Local Group Properties:
		Comment	Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.

[ Replicator ]

	Local Group Properties:
		Comment	Supports file replication in a domain

[ System Managed Accounts Group ]

	Local Group Properties:
		Comment	Members of this group are managed by the system.

	Group Members:
		DefaultAccount

[ Users ]

	Local Group Properties:
		Comment	Users are prevented from making accidental or intentional system-wide changes and can run most applications

	Group Members:
		Authenticated Users
		Draku
		INTERACTIVE
		postgres	postgres

Global Groups


[ None ]

	Global Group Properties:
		Comment	Ordinary users

	Group Members:
		Administrator
		DefaultAccount
		Draku
		Guest
		Oscar
		postgres	postgres

Windows Video


[ AMD Radeon HD 7700 Series ]

	Video Adapter Properties:
		Device Description	AMD Radeon HD 7700 Series
		Adapter String	AMD Radeon HD 7700 Series
		BIOS String	113-C4450100-X00
		Chip Type	AMD Radeon Graphics Processor (0x683F)
		DAC Type	Internal DAC(400MHz)
		Driver Date	9/16/2016
		Driver Version	21.19.137.1
		Driver Provider	Advanced Micro Devices, Inc.
		Memory Size	1 GB

	Installed Drivers:
		aticfx64	8.17.10.1484
		aticfx64	8.17.10.1484
		aticfx64	8.17.10.1484
		amdxc64
		aticfx32	8.17.10.1484
		aticfx32	8.17.10.1484
		aticfx32	8.17.10.1484
		amdxc32
		atiumd64
		atidxx64	8.17.10.0690
		atidxx64	8.17.10.0690
		atiumdag
		atidxx32	8.17.10.0690
		atidxx32	8.17.10.0690
		atiumdva
		atiumd6a
		atitmm64

	Video Adapter Manufacturer:
		Company Name	Advanced Micro Devices, Inc.
		Product Information	http://www.amd.com/en-us/products/graphics/desktop
		Driver Download	http://sites.amd.com/us/game/downloads
		Driver Update	http://www.aida64.com/driver-updates

[ AMD Radeon HD 7700 Series ]

	Video Adapter Properties:
		Device Description	AMD Radeon HD 7700 Series
		Adapter String	AMD Radeon HD 7700 Series
		BIOS String	113-C4450100-X00
		Chip Type	AMD Radeon Graphics Processor (0x683F)
		DAC Type	Internal DAC(400MHz)
		Driver Date	9/16/2016
		Driver Version	21.19.137.1
		Driver Provider	Advanced Micro Devices, Inc.
		Memory Size	1 GB

	Installed Drivers:
		aticfx64	8.17.10.1484
		aticfx64	8.17.10.1484
		aticfx64	8.17.10.1484
		amdxc64
		aticfx32	8.17.10.1484
		aticfx32	8.17.10.1484
		aticfx32	8.17.10.1484
		amdxc32
		atiumd64
		atidxx64	8.17.10.0690
		atidxx64	8.17.10.0690
		atiumdag
		atidxx32	8.17.10.0690
		atidxx32	8.17.10.0690
		atiumdva
		atiumd6a
		atitmm64

	Video Adapter Manufacturer:
		Company Name	Advanced Micro Devices, Inc.
		Product Information	http://www.amd.com/en-us/products/graphics/desktop
		Driver Download	http://sites.amd.com/us/game/downloads
		Driver Update	http://www.aida64.com/driver-updates

[ AMD Radeon HD 7700 Series ]

	Video Adapter Properties:
		Device Description	AMD Radeon HD 7700 Series
		Adapter String	AMD Radeon HD 7700 Series
		BIOS String	113-C4450100-X00
		Chip Type	AMD Radeon Graphics Processor (0x683F)
		DAC Type	Internal DAC(400MHz)
		Driver Date	9/16/2016
		Driver Version	21.19.137.1
		Driver Provider	Advanced Micro Devices, Inc.
		Memory Size	1 GB

	Installed Drivers:
		aticfx64	8.17.10.1484
		aticfx64	8.17.10.1484
		aticfx64	8.17.10.1484
		amdxc64
		aticfx32	8.17.10.1484
		aticfx32	8.17.10.1484
		aticfx32	8.17.10.1484
		amdxc32
		atiumd64
		atidxx64	8.17.10.0690
		atidxx64	8.17.10.0690
		atiumdag
		atidxx32	8.17.10.0690
		atidxx32	8.17.10.0690
		atiumdva
		atiumd6a
		atitmm64

	Video Adapter Manufacturer:
		Company Name	Advanced Micro Devices, Inc.
		Product Information	http://www.amd.com/en-us/products/graphics/desktop
		Driver Download	http://sites.amd.com/us/game/downloads
		Driver Update	http://www.aida64.com/driver-updates

[ AMD Radeon HD 7700 Series ]

	Video Adapter Properties:
		Device Description	AMD Radeon HD 7700 Series
		Adapter String	AMD Radeon HD 7700 Series
		BIOS String	113-C4450100-X00
		Chip Type	AMD Radeon Graphics Processor (0x683F)
		DAC Type	Internal DAC(400MHz)
		Driver Date	9/16/2016
		Driver Version	21.19.137.1
		Driver Provider	Advanced Micro Devices, Inc.
		Memory Size	1 GB

	Installed Drivers:
		aticfx64	8.17.10.1484
		aticfx64	8.17.10.1484
		aticfx64	8.17.10.1484
		amdxc64
		aticfx32	8.17.10.1484
		aticfx32	8.17.10.1484
		aticfx32	8.17.10.1484
		amdxc32
		atiumd64
		atidxx64	8.17.10.0690
		atidxx64	8.17.10.0690
		atiumdag
		atidxx32	8.17.10.0690
		atidxx32	8.17.10.0690
		atiumdva
		atiumd6a
		atitmm64

	Video Adapter Manufacturer:
		Company Name	Advanced Micro Devices, Inc.
		Product Information	http://www.amd.com/en-us/products/graphics/desktop
		Driver Download	http://sites.amd.com/us/game/downloads
		Driver Update	http://www.aida64.com/driver-updates

[ AMD Radeon HD 7700 Series ]

	Video Adapter Properties:
		Device Description	AMD Radeon HD 7700 Series
		Adapter String	AMD Radeon HD 7700 Series
		BIOS String	113-C4450100-X00
		Chip Type	AMD Radeon Graphics Processor (0x683F)
		DAC Type	Internal DAC(400MHz)
		Driver Date	9/16/2016
		Driver Version	21.19.137.1
		Driver Provider	Advanced Micro Devices, Inc.
		Memory Size	1 GB

	Installed Drivers:
		aticfx64	8.17.10.1484
		aticfx64	8.17.10.1484
		aticfx64	8.17.10.1484
		amdxc64
		aticfx32	8.17.10.1484
		aticfx32	8.17.10.1484
		aticfx32	8.17.10.1484
		amdxc32
		atiumd64
		atidxx64	8.17.10.0690
		atidxx64	8.17.10.0690
		atiumdag
		atidxx32	8.17.10.0690
		atidxx32	8.17.10.0690
		atiumdva
		atiumd6a
		atitmm64

	Video Adapter Manufacturer:
		Company Name	Advanced Micro Devices, Inc.
		Product Information	http://www.amd.com/en-us/products/graphics/desktop
		Driver Download	http://sites.amd.com/us/game/downloads
		Driver Update	http://www.aida64.com/driver-updates

[ AMD Radeon HD 7700 Series ]

	Video Adapter Properties:
		Device Description	AMD Radeon HD 7700 Series
		Adapter String	AMD Radeon HD 7700 Series
		BIOS String	113-C4450100-X00
		Chip Type	AMD Radeon Graphics Processor (0x683F)
		DAC Type	Internal DAC(400MHz)
		Driver Date	9/16/2016
		Driver Version	21.19.137.1
		Driver Provider	Advanced Micro Devices, Inc.
		Memory Size	1 GB

	Installed Drivers:
		aticfx64	8.17.10.1484
		aticfx64	8.17.10.1484
		aticfx64	8.17.10.1484
		amdxc64
		aticfx32	8.17.10.1484
		aticfx32	8.17.10.1484
		aticfx32	8.17.10.1484
		amdxc32
		atiumd64
		atidxx64	8.17.10.0690
		atidxx64	8.17.10.0690
		atiumdag
		atidxx32	8.17.10.0690
		atidxx32	8.17.10.0690
		atiumdva
		atiumd6a
		atitmm64

	Video Adapter Manufacturer:
		Company Name	Advanced Micro Devices, Inc.
		Product Information	http://www.amd.com/en-us/products/graphics/desktop
		Driver Download	http://sites.amd.com/us/game/downloads
		Driver Update	http://www.aida64.com/driver-updates

PCI / AGP Video


		Device Description	Device Type
		AMD Radeon HD 7750 (Cape Verde)	Video Adapter
		AMD Radeon HD 7750 (Cape Verde)	3D Accelerator

GPU


[ PCI Express 3.0 x16: MSI R7750 (MS-V279) ]

	Graphics Processor Properties:
		Video Adapter	MSI R7750 (MS-V279)
		BIOS Version	015.021.000.000.000777
		BIOS Date	5/28/2012
		GPU Code Name	Cape Verde Pro
		Part Number	113-C4450100-X00
		PCI Device	1002-683F / 1462-2792 (Rev 00)
		Transistors	1500 million
		Process Technology	28 nm
		Die Size	123 mm2
		ASIC Quality	73.0%
		Bus Type	PCI Express 3.0 x16 @ 1.1 x16
		Memory Size	1 GB
		GPU Clock	300 MHz (original: 830 MHz)
		RAMDAC Clock	400 MHz
		Pixel Pipelines	16
		Texture Mapping Units	32
		Unified Shaders	512 (v5.1)
		DirectX Hardware Support	DirectX v11.2
		PowerControl	0%
		WDDM Version	WDDM 2.1

	Memory Bus Properties:
		Bus Type	GDDR5 (Hynix)
		Bus Width	128-bit
		Real Clock	150 MHz (QDR) (original: 1125 MHz)
		Effective Clock	600 MHz
		Bandwidth	[ TRIAL VERSION ]

	Architecture:
		Architecture	AMD GCN
		Compute Units (CU)	8
		SIMD Per Compute Unit	4
		SIMD Width	16
		SIMD Instruction Width	1
		L1 Instruction Cache	32 KB per CU-Quad
		L1 Vector Data Cache	16 KB per CU
		L1 Scalar Data Cache	16 KB per CU-Quad
		L2 Cache	512 KB
		Local Data Share	64 KB
		Global Data Share	64 KB

	Theoretical Peak Performance:
		Pixel Fillrate	4800 MPixel/s @ 300 MHz
		Texel Fillrate	[ TRIAL VERSION ]
		Single-Precision FLOPS	307.2 GFLOPS @ 300 MHz
		Double-Precision FLOPS	[ TRIAL VERSION ]
		24-bit Integer IOPS	307.2 GIOPS @ 300 MHz
		32-bit Integer IOPS	61.4 GIOPS @ 300 MHz

	Utilization:
		GPU	50%
		Dedicated Memory	197 MB
		Dynamic Memory	51 MB

	ATI PowerPlay (BIOS):
		State #1	GPU: 800 MHz, Memory: 1125 MHz (Boot)
		State #2	GPU: 830 MHz, Memory: 1125 MHz
		State #3	GPU: 830 MHz, Memory: 1125 MHz (UVD)
		State #4	GPU: 300 MHz, Memory: 150 MHz

	Graphics Processor Manufacturer:
		Company Name	Advanced Micro Devices, Inc.
		Product Information	http://www.amd.com/en-us/products/graphics/desktop
		Driver Download	http://sites.amd.com/us/game/downloads
		Driver Update	http://www.aida64.com/driver-updates

	ATI GPU Registers:
		ati-$0174	00002EB0
		ati-$0600	80400000
		ati-$0604	00000001
		ati-$0608	100B1C71
		ati-$061C	01F42000
		ati-$0624	00000000
		ati-$0628	0000FF14
		ati-$062C	00000700
		ati-$0660	00000001
		ati-$0664	00510009
		ati-$0668	00FF7F02
		ati-$0704	00006C00
		ati-$0710	01500101
		ati-$0714	00003A1E
		ati-$0758	401B2F87
		ati-$0760	003F003F
		ati-$0774	00000000
		ati-$0780	00800403
		ati-$078C	00000000
		ati-$0794	00001B4A
		ati-$0798	08000000
		ati-$07FC	00006978
		ati-$0874	00000000
		ati-$1600	11030302
		ati-$2004	00002210
		ati-$2408	000F007F
		ati-$25B8	00000001
		ati-$2760	0000025A
		ati-$29F8	FFFFFFFF
		ati-$29FC	FFFFFFFF
		ati-$2A00	500036A9
		ati-$2A04	20100112
		ati-$2BA0	010000C3
		ati-$2BA4	002581F4
		ati-$2BB0	0D002910
		ati-$2BB4	C4180800
		ati-$2BB8	005871C1
		ati-$2BBC	00000004
		ati-$2BC0	00000002
		ati-$2BC4	00000012
		ati-$2BCC	0000007E
		ati-$2BD0	000001C2
		ati-$5428	00000400
		ati-$802C	00000000
		ati-$89BC	FFE10001 [SE0 SH0]
		ati-$89C0	00010000 [SE0 SH0]
		ati-$89BC	FFE10001 [SE0 SH1]
		ati-$89C0	00010000 [SE0 SH1]
		ati-$89BC	00000000 [SE1 SH0]
		ati-$89C0	00000000 [SE1 SH0]
		ati-$89BC	00000000 [SE1 SH1]
		ati-$89C0	00000000 [SE1 SH1]
		ati-$98F0	00000000
		ati-$98F4	00000000
		ati-$98F8	00000000
		ati-$98FC	00000000
		ati-$9B7C	00000000

Monitor


[ LG UltraWide (HDMI) ]

	Monitor Properties:
		Monitor Name	LG UltraWide (HDMI)
		Monitor ID	GSM59F1
		Model	LG ULTRAWIDE
		Manufacture Date	Week 11 / 2016
		Serial Number	2611277909
		Max. Visible Display Size	798 mm x 334 mm (34.1")
		Picture Aspect Ratio	21:9
		Horizontal Frequency	30 - 90 kHz
		Vertical Frequency	56 - 75 Hz
		Maximum Pixel Clock	240 MHz
		Maximum Resolution	2560 x 1080
		Pixel Density	82 ppi
		Gamma	2.20
		DPMS Mode Support	Standby, Suspend, Active-Off

	Supported Video Modes:
		640 x 480	60 Hz
		640 x 480	75 Hz
		720 x 400	70 Hz
		800 x 600	60 Hz
		800 x 600	75 Hz
		1024 x 768	60 Hz
		1024 x 768	75 Hz
		1152 x 864	75 Hz
		1152 x 870	75 Hz
		1280 x 720	60 Hz
		1280 x 1024	60 Hz
		1280 x 1024	75 Hz
		1600 x 900	60 Hz
		1680 x 1050	60 Hz
		1920 x 1080	Pixel Clock: 148.50 MHz
		2560 x 1080	Pixel Clock: 185.58 MHz

	Monitor Manufacturer:
		Company Name	LG Electronics
		Product Information	http://www.lg.com/us/monitors
		Driver Download	http://www.lg.com/us/support
		Driver Update	http://www.aida64.com/driver-updates

Desktop


Desktop Properties:
	Device Technology	Raster Display
	Resolution	2560 x 1080
	Color Depth	32-bit
	Color Planes	1
	Font Resolution	96 dpi
	Pixel Width / Height	36 / 36
	Pixel Diagonal	51
	Vertical Refresh Rate	60 Hz
	Desktop Wallpaper	C:\Users\Draku\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{5c01a758-254b-4cd7-acf6-0c7ea5f834c4}.jpg

Desktop Effects:
	Combo-Box Animation	Enabled
	Drop Shadow Effect	Enabled
	Flat Menu Effect	Enabled
	Font Smoothing	Enabled
	ClearType	Enabled
	Full Window Dragging	Enabled
	Gradient Window Title Bars	Enabled
	Hide Menu Access Keys	Enabled
	Hot Tracking Effect	Enabled
	Icon Title Wrapping	Enabled
	List-Box Smooth Scrolling	Enabled
	Menu Animation	Enabled
	Menu Fade Effect	Enabled
	Minimize/Restore Animation	Enabled
	Mouse Cursor Shadow	Disabled
	Selection Fade Effect	Enabled
	ShowSounds Accessibility Feature	Disabled
	ToolTip Animation	Enabled
	ToolTip Fade Effect	Enabled
	Windows Aero	Enabled
	Windows Plus! Extension	Disabled

Multi-Monitor


Device ID	Primary	Upper Left Corner	Bottom Right Corner
\\.\DISPLAY1	Yes	(0,0)	(2560,1080)

Video Modes


Resolution	Color Depth	Refresh Rate
640 x 480	32-bit	59 Hz
640 x 480	32-bit	60 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
720 x 480	32-bit	59 Hz
720 x 480	32-bit	60 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
720 x 576	32-bit	60 Hz
720 x 576	32-bit	60 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
800 x 600	32-bit	60 Hz
800 x 600	32-bit	75 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
1024 x 768	32-bit	75 Hz
1152 x 648	32-bit	50 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
1152 x 648	32-bit	60 Hz
1152 x 864	32-bit	60 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
1152 x 864	32-bit	60 Hz
1152 x 864	32-bit	75 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
1280 x 720	32-bit	59 Hz
1280 x 720	32-bit	60 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
1280 x 768	32-bit	60 Hz
1280 x 768	32-bit	60 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
1280 x 768	32-bit	75 Hz
1280 x 768	32-bit	75 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
1280 x 960	32-bit	60 Hz
1280 x 960	32-bit	60 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
1280 x 960	32-bit	75 Hz
1280 x 960	32-bit	75 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
1280 x 1024	32-bit	75 Hz
1600 x 900	32-bit	60 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
1776 x 1000	32-bit	25 Hz
1776 x 1000	32-bit	29 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
1776 x 1000	32-bit	30 Hz
1776 x 1000	32-bit	30 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
1776 x 1000	32-bit	59 Hz
1776 x 1000	32-bit	60 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
1920 x 1080	32-bit	29 Hz
1920 x 1080	32-bit	29 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
1920 x 1080	32-bit	30 Hz
1920 x 1080	32-bit	50 Hz
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
1920 x 1080	32-bit	60 Hz
2560 x 1080	32-bit	60 Hz

OpenGL


OpenGL Properties:
	Vendor	ATI Technologies Inc.
	Renderer	AMD Radeon HD 7700 Series
	Version	4.5.14008 Compatibility Profile Context 21.19.137.1
	Shading Language Version	4.50
	OpenGL DLL	10.0.14393.0(rs1_release.160715-1616)
	Multitexture Texture Units	8
	Occlusion Query Counter Bits	32
	Sub-Pixel Precision	8-bit
	Max Viewport Size	16384 x 16384
	Max Cube Map Texture Size	16384 x 16384
	Max Rectangle Texture Size	16384 x 16384
	Max 3D Texture Size	2048 x 2048 x 2048
	Max Anisotropy	16
	Max Clipping Planes	8
	Max Display-List Nesting Level	64
	Max Draw Buffers	8
	Max Evaluator Order	40
	Max Light Sources	8
	Max Pixel Map Table Size	256
	Min / Max Program Texel Offset	-8 / 7
	Max Texture Array Layers	2048
	Max Texture LOD Bias	16

OpenGL Compliancy:
	OpenGL 1.1	Yes (100%)
	OpenGL 1.2	Yes (100%)
	OpenGL 1.3	Yes (100%)
	OpenGL 1.4	Yes (100%)
	OpenGL 1.5	Yes (100%)
	OpenGL 2.0	Yes (100%)
	OpenGL 2.1	Yes (100%)
	OpenGL 3.0	Yes (100%)
	OpenGL 3.1	Yes (100%)
	OpenGL 3.2	Yes (100%)
	OpenGL 3.3	Yes (100%)
	OpenGL 4.0	Yes (100%)
	OpenGL 4.1	Yes (100%)
	OpenGL 4.2	Yes (100%)
	OpenGL 4.3	Yes (100%)
	OpenGL 4.4	Yes (100%)
	OpenGL 4.5	Yes (100%)

Max Stack Depth:
	Attribute Stack	16
	Client Attribute Stack	16
	Modelview Matrix Stack	32
	Name Stack	64
	Projection Matrix Stack	10
	Texture Matrix Stack	10

Draw Range Elements:
	Max Index Count	2147483647
	Max Vertex Count	2147483647

Transform Feedback:
	Max Interleaved Components	128
	Max Separate Attributes	4
	Max Separate Components	4

Framebuffer Object:
	Max Color Attachments	8
	Max Render Buffer Size	16384 x 16384

Imaging:
	Max Color Matrix Stack Depth	10
	Max Convolution Width / Height	11 / 11

Vertex Shader:
	Max Uniform Vertex Components	16384
	Max Varying Floats	128
	Max Vertex Texture Image Units	32
	Max Combined Texture Image Units	192

Geometry Shader:
	Max Geometry Texture Units	32
	Max Varying Components	128
	Max Geometry Varying Components	128
	Max Vertex Varying Components	128
	Max Geometry Uniform Components	16384
	Max Geometry Output Vertices	1023
	Max Geometry Total Output Components	4095

Fragment Shader:
	Max Uniform Fragment Components	16384
	Max Fragment Registers	6
	Max Fragment Constants	8
	Max Passes	2
	Max Instructions Per Pass	8
	Max Total Instructions	16
	Max Input Interpolator Components	3
	Max Loopback Components	3

Vertex Program:
	Max Local Parameters	256
	Max Environment Parameters	256
	Max Program Matrices	32
	Max Program Matrix Stack Depth	32
	Max Vertex Attributes	29
	Max Instructions	2147483647
	Max Native Instructions	2147483647
	Max Temporaries	320
	Max Native Temporaries	256
	Max Parameters	256
	Max Native Parameters	256
	Max Attributes	29
	Max Native Attributes	32
	Max Address Registers	1
	Max Native Address Registers	1

Fragment Program:
	Max Local Parameters	256
	Max Environment Parameters	256
	Max Texture Coordinates	16
	Max Texture Image Units	32
	Max Instructions	2147483647
	Max Native Instructions	2147483647
	Max Temporaries	320
	Max Native Temporaries	256
	Max Parameters	256
	Max Native Parameters	256
	Max Attributes	29
	Max Native Attributes	16
	Max Address Registers	0
	Max Native Address Registers	0
	Max ALU Instructions	2147483647
	Max Native ALU Instructions	2147483647
	Max Texture Instructions	2147483647
	Max Native Texture Instructions	2147483647
	Max Texture Indirections	2147483647
	Max Native Texture Indirections	2147483647

OpenGL Extensions:
	Total / Supported Extensions	1037 / 307
	GL_3DFX_multisample	Not Supported
	GL_3DFX_tbuffer	Not Supported
	GL_3DFX_texture_compression_FXT1	Not Supported
	GL_3DL_direct_texture_access2	Not Supported
	GL_3Dlabs_multisample_transparency_id	Not Supported
	GL_3Dlabs_multisample_transparency_range	Not Supported
	GL_AMD_blend_minmax_factor	Supported
	GL_AMD_compressed_3DC_texture	Not Supported
	GL_AMD_compressed_ATC_texture	Not Supported
	GL_AMD_conservative_depth	Supported
	GL_AMD_debug_output	Supported
	GL_AMD_depth_clamp_separate	Supported
	GL_AMD_draw_buffers_blend	Supported
	GL_AMD_framebuffer_sample_positions	Supported
	GL_AMD_gcn_shader	Supported
	GL_AMD_gpu_shader_half_float	Not Supported
	GL_AMD_gpu_shader_half_float2	Not Supported
	GL_AMD_gpu_shader_int64	Supported
	GL_AMD_interleaved_elements	Supported
	GL_AMD_multi_draw_indirect	Supported
	GL_AMD_name_gen_delete	Supported
	GL_AMD_occlusion_query_event	Not Supported
	GL_AMD_performance_monitor	Supported
	GL_AMD_pinned_memory	Supported
	GL_AMD_program_binary_Z400	Not Supported
	GL_AMD_query_buffer_object	Supported
	GL_AMD_sample_positions	Supported
	GL_AMD_seamless_cubemap_per_texture	Supported
	GL_AMD_shader_atomic_counter_ops	Supported
	GL_AMD_shader_stencil_export	Supported
	GL_AMD_shader_stencil_value_export	Supported
	GL_AMD_shader_trace	Not Supported
	GL_AMD_shader_trinary_minmax	Supported
	GL_AMD_sparse_texture	Supported
	GL_AMD_sparse_texture_pool	Not Supported
	GL_AMD_stencil_operation_extended	Supported
	GL_AMD_texture_compression_dxt6	Not Supported
	GL_AMD_texture_compression_dxt7	Not Supported
	GL_AMD_texture_cube_map_array	Supported
	GL_AMD_texture_texture4	Supported
	GL_AMD_texture_tile_pool	Not Supported
	GL_AMD_transform_feedback3_lines_triangles	Supported
	GL_AMD_transform_feedback4	Supported
	GL_AMD_vertex_shader_layer	Supported
	GL_AMD_vertex_shader_tessellator	Not Supported
	GL_AMD_vertex_shader_viewport_index	Supported
	GL_AMDX_debug_output	Supported
	GL_AMDX_name_gen_delete	Not Supported
	GL_AMDX_random_access_target	Not Supported
	GL_AMDX_vertex_shader_tessellator	Not Supported
	GL_ANDROID_extension_pack_es31a	Not Supported
	GL_ANGLE_depth_texture	Not Supported
	GL_ANGLE_framebuffer_blit	Not Supported
	GL_ANGLE_framebuffer_multisample	Not Supported
	GL_ANGLE_instanced_arrays	Not Supported
	GL_ANGLE_pack_reverse_row_order	Not Supported
	GL_ANGLE_program_binary	Not Supported
	GL_ANGLE_texture_compression_dxt1	Not Supported
	GL_ANGLE_texture_compression_dxt3	Not Supported
	GL_ANGLE_texture_compression_dxt5	Not Supported
	GL_ANGLE_texture_usage	Not Supported
	GL_ANGLE_translated_shader_source	Not Supported
	GL_APPLE_aux_depth_stencil	Not Supported
	GL_APPLE_client_storage	Not Supported
	GL_APPLE_copy_texture_levels	Not Supported
	GL_APPLE_element_array	Not Supported
	GL_APPLE_fence	Not Supported
	GL_APPLE_float_pixels	Not Supported
	GL_APPLE_flush_buffer_range	Not Supported
	GL_APPLE_flush_render	Not Supported
	GL_APPLE_framebuffer_multisample	Not Supported
	GL_APPLE_object_purgeable	Not Supported
	GL_APPLE_packed_pixel	Not Supported
	GL_APPLE_packed_pixels	Not Supported
	GL_APPLE_pixel_buffer	Not Supported
	GL_APPLE_rgb_422	Not Supported
	GL_APPLE_row_bytes	Not Supported
	GL_APPLE_specular_vector	Not Supported
	GL_APPLE_sync	Not Supported
	GL_APPLE_texture_2D_limited_npot	Not Supported
	GL_APPLE_texture_format_BGRA8888	Not Supported
	GL_APPLE_texture_max_level	Not Supported
	GL_APPLE_texture_range	Not Supported
	GL_APPLE_transform_hint	Not Supported
	GL_APPLE_vertex_array_object	Not Supported
	GL_APPLE_vertex_array_range	Not Supported
	GL_APPLE_vertex_point_size	Not Supported
	GL_APPLE_vertex_program_evaluators	Not Supported
	GL_APPLE_ycbcr_422	Not Supported
	GL_ARB_arrays_of_arrays	Supported
	GL_ARB_base_instance	Supported
	GL_ARB_bindless_texture	Supported
	GL_ARB_blend_func_extended	Supported
	GL_ARB_buffer_storage	Supported
	GL_ARB_cl_event	Not Supported
	GL_ARB_clear_buffer_object	Supported
	GL_ARB_clear_texture	Supported
	GL_ARB_clip_control	Supported
	GL_ARB_color_buffer_float	Supported
	GL_ARB_compatibility	Supported
	GL_ARB_compressed_texture_pixel_storage	Supported
	GL_ARB_compute_shader	Supported
	GL_ARB_compute_variable_group_size	Not Supported
	GL_ARB_conditional_render_inverted	Supported
	GL_ARB_conservative_depth	Supported
	GL_ARB_context_flush_control	Not Supported
	GL_ARB_copy_buffer	Supported
	GL_ARB_copy_image	Supported
	GL_ARB_cull_distance	Supported
	GL_ARB_debug_group	Not Supported
	GL_ARB_debug_label	Not Supported
	GL_ARB_debug_output	Supported
	GL_ARB_debug_output2	Not Supported
	GL_ARB_depth_buffer_float	Supported
	GL_ARB_depth_clamp	Supported
	GL_ARB_depth_texture	Supported
	GL_ARB_derivative_control	Supported
	GL_ARB_direct_state_access	Supported
	GL_ARB_draw_buffers	Supported
	GL_ARB_draw_buffers_blend	Supported
	GL_ARB_draw_elements_base_vertex	Supported
	GL_ARB_draw_indirect	Supported
	GL_ARB_draw_instanced	Supported
	GL_ARB_enhanced_layouts	Supported
	GL_ARB_ES2_compatibility	Supported
	GL_ARB_ES3_1_compatibility	Supported
	GL_ARB_ES3_2_compatibility	Not Supported
	GL_ARB_ES3_compatibility	Supported
	GL_ARB_explicit_attrib_location	Supported
	GL_ARB_explicit_uniform_location	Supported
	GL_ARB_fragment_coord_conventions	Supported
	GL_ARB_fragment_layer_viewport	Supported
	GL_ARB_fragment_program	Supported
	GL_ARB_fragment_program_shadow	Supported
	GL_ARB_fragment_shader	Supported
	GL_ARB_fragment_shader_interlock	Not Supported
	GL_ARB_framebuffer_no_attachments	Supported
	GL_ARB_framebuffer_object	Supported
	GL_ARB_framebuffer_sRGB	Supported
	GL_ARB_geometry_shader4	Supported
	GL_ARB_get_program_binary	Supported
	GL_ARB_get_texture_sub_image	Supported
	GL_ARB_gl_spirv	Not Supported
	GL_ARB_gpu_shader_fp64	Supported
	GL_ARB_gpu_shader_int64	Not Supported
	GL_ARB_gpu_shader5	Supported
	GL_ARB_half_float_pixel	Supported
	GL_ARB_half_float_vertex	Supported
	GL_ARB_imaging	Supported
	GL_ARB_indirect_parameters	Supported
	GL_ARB_instanced_arrays	Supported
	GL_ARB_internalformat_query	Supported
	GL_ARB_internalformat_query2	Supported
	GL_ARB_invalidate_subdata	Supported
	GL_ARB_make_current_read	Not Supported
	GL_ARB_map_buffer_alignment	Supported
	GL_ARB_map_buffer_range	Supported
	GL_ARB_matrix_palette	Not Supported
	GL_ARB_multi_bind	Supported
	GL_ARB_multi_draw_indirect	Supported
	GL_ARB_multisample	Supported
	GL_ARB_multitexture	Supported
	GL_ARB_occlusion_query	Supported
	GL_ARB_occlusion_query2	Supported
	GL_ARB_parallel_shader_compile	Not Supported
	GL_ARB_pipeline_statistics_query	Supported
	GL_ARB_pixel_buffer_object	Supported
	GL_ARB_point_parameters	Supported
	GL_ARB_point_sprite	Supported
	GL_ARB_post_depth_coverage	Not Supported
	GL_ARB_program_interface_query	Supported
	GL_ARB_provoking_vertex	Supported
	GL_ARB_query_buffer_object	Supported
	GL_ARB_robust_buffer_access_behavior	Supported
	GL_ARB_robustness	Not Supported
	GL_ARB_robustness_isolation	Not Supported
	GL_ARB_sample_locations	Not Supported
	GL_ARB_sample_shading	Supported
	GL_ARB_sampler_objects	Supported
	GL_ARB_seamless_cube_map	Supported
	GL_ARB_seamless_cubemap_per_texture	Supported
	GL_ARB_separate_shader_objects	Supported
	GL_ARB_shader_atomic_counter_ops	Not Supported
	GL_ARB_shader_atomic_counters	Supported
	GL_ARB_shader_ballot	Supported
	GL_ARB_shader_bit_encoding	Supported
	GL_ARB_shader_clock	Not Supported
	GL_ARB_shader_draw_parameters	Supported
	GL_ARB_shader_group_vote	Supported
	GL_ARB_shader_image_load_store	Supported
	GL_ARB_shader_image_size	Supported
	GL_ARB_shader_objects	Supported
	GL_ARB_shader_precision	Supported
	GL_ARB_shader_stencil_export	Supported
	GL_ARB_shader_storage_buffer_object	Supported
	GL_ARB_shader_subroutine	Supported
	GL_ARB_shader_texture_image_samples	Supported
	GL_ARB_shader_texture_lod	Supported
	GL_ARB_shader_viewport_layer_array	Not Supported
	GL_ARB_shading_language_100	Supported
	GL_ARB_shading_language_120	Not Supported
	GL_ARB_shading_language_420pack	Supported
	GL_ARB_shading_language_include	Not Supported
	GL_ARB_shading_language_packing	Supported
	GL_ARB_shadow	Supported
	GL_ARB_shadow_ambient	Supported
	GL_ARB_sparse_buffer	Supported
	GL_ARB_sparse_texture	Supported
	GL_ARB_sparse_texture_clamp	Not Supported
	GL_ARB_sparse_texture2	Not Supported
	GL_ARB_stencil_texturing	Supported
	GL_ARB_swap_buffers	Not Supported
	GL_ARB_sync	Supported
	GL_ARB_tessellation_shader	Supported
	GL_ARB_texture_barrier	Supported
	GL_ARB_texture_border_clamp	Supported
	GL_ARB_texture_buffer_object	Supported
	GL_ARB_texture_buffer_object_rgb32	Supported
	GL_ARB_texture_buffer_range	Supported
	GL_ARB_texture_compression	Supported
	GL_ARB_texture_compression_bptc	Supported
	GL_ARB_texture_compression_rgtc	Supported
	GL_ARB_texture_compression_rtgc	Not Supported
	GL_ARB_texture_cube_map	Supported
	GL_ARB_texture_cube_map_array	Supported
	GL_ARB_texture_env_add	Supported
	GL_ARB_texture_env_combine	Supported
	GL_ARB_texture_env_crossbar	Supported
	GL_ARB_texture_env_dot3	Supported
	GL_ARB_texture_filter_minmax	Not Supported
	GL_ARB_texture_float	Supported
	GL_ARB_texture_gather	Supported
	GL_ARB_texture_mirror_clamp_to_edge	Supported
	GL_ARB_texture_mirrored_repeat	Supported
	GL_ARB_texture_multisample	Supported
	GL_ARB_texture_non_power_of_two	Supported
	GL_ARB_texture_query_levels	Supported
	GL_ARB_texture_query_lod	Supported
	GL_ARB_texture_rectangle	Supported
	GL_ARB_texture_rg	Supported
	GL_ARB_texture_rgb10_a2ui	Supported
	GL_ARB_texture_snorm	Supported
	GL_ARB_texture_stencil8	Supported
	GL_ARB_texture_storage	Supported
	GL_ARB_texture_storage_multisample	Supported
	GL_ARB_texture_swizzle	Supported
	GL_ARB_texture_view	Supported
	GL_ARB_timer_query	Supported
	GL_ARB_transform_feedback_instanced	Supported
	GL_ARB_transform_feedback_overflow_query	Supported
	GL_ARB_transform_feedback2	Supported
	GL_ARB_transform_feedback3	Supported
	GL_ARB_transpose_matrix	Supported
	GL_ARB_uber_buffers	Not Supported
	GL_ARB_uber_mem_image	Not Supported
	GL_ARB_uber_vertex_array	Not Supported
	GL_ARB_uniform_buffer_object	Supported
	GL_ARB_vertex_array_bgra	Supported
	GL_ARB_vertex_array_object	Supported
	GL_ARB_vertex_attrib_64bit	Supported
	GL_ARB_vertex_attrib_binding	Supported
	GL_ARB_vertex_blend	Not Supported
	GL_ARB_vertex_buffer_object	Supported
	GL_ARB_vertex_program	Supported
	GL_ARB_vertex_shader	Supported
	GL_ARB_vertex_type_10f_11f_11f_rev	Supported
	GL_ARB_vertex_type_2_10_10_10_rev	Supported
	GL_ARB_viewport_array	Supported
	GL_ARB_window_pos	Supported
	GL_ARM_mali_program_binary	Not Supported
	GL_ARM_mali_shader_binary	Not Supported
	GL_ARM_rgba8	Not Supported
	GL_ARM_shader_framebuffer_fetch	Not Supported
	GL_ARM_shader_framebuffer_fetch_depth_stencil	Not Supported
	GL_ATI_array_rev_comps_in_4_bytes	Not Supported
	GL_ATI_blend_equation_separate	Not Supported
	GL_ATI_blend_weighted_minmax	Not Supported
	GL_ATI_draw_buffers	Supported
	GL_ATI_element_array	Not Supported
	GL_ATI_envmap_bumpmap	Supported
	GL_ATI_fragment_shader	Supported
	GL_ATI_lock_texture	Not Supported
	GL_ATI_map_object_buffer	Not Supported
	GL_ATI_meminfo	Not Supported
	GL_ATI_pixel_format_float	Not Supported
	GL_ATI_pn_triangles	Not Supported
	GL_ATI_point_cull_mode	Not Supported
	GL_ATI_separate_stencil	Supported
	GL_ATI_shader_texture_lod	Not Supported
	GL_ATI_text_fragment_shader	Not Supported
	GL_ATI_texture_compression_3dc	Supported
	GL_ATI_texture_env_combine3	Supported
	GL_ATI_texture_float	Supported
	GL_ATI_texture_mirror_once	Supported
	GL_ATI_vertex_array_object	Not Supported
	GL_ATI_vertex_attrib_array_object	Not Supported
	GL_ATI_vertex_blend	Not Supported
	GL_ATI_vertex_shader	Not Supported
	GL_ATI_vertex_streams	Not Supported
	GL_ATIX_pn_triangles	Not Supported
	GL_ATIX_texture_env_combine3	Not Supported
	GL_ATIX_texture_env_route	Not Supported
	GL_ATIX_vertex_shader_output_point_size	Not Supported
	GL_Autodesk_facet_normal	Not Supported
	GL_Autodesk_valid_back_buffer_hint	Not Supported
	GL_CR_bounding_box	Not Supported
	GL_CR_cursor_position	Not Supported
	GL_CR_head_spu_name	Not Supported
	GL_CR_performance_info	Not Supported
	GL_CR_print_string	Not Supported
	GL_CR_readback_barrier_size	Not Supported
	GL_CR_saveframe	Not Supported
	GL_CR_server_id_sharing	Not Supported
	GL_CR_server_matrix	Not Supported
	GL_CR_state_parameter	Not Supported
	GL_CR_synchronization	Not Supported
	GL_CR_tile_info	Not Supported
	GL_CR_tilesort_info	Not Supported
	GL_CR_window_size	Not Supported
	GL_DIMD_YUV	Not Supported
	GL_DMP_shader_binary	Not Supported
	GL_EXT_422_pixels	Not Supported
	GL_EXT_abgr	Supported
	GL_EXT_bgra	Supported
	GL_EXT_bindable_uniform	Supported
	GL_EXT_blend_color	Supported
	GL_EXT_blend_equation_separate	Supported
	GL_EXT_blend_func_separate	Supported
	GL_EXT_blend_logic_op	Not Supported
	GL_EXT_blend_minmax	Supported
	GL_EXT_blend_subtract	Supported
	GL_EXT_Cg_shader	Not Supported
	GL_EXT_clip_control	Not Supported
	GL_EXT_clip_volume_hint	Not Supported
	GL_EXT_cmyka	Not Supported
	GL_EXT_color_buffer_float	Not Supported
	GL_EXT_color_buffer_half_float	Not Supported
	GL_EXT_color_matrix	Not Supported
	GL_EXT_color_subtable	Not Supported
	GL_EXT_color_table	Not Supported
	GL_EXT_compiled_vertex_array	Supported
	GL_EXT_convolution	Not Supported
	GL_EXT_convolution_border_modes	Not Supported
	GL_EXT_coordinate_frame	Not Supported
	GL_EXT_copy_buffer	Supported
	GL_EXT_copy_image	Not Supported
	GL_EXT_copy_texture	Supported
	GL_EXT_cull_vertex	Not Supported
	GL_EXT_debug_label	Not Supported
	GL_EXT_debug_marker	Not Supported
	GL_EXT_depth_bounds_test	Supported
	GL_EXT_depth_buffer_float	Not Supported
	GL_EXT_direct_state_access	Supported
	GL_EXT_discard_framebuffer	Not Supported
	GL_EXT_disjoint_timer_query	Not Supported
	GL_EXT_draw_buffers	Not Supported
	GL_EXT_draw_buffers_indexed	Not Supported
	GL_EXT_draw_buffers2	Supported
	GL_EXT_draw_indirect	Not Supported
	GL_EXT_draw_instanced	Supported
	GL_EXT_draw_range_elements	Supported
	GL_EXT_fog_coord	Supported
	GL_EXT_fog_function	Not Supported
	GL_EXT_fog_offset	Not Supported
	GL_EXT_frag_depth	Not Supported
	GL_EXT_fragment_lighting	Not Supported
	GL_EXT_framebuffer_blit	Supported
	GL_EXT_framebuffer_multisample	Supported
	GL_EXT_framebuffer_multisample_blit_scaled	Not Supported
	GL_EXT_framebuffer_object	Supported
	GL_EXT_framebuffer_sRGB	Supported
	GL_EXT_generate_mipmap	Not Supported
	GL_EXT_geometry_point_size	Not Supported
	GL_EXT_geometry_shader	Not Supported
	GL_EXT_geometry_shader4	Supported
	GL_EXT_glx_stereo_tree	Not Supported
	GL_EXT_gpu_program_parameters	Supported
	GL_EXT_gpu_shader_fp64	Not Supported
	GL_EXT_gpu_shader4	Supported
	GL_EXT_gpu_shader5	Not Supported
	GL_EXT_histogram	Supported
	GL_EXT_import_sync_object	Not Supported
	GL_EXT_index_array_formats	Not Supported
	GL_EXT_index_func	Not Supported
	GL_EXT_index_material	Not Supported
	GL_EXT_index_texture	Not Supported
	GL_EXT_instanced_arrays	Not Supported
	GL_EXT_interlace	Not Supported
	GL_EXT_light_texture	Not Supported
	GL_EXT_map_buffer_range	Not Supported
	GL_EXT_misc_attribute	Not Supported
	GL_EXT_multi_draw_arrays	Supported
	GL_EXT_multisample	Not Supported
	GL_EXT_multisampled_render_to_texture	Not Supported
	GL_EXT_multiview_draw_buffers	Not Supported
	GL_EXT_occlusion_query_boolean	Not Supported
	GL_EXT_packed_depth_stencil	Supported
	GL_EXT_packed_float	Supported
	GL_EXT_packed_pixels	Supported
	GL_EXT_packed_pixels_12	Not Supported
	GL_EXT_paletted_texture	Not Supported
	GL_EXT_pixel_buffer_object	Supported
	GL_EXT_pixel_format	Not Supported
	GL_EXT_pixel_texture	Not Supported
	GL_EXT_pixel_transform	Not Supported
	GL_EXT_pixel_transform_color_table	Not Supported
	GL_EXT_point_parameters	Supported
	GL_EXT_polygon_offset	Not Supported
	GL_EXT_polygon_offset_clamp	Supported
	GL_EXT_post_depth_coverage	Not Supported
	GL_EXT_primitive_bounding_box	Not Supported
	GL_EXT_provoking_vertex	Supported
	GL_EXT_pvrtc_sRGB	Not Supported
	GL_EXT_raster_multisample	Not Supported
	GL_EXT_read_format_bgra	Not Supported
	GL_EXT_rescale_normal	Supported
	GL_EXT_robustness	Not Supported
	GL_EXT_scene_marker	Not Supported
	GL_EXT_secondary_color	Supported
	GL_EXT_separate_shader_objects	Not Supported
	GL_EXT_separate_specular_color	Supported
	GL_EXT_shader_atomic_counters	Not Supported
	GL_EXT_shader_framebuffer_fetch	Not Supported
	GL_EXT_shader_image_load_formatted	Not Supported
	GL_EXT_shader_image_load_store	Supported
	GL_EXT_shader_implicit_conversions	Not Supported
	GL_EXT_shader_integer_mix	Supported
	GL_EXT_shader_io_blocks	Not Supported
	GL_EXT_shader_pixel_local_storage	Not Supported
	GL_EXT_shader_subroutine	Not Supported
	GL_EXT_shader_texture_lod	Not Supported
	GL_EXT_shadow_funcs	Supported
	GL_EXT_shadow_samplers	Not Supported
	GL_EXT_shared_texture_palette	Not Supported
	GL_EXT_sparse_texture2	Not Supported
	GL_EXT_sRGB	Not Supported
	GL_EXT_sRGB_write_control	Not Supported
	GL_EXT_static_vertex_array	Not Supported
	GL_EXT_stencil_clear_tag	Not Supported
	GL_EXT_stencil_two_side	Not Supported
	GL_EXT_stencil_wrap	Supported
	GL_EXT_subtexture	Supported
	GL_EXT_swap_control	Not Supported
	GL_EXT_tessellation_point_size	Not Supported
	GL_EXT_tessellation_shader	Not Supported
	GL_EXT_texgen_reflection	Supported
	GL_EXT_texture	Not Supported
	GL_EXT_texture_array	Supported
	GL_EXT_texture_border_clamp	Not Supported
	GL_EXT_texture_buffer	Not Supported
	GL_EXT_texture_buffer_object	Supported
	GL_EXT_texture_buffer_object_rgb32	Not Supported
	GL_EXT_texture_color_table	Not Supported
	GL_EXT_texture_compression_bptc	Supported
	GL_EXT_texture_compression_dxt1	Not Supported
	GL_EXT_texture_compression_latc	Supported
	GL_EXT_texture_compression_rgtc	Supported
	GL_EXT_texture_compression_s3tc	Supported
	GL_EXT_texture_cube_map	Supported
	GL_EXT_texture_cube_map_array	Not Supported
	GL_EXT_texture_edge_clamp	Supported
	GL_EXT_texture_env	Not Supported
	GL_EXT_texture_env_add	Supported
	GL_EXT_texture_env_combine	Supported
	GL_EXT_texture_env_dot3	Supported
	GL_EXT_texture_filter_anisotropic	Supported
	GL_EXT_texture_filter_minmax	Not Supported
	GL_EXT_texture_format_BGRA8888	Not Supported
	GL_EXT_texture_integer	Supported
	GL_EXT_texture_lod	Supported
	GL_EXT_texture_lod_bias	Supported
	GL_EXT_texture_mirror_clamp	Supported
	GL_EXT_texture_object	Supported
	GL_EXT_texture_perturb_normal	Not Supported
	GL_EXT_texture_rectangle	Supported
	GL_EXT_texture_rg	Not Supported
	GL_EXT_texture_shared_exponent	Supported
	GL_EXT_texture_snorm	Supported
	GL_EXT_texture_sRGB	Supported
	GL_EXT_texture_sRGB_decode	Supported
	GL_EXT_texture_storage	Supported
	GL_EXT_texture_swizzle	Supported
	GL_EXT_texture_type_2_10_10_10_REV	Not Supported
	GL_EXT_texture_view	Not Supported
	GL_EXT_texture3D	Supported
	GL_EXT_texture4D	Not Supported
	GL_EXT_timer_query	Supported
	GL_EXT_transform_feedback	Supported
	GL_EXT_transform_feedback2	Not Supported
	GL_EXT_transform_feedback3	Not Supported
	GL_EXT_unpack_subimage	Not Supported
	GL_EXT_vertex_array	Supported
	GL_EXT_vertex_array_bgra	Supported
	GL_EXT_vertex_array_set	Not Supported
	GL_EXT_vertex_array_setXXX	Not Supported
	GL_EXT_vertex_attrib_64bit	Supported
	GL_EXT_vertex_shader	Not Supported
	GL_EXT_vertex_weighting	Not Supported
	GL_EXT_window_rectangles	Not Supported
	GL_EXT_x11_sync_object	Not Supported
	GL_EXTX_framebuffer_mixed_formats	Not Supported
	GL_EXTX_packed_depth_stencil	Not Supported
	GL_FGL_lock_texture	Not Supported
	GL_FJ_shader_binary_GCCSO	Not Supported
	GL_GL2_geometry_shader	Not Supported
	GL_GREMEDY_frame_terminator	Not Supported
	GL_GREMEDY_string_marker	Not Supported
	GL_HP_convolution_border_modes	Not Supported
	GL_HP_image_transform	Not Supported
	GL_HP_occlusion_test	Not Supported
	GL_HP_texture_lighting	Not Supported
	GL_I3D_argb	Not Supported
	GL_I3D_color_clamp	Not Supported
	GL_I3D_interlace_read	Not Supported
	GL_IBM_clip_check	Not Supported
	GL_IBM_cull_vertex	Not Supported
	GL_IBM_load_named_matrix	Not Supported
	GL_IBM_multi_draw_arrays	Not Supported
	GL_IBM_multimode_draw_arrays	Not Supported
	GL_IBM_occlusion_cull	Not Supported
	GL_IBM_pixel_filter_hint	Not Supported
	GL_IBM_rasterpos_clip	Not Supported
	GL_IBM_rescale_normal	Not Supported
	GL_IBM_static_data	Not Supported
	GL_IBM_texture_clamp_nodraw	Not Supported
	GL_IBM_texture_mirrored_repeat	Supported
	GL_IBM_vertex_array_lists	Not Supported
	GL_IBM_YCbCr	Not Supported
	GL_IMG_multisampled_render_to_texture	Not Supported
	GL_IMG_program_binary	Not Supported
	GL_IMG_read_format	Not Supported
	GL_IMG_sgx_binary	Not Supported
	GL_IMG_shader_binary	Not Supported
	GL_IMG_texture_compression_pvrtc	Not Supported
	GL_IMG_texture_compression_pvrtc2	Not Supported
	GL_IMG_texture_env_enhanced_fixed_function	Not Supported
	GL_IMG_texture_format_BGRA8888	Not Supported
	GL_IMG_user_clip_plane	Not Supported
	GL_IMG_vertex_program	Not Supported
	GL_INGR_blend_func_separate	Not Supported
	GL_INGR_color_clamp	Not Supported
	GL_INGR_interlace_read	Not Supported
	GL_INGR_multiple_palette	Not Supported
	GL_INTEL_compute_shader_lane_shift	Not Supported
	GL_INTEL_conservative_rasterization	Not Supported
	GL_INTEL_fragment_shader_ordering	Supported
	GL_INTEL_fragment_shader_span_sharing	Not Supported
	GL_INTEL_framebuffer_CMAA	Not Supported
	GL_INTEL_image_serialize	Not Supported
	GL_INTEL_map_texture	Not Supported
	GL_INTEL_multi_rate_fragment_shader	Not Supported
	GL_INTEL_parallel_arrays	Not Supported
	GL_INTEL_performance_queries	Not Supported
	GL_INTEL_performance_query	Not Supported
	GL_INTEL_texture_scissor	Not Supported
	GL_KHR_blend_equation_advanced	Not Supported
	GL_KHR_blend_equation_advanced_coherent	Not Supported
	GL_KHR_context_flush_control	Supported
	GL_KHR_debug	Supported
	GL_KHR_no_error	Not Supported
	GL_KHR_robust_buffer_access_behavior	Supported
	GL_KHR_robustness	Supported
	GL_KHR_texture_compression_astc_hdr	Not Supported
	GL_KHR_texture_compression_astc_ldr	Not Supported
	GL_KHR_vulkan_glsl	Not Supported
	GL_KTX_buffer_region	Supported
	GL_MESA_pack_invert	Not Supported
	GL_MESA_program_debug	Not Supported
	GL_MESA_resize_buffers	Not Supported
	GL_MESA_texture_array	Not Supported
	GL_MESA_texture_signed_rgba	Not Supported
	GL_MESA_window_pos	Not Supported
	GL_MESA_ycbcr_texture	Not Supported
	GL_MESAX_texture_float	Not Supported
	GL_MESAX_texture_stack	Not Supported
	GL_MTX_fragment_shader	Not Supported
	GL_MTX_precision_dpi	Not Supported
	GL_NV_3dvision_settings	Not Supported
	GL_NV_alpha_test	Not Supported
	GL_NV_bgr	Not Supported
	GL_NV_bindless_multi_draw_indirect	Not Supported
	GL_NV_bindless_multi_draw_indirect_count	Not Supported
	GL_NV_bindless_texture	Not Supported
	GL_NV_blend_equation_advanced	Not Supported
	GL_NV_blend_equation_advanced_coherent	Not Supported
	GL_NV_blend_minmax	Not Supported
	GL_NV_blend_square	Supported
	GL_NV_centroid_sample	Not Supported
	GL_NV_clip_space_w_scaling	Not Supported
	GL_NV_command_list	Not Supported
	GL_NV_complex_primitives	Not Supported
	GL_NV_compute_program5	Not Supported
	GL_NV_conditional_render	Supported
	GL_NV_conservative_raster	Not Supported
	GL_NV_conservative_raster_dilate	Not Supported
	GL_NV_conservative_raster_pre_snap_triangles	Not Supported
	GL_NV_copy_buffer	Not Supported
	GL_NV_copy_depth_to_color	Supported
	GL_NV_copy_image	Supported
	GL_NV_coverage_sample	Not Supported
	GL_NV_deep_texture3D	Not Supported
	GL_NV_depth_buffer_float	Supported
	GL_NV_depth_clamp	Not Supported
	GL_NV_depth_nonlinear	Not Supported
	GL_NV_depth_range_unclamped	Not Supported
	GL_NV_draw_buffers	Not Supported
	GL_NV_draw_instanced	Not Supported
	GL_NV_draw_texture	Not Supported
	GL_NV_draw_vulkan_image	Not Supported
	GL_NV_EGL_stream_consumer_external	Not Supported
	GL_NV_ES1_1_compatibility	Not Supported
	GL_NV_ES3_1_compatibility	Not Supported
	GL_NV_evaluators	Not Supported
	GL_NV_explicit_attrib_location	Not Supported
	GL_NV_explicit_multisample	Supported
	GL_NV_fbo_color_attachments	Not Supported
	GL_NV_fence	Not Supported
	GL_NV_fill_rectangle	Not Supported
	GL_NV_float_buffer	Supported
	GL_NV_fog_distance	Not Supported
	GL_NV_fragdepth	Not Supported
	GL_NV_fragment_coverage_to_color	Not Supported
	GL_NV_fragment_program	Not Supported
	GL_NV_fragment_program_option	Not Supported
	GL_NV_fragment_program2	Not Supported
	GL_NV_fragment_program4	Not Supported
	GL_NV_fragment_shader_interlock	Not Supported
	GL_NV_framebuffer_blit	Not Supported
	GL_NV_framebuffer_mixed_samples	Not Supported
	GL_NV_framebuffer_multisample	Not Supported
	GL_NV_framebuffer_multisample_coverage	Not Supported
	GL_NV_framebuffer_multisample_ex	Not Supported
	GL_NV_generate_mipmap_sRGB	Not Supported
	GL_NV_geometry_program4	Not Supported
	GL_NV_geometry_shader_passthrough	Not Supported
	GL_NV_geometry_shader4	Not Supported
	GL_NV_gpu_program_fp64	Not Supported
	GL_NV_gpu_program4	Not Supported
	GL_NV_gpu_program4_1	Not Supported
	GL_NV_gpu_program5	Not Supported
	GL_NV_gpu_program5_mem_extended	Not Supported
	GL_NV_gpu_shader5	Not Supported
	GL_NV_half_float	Supported
	GL_NV_instanced_arrays	Not Supported
	GL_NV_internalformat_sample_query	Not Supported
	GL_NV_light_max_exponent	Not Supported
	GL_NV_multisample_coverage	Not Supported
	GL_NV_multisample_filter_hint	Not Supported
	GL_NV_non_square_matrices	Not Supported
	GL_NV_occlusion_query	Not Supported
	GL_NV_pack_subimage	Not Supported
	GL_NV_packed_depth_stencil	Not Supported
	GL_NV_packed_float	Not Supported
	GL_NV_packed_float_linear	Not Supported
	GL_NV_parameter_buffer_object	Not Supported
	GL_NV_parameter_buffer_object2	Not Supported
	GL_NV_path_rendering	Not Supported
	GL_NV_path_rendering_shared_edge	Not Supported
	GL_NV_pixel_buffer_object	Not Supported
	GL_NV_pixel_data_range	Not Supported
	GL_NV_platform_binary	Not Supported
	GL_NV_point_sprite	Not Supported
	GL_NV_present_video	Not Supported
	GL_NV_primitive_restart	Supported
	GL_NV_read_buffer	Not Supported
	GL_NV_read_buffer_front	Not Supported
	GL_NV_read_depth	Not Supported
	GL_NV_read_depth_stencil	Not Supported
	GL_NV_read_stencil	Not Supported
	GL_NV_register_combiners	Not Supported
	GL_NV_register_combiners2	Not Supported
	GL_NV_robustness_video_memory_purge	Not Supported
	GL_NV_sample_locations	Not Supported
	GL_NV_sample_mask_override_coverage	Not Supported
	GL_NV_shader_atomic_counters	Not Supported
	GL_NV_shader_atomic_float	Not Supported
	GL_NV_shader_atomic_float64	Not Supported
	GL_NV_shader_atomic_fp16_vector	Not Supported
	GL_NV_shader_atomic_int64	Not Supported
	GL_NV_shader_buffer_load	Not Supported
	GL_NV_shader_buffer_store	Not Supported
	GL_NV_shader_storage_buffer_object	Not Supported
	GL_NV_shader_thread_group	Not Supported
	GL_NV_shader_thread_shuffle	Not Supported
	GL_NV_shadow_samplers_array	Not Supported
	GL_NV_shadow_samplers_cube	Not Supported
	GL_NV_sRGB_formats	Not Supported
	GL_NV_stereo_view_rendering	Not Supported
	GL_NV_tessellation_program5	Not Supported
	GL_NV_texgen_emboss	Not Supported
	GL_NV_texgen_reflection	Supported
	GL_NV_texture_array	Not Supported
	GL_NV_texture_barrier	Supported
	GL_NV_texture_border_clamp	Not Supported
	GL_NV_texture_compression_latc	Not Supported
	GL_NV_texture_compression_s3tc	Not Supported
	GL_NV_texture_compression_s3tc_update	Not Supported
	GL_NV_texture_compression_vtc	Not Supported
	GL_NV_texture_env_combine4	Not Supported
	GL_NV_texture_expand_normal	Not Supported
	GL_NV_texture_lod_clamp	Not Supported
	GL_NV_texture_multisample	Not Supported
	GL_NV_texture_npot_2D_mipmap	Not Supported
	GL_NV_texture_rectangle	Not Supported
	GL_NV_texture_shader	Not Supported
	GL_NV_texture_shader2	Not Supported
	GL_NV_texture_shader3	Not Supported
	GL_NV_timer_query	Not Supported
	GL_NV_transform_feedback	Not Supported
	GL_NV_transform_feedback2	Not Supported
	GL_NV_uniform_buffer_unified_memory	Not Supported
	GL_NV_vdpau_interop	Not Supported
	GL_NV_vertex_array_range	Not Supported
	GL_NV_vertex_array_range2	Not Supported
	GL_NV_vertex_attrib_64bit	Not Supported
	GL_NV_vertex_attrib_integer_64bit	Not Supported
	GL_NV_vertex_buffer_unified_memory	Not Supported
	GL_NV_vertex_program	Not Supported
	GL_NV_vertex_program1_1	Not Supported
	GL_NV_vertex_program2	Not Supported
	GL_NV_vertex_program2_option	Not Supported
	GL_NV_vertex_program3	Not Supported
	GL_NV_vertex_program4	Not Supported
	GL_NV_video_capture	Not Supported
	GL_NV_viewport_array2	Not Supported
	GL_NV_viewport_swizzle	Not Supported
	GL_NVX_blend_equation_advanced_multi_draw_buffers	Not Supported
	GL_NVX_conditional_render	Not Supported
	GL_NVX_flush_hold	Not Supported
	GL_NVX_gpu_memory_info	Not Supported
	GL_NVX_instanced_arrays	Not Supported
	GL_NVX_multigpu_info	Not Supported
	GL_NVX_nvenc_interop	Not Supported
	GL_NVX_shader_thread_group	Not Supported
	GL_NVX_shader_thread_shuffle	Not Supported
	GL_NVX_shared_sync_object	Not Supported
	GL_NVX_sysmem_buffer	Not Supported
	GL_NVX_ycrcb	Not Supported
	GL_OES_blend_equation_separate	Not Supported
	GL_OES_blend_func_separate	Not Supported
	GL_OES_blend_subtract	Not Supported
	GL_OES_byte_coordinates	Not Supported
	GL_OES_compressed_EAC_R11_signed_texture	Not Supported
	GL_OES_compressed_EAC_R11_unsigned_texture	Not Supported
	GL_OES_compressed_EAC_RG11_signed_texture	Not Supported
	GL_OES_compressed_EAC_RG11_unsigned_texture	Not Supported
	GL_OES_compressed_ETC1_RGB8_texture	Not Supported
	GL_OES_compressed_ETC2_punchthroughA_RGBA8_texture	Not Supported
	GL_OES_compressed_ETC2_punchthroughA_sRGB8_alpha_texture	Not Supported
	GL_OES_compressed_ETC2_RGB8_texture	Not Supported
	GL_OES_compressed_ETC2_RGBA8_texture	Not Supported
	GL_OES_compressed_ETC2_sRGB8_alpha8_texture	Not Supported
	GL_OES_compressed_ETC2_sRGB8_texture	Not Supported
	GL_OES_compressed_paletted_texture	Not Supported
	GL_OES_conditional_query	Not Supported
	GL_OES_depth_texture	Not Supported
	GL_OES_depth_texture_cube_map	Not Supported
	GL_OES_depth24	Not Supported
	GL_OES_depth32	Not Supported
	GL_OES_draw_texture	Not Supported
	GL_OES_EGL_image	Supported
	GL_OES_EGL_image_external	Not Supported
	GL_OES_EGL_sync	Not Supported
	GL_OES_element_index_uint	Not Supported
	GL_OES_extended_matrix_palette	Not Supported
	GL_OES_fbo_render_mipmap	Not Supported
	GL_OES_fixed_point	Not Supported
	GL_OES_fragment_precision_high	Not Supported
	GL_OES_framebuffer_object	Not Supported
	GL_OES_get_program_binary	Not Supported
	GL_OES_mapbuffer	Not Supported
	GL_OES_matrix_get	Not Supported
	GL_OES_matrix_palette	Not Supported
	GL_OES_packed_depth_stencil	Not Supported
	GL_OES_point_size_array	Not Supported
	GL_OES_point_sprite	Not Supported
	GL_OES_query_matrix	Not Supported
	GL_OES_read_format	Not Supported
	GL_OES_required_internalformat	Not Supported
	GL_OES_rgb8_rgba8	Not Supported
	GL_OES_sample_shading	Not Supported
	GL_OES_sample_variables	Not Supported
	GL_OES_shader_image_atomic	Not Supported
	GL_OES_shader_multisample_interpolation	Not Supported
	GL_OES_single_precision	Not Supported
	GL_OES_standard_derivatives	Not Supported
	GL_OES_stencil_wrap	Not Supported
	GL_OES_stencil1	Not Supported
	GL_OES_stencil4	Not Supported
	GL_OES_stencil8	Not Supported
	GL_OES_surfaceless_context	Not Supported
	GL_OES_texture_3D	Not Supported
	GL_OES_texture_compression_astc	Not Supported
	GL_OES_texture_cube_map	Not Supported
	GL_OES_texture_env_crossbar	Not Supported
	GL_OES_texture_float	Not Supported
	GL_OES_texture_float_linear	Not Supported
	GL_OES_texture_half_float	Not Supported
	GL_OES_texture_half_float_linear	Not Supported
	GL_OES_texture_mirrored_repeat	Not Supported
	GL_OES_texture_npot	Not Supported
	GL_OES_texture_stencil8	Not Supported
	GL_OES_texture_storage_multisample_2d_array	Not Supported
	GL_OES_vertex_array_object	Not Supported
	GL_OES_vertex_half_float	Not Supported
	GL_OES_vertex_type_10_10_10_2	Not Supported
	GL_OML_interlace	Not Supported
	GL_OML_resample	Not Supported
	GL_OML_subsample	Not Supported
	GL_PGI_misc_hints	Not Supported
	GL_PGI_vertex_hints	Not Supported
	GL_QCOM_alpha_test	Not Supported
	GL_QCOM_binning_control	Not Supported
	GL_QCOM_driver_control	Not Supported
	GL_QCOM_extended_get	Not Supported
	GL_QCOM_extended_get2	Not Supported
	GL_QCOM_perfmon_global_mode	Not Supported
	GL_QCOM_tiled_rendering	Not Supported
	GL_QCOM_writeonly_rendering	Not Supported
	GL_REND_screen_coordinates	Not Supported
	GL_S3_performance_analyzer	Not Supported
	GL_S3_s3tc	Not Supported
	GL_SGI_color_matrix	Not Supported
	GL_SGI_color_table	Not Supported
	GL_SGI_compiled_vertex_array	Not Supported
	GL_SGI_cull_vertex	Not Supported
	GL_SGI_index_array_formats	Not Supported
	GL_SGI_index_func	Not Supported
	GL_SGI_index_material	Not Supported
	GL_SGI_index_texture	Not Supported
	GL_SGI_make_current_read	Not Supported
	GL_SGI_texture_add_env	Not Supported
	GL_SGI_texture_color_table	Not Supported
	GL_SGI_texture_edge_clamp	Not Supported
	GL_SGI_texture_lod	Not Supported
	GL_SGIS_color_range	Not Supported
	GL_SGIS_detail_texture	Not Supported
	GL_SGIS_fog_function	Not Supported
	GL_SGIS_generate_mipmap	Supported
	GL_SGIS_multisample	Not Supported
	GL_SGIS_multitexture	Not Supported
	GL_SGIS_pixel_texture	Not Supported
	GL_SGIS_point_line_texgen	Not Supported
	GL_SGIS_sharpen_texture	Not Supported
	GL_SGIS_texture_border_clamp	Not Supported
	GL_SGIS_texture_color_mask	Not Supported
	GL_SGIS_texture_edge_clamp	Supported
	GL_SGIS_texture_filter4	Not Supported
	GL_SGIS_texture_lod	Supported
	GL_SGIS_texture_select	Not Supported
	GL_SGIS_texture4D	Not Supported
	GL_SGIX_async	Not Supported
	GL_SGIX_async_histogram	Not Supported
	GL_SGIX_async_pixel	Not Supported
	GL_SGIX_blend_alpha_minmax	Not Supported
	GL_SGIX_clipmap	Not Supported
	GL_SGIX_convolution_accuracy	Not Supported
	GL_SGIX_depth_pass_instrument	Not Supported
	GL_SGIX_depth_texture	Not Supported
	GL_SGIX_flush_raster	Not Supported
	GL_SGIX_fog_offset	Not Supported
	GL_SGIX_fog_texture	Not Supported
	GL_SGIX_fragment_specular_lighting	Not Supported
	GL_SGIX_framezoom	Not Supported
	GL_SGIX_instruments	Not Supported
	GL_SGIX_interlace	Not Supported
	GL_SGIX_ir_instrument1	Not Supported
	GL_SGIX_list_priority	Not Supported
	GL_SGIX_pbuffer	Not Supported
	GL_SGIX_pixel_texture	Not Supported
	GL_SGIX_pixel_texture_bits	Not Supported
	GL_SGIX_reference_plane	Not Supported
	GL_SGIX_resample	Not Supported
	GL_SGIX_shadow	Not Supported
	GL_SGIX_shadow_ambient	Not Supported
	GL_SGIX_sprite	Not Supported
	GL_SGIX_subsample	Not Supported
	GL_SGIX_tag_sample_buffer	Not Supported
	GL_SGIX_texture_add_env	Not Supported
	GL_SGIX_texture_coordinate_clamp	Not Supported
	GL_SGIX_texture_lod_bias	Not Supported
	GL_SGIX_texture_multi_buffer	Not Supported
	GL_SGIX_texture_range	Not Supported
	GL_SGIX_texture_scale_bias	Not Supported
	GL_SGIX_vertex_preclip	Not Supported
	GL_SGIX_vertex_preclip_hint	Not Supported
	GL_SGIX_ycrcb	Not Supported
	GL_SGIX_ycrcb_subsample	Not Supported
	GL_SUN_convolution_border_modes	Not Supported
	GL_SUN_global_alpha	Not Supported
	GL_SUN_mesh_array	Not Supported
	GL_SUN_multi_draw_arrays	Supported
	GL_SUN_read_video_pixels	Not Supported
	GL_SUN_slice_accum	Not Supported
	GL_SUN_triangle_list	Not Supported
	GL_SUN_vertex	Not Supported
	GL_SUNX_constant_data	Not Supported
	GL_VIV_shader_binary	Not Supported
	GL_WGL_ARB_extensions_string	Not Supported
	GL_WGL_EXT_extensions_string	Not Supported
	GL_WGL_EXT_swap_control	Not Supported
	GL_WIN_phong_shading	Not Supported
	GL_WIN_specular_fog	Not Supported
	GL_WIN_swap_hint	Supported
	GLU_EXT_nurbs_tessellator	Not Supported
	GLU_EXT_object_space_tess	Not Supported
	GLU_SGI_filter4_parameters	Not Supported
	GLX_AMD_gpu_association	Not Supported
	GLX_ARB_create_context	Not Supported
	GLX_ARB_create_context_profile	Not Supported
	GLX_ARB_create_context_robustness	Not Supported
	GLX_ARB_fbconfig_float	Not Supported
	GLX_ARB_framebuffer_sRGB	Not Supported
	GLX_ARB_get_proc_address	Not Supported
	GLX_ARB_multisample	Not Supported
	GLX_ARB_robustness_application_isolation	Not Supported
	GLX_ARB_robustness_share_group_isolation	Not Supported
	GLX_ARB_vertex_buffer_object	Not Supported
	GLX_EXT_buffer_age	Not Supported
	GLX_EXT_create_context_es_profile	Not Supported
	GLX_EXT_create_context_es2_profile	Not Supported
	GLX_EXT_fbconfig_packed_float	Not Supported
	GLX_EXT_framebuffer_sRGB	Not Supported
	GLX_EXT_import_context	Not Supported
	GLX_EXT_scene_marker	Not Supported
	GLX_EXT_swap_control	Not Supported
	GLX_EXT_swap_control_tear	Not Supported
	GLX_EXT_texture_from_pixmap	Not Supported
	GLX_EXT_visual_info	Not Supported
	GLX_EXT_visual_rating	Not Supported
	GLX_INTEL_swap_event	Not Supported
	GLX_MESA_agp_offset	Not Supported
	GLX_MESA_copy_sub_buffer	Not Supported
	GLX_MESA_multithread_makecurrent	Not Supported
	GLX_MESA_pixmap_colormap	Not Supported
	GLX_MESA_query_renderer	Not Supported
	GLX_MESA_release_buffers	Not Supported
	GLX_MESA_set_3dfx_mode	Not Supported
	GLX_MESA_swap_control	Not Supported
	GLX_NV_copy_image	Not Supported
	GLX_NV_delay_before_swap	Not Supported
	GLX_NV_float_buffer	Not Supported
	GLX_NV_multisample_coverage	Not Supported
	GLX_NV_present_video	Not Supported
	GLX_NV_swap_group	Not Supported
	GLX_NV_video_capture	Not Supported
	GLX_NV_video_out	Not Supported
	GLX_NV_video_output	Not Supported
	GLX_OML_interlace	Not Supported
	GLX_OML_swap_method	Not Supported
	GLX_OML_sync_control	Not Supported
	GLX_SGI_cushion	Not Supported
	GLX_SGI_make_current_read	Not Supported
	GLX_SGI_swap_control	Not Supported
	GLX_SGI_video_sync	Not Supported
	GLX_SGIS_blended_overlay	Not Supported
	GLX_SGIS_color_range	Not Supported
	GLX_SGIS_multisample	Not Supported
	GLX_SGIX_dm_buffer	Not Supported
	GLX_SGIX_fbconfig	Not Supported
	GLX_SGIX_hyperpipe	Not Supported
	GLX_SGIX_pbuffer	Not Supported
	GLX_SGIX_swap_barrier	Not Supported
	GLX_SGIX_swap_group	Not Supported
	GLX_SGIX_video_resize	Not Supported
	GLX_SGIX_video_source	Not Supported
	GLX_SGIX_visual_select_group	Not Supported
	GLX_SUN_get_transparent_index	Not Supported
	GLX_SUN_video_resize	Not Supported
	WGL_3DFX_gamma_control	Not Supported
	WGL_3DFX_multisample	Not Supported
	WGL_3DL_stereo_control	Not Supported
	WGL_AMD_gpu_association	Supported
	WGL_AMDX_gpu_association	Supported
	WGL_ARB_buffer_region	Supported
	WGL_ARB_context_flush_control	Supported
	WGL_ARB_create_context	Supported
	WGL_ARB_create_context_profile	Supported
	WGL_ARB_create_context_robustness	Not Supported
	WGL_ARB_extensions_string	Supported
	WGL_ARB_framebuffer_sRGB	Not Supported
	WGL_ARB_make_current_read	Supported
	WGL_ARB_multisample	Supported
	WGL_ARB_pbuffer	Supported
	WGL_ARB_pixel_format	Supported
	WGL_ARB_pixel_format_float	Supported
	WGL_ARB_render_texture	Supported
	WGL_ARB_robustness_application_isolation	Not Supported
	WGL_ARB_robustness_share_group_isolation	Not Supported
	WGL_ATI_pbuffer_memory_hint	Not Supported
	WGL_ATI_pixel_format_float	Supported
	WGL_ATI_render_texture_rectangle	Supported
	WGL_EXT_buffer_region	Not Supported
	WGL_EXT_create_context_es_profile	Not Supported
	WGL_EXT_create_context_es2_profile	Not Supported
	WGL_EXT_depth_float	Not Supported
	WGL_EXT_display_color_table	Not Supported
	WGL_EXT_extensions_string	Supported
	WGL_EXT_framebuffer_sRGB	Supported
	WGL_EXT_framebuffer_sRGBWGL_ARB_create_context	Not Supported
	WGL_EXT_gamma_control	Not Supported
	WGL_EXT_make_current_read	Not Supported
	WGL_EXT_multisample	Not Supported
	WGL_EXT_pbuffer	Not Supported
	WGL_EXT_pixel_format	Not Supported
	WGL_EXT_pixel_format_packed_float	Supported
	WGL_EXT_render_texture	Not Supported
	WGL_EXT_swap_control	Supported
	WGL_EXT_swap_control_tear	Supported
	WGL_EXT_swap_interval	Not Supported
	WGL_I3D_digital_video_control	Not Supported
	WGL_I3D_gamma	Not Supported
	WGL_I3D_genlock	Supported
	WGL_I3D_image_buffer	Not Supported
	WGL_I3D_swap_frame_lock	Not Supported
	WGL_I3D_swap_frame_usage	Not Supported
	WGL_INTEL_cl_sharing	Not Supported
	WGL_MTX_video_preview	Not Supported
	WGL_NV_bridged_display	Not Supported
	WGL_NV_copy_image	Not Supported
	WGL_NV_delay_before_swap	Not Supported
	WGL_NV_DX_interop	Supported
	WGL_NV_DX_interop2	Supported
	WGL_NV_float_buffer	Supported
	WGL_NV_gpu_affinity	Not Supported
	WGL_NV_multisample_coverage	Not Supported
	WGL_NV_present_video	Not Supported
	WGL_NV_render_depth_texture	Not Supported
	WGL_NV_render_texture_rectangle	Not Supported
	WGL_NV_swap_group	Supported
	WGL_NV_texture_rectangle	Not Supported
	WGL_NV_vertex_array_range	Not Supported
	WGL_NV_video_capture	Not Supported
	WGL_NV_video_output	Not Supported
	WGL_NVX_DX_interop	Not Supported
	WGL_OML_sync_control	Not Supported
	WGL_S3_cl_sharingWGL_ARB_create_context_profile	Not Supported

Supported Compressed Texture Formats:
	RGB DXT1	Supported
	RGBA DXT1	Supported
	RGBA DXT3	Supported
	RGBA DXT5	Supported
	RGB FXT1	Not Supported
	RGBA FXT1	Not Supported
	3Dc	Supported

Video Adapter Manufacturer:
	Company Name	Advanced Micro Devices, Inc.
	Product Information	http://www.amd.com/en-us/products/graphics/desktop
	Driver Download	http://sites.amd.com/us/game/downloads
	Driver Update	http://www.aida64.com/driver-updates

GPGPU


[ Direct3D: AMD Radeon HD 7700 Series (Cape Verde) ]

	Device Properties:
		Device Name	AMD Radeon HD 7700 Series
		GPU Code Name	Cape Verde
		PCI Device	1002-683F / 1462-2792 (Rev 00)
		Dedicated Memory	1005 MB
		Driver Name	aticfx32.dll
		Driver Version	21.19.137.1
		Shader Model	SM 5.1
		Max Threads	1024
		Multiple UAV Access	64 UAVs
		Thread Dispatch	3D
		Thread Local Storage	32 KB

	Device Features:
		10-bit Precision Floating-Point	Not Supported
		16-bit Precision Floating-Point	Not Supported
		Append/Consume Buffers	Supported
		Atomic Operations	Supported
		Double-Precision Floating-Point	Supported
		Gather4	Supported
		Indirect Compute Dispatch	Supported
		Map On Default Buffers	Supported

	Device Manufacturer:
		Company Name	Advanced Micro Devices, Inc.
		Product Information	http://www.amd.com/en-us/products/graphics/desktop
		Driver Download	http://sites.amd.com/us/game/downloads
		Driver Update	http://www.aida64.com/driver-updates

[ OpenCL: AMD Radeon HD 7700 Series (Capeverde) ]

	OpenCL Properties:
		Platform Name	AMD Accelerated Parallel Processing
		Platform Vendor	Advanced Micro Devices, Inc.
		Platform Version	OpenCL 2.0 AMD-APP (2117.13)
		Platform Profile	Full

	Device Properties:
		Device Name	Capeverde
		Video Adapter	AMD Radeon HD 7700 Series
		Device Type	GPU
		Device Vendor	Advanced Micro Devices, Inc.
		Device Version	OpenCL 1.2 AMD-APP (2117.13)
		Device Profile	Full
		Driver Version	2117.13 (VM)
		OpenCL C Version	OpenCL C 1.2
		Supported SPIR Versions	1.2
		Clock Rate	830 MHz
		Compute Units / Cores	8 / 512
		SIMD Per Compute Unit	4
		SIMD Width	16
		SIMD Instruction Width	1
		Wavefront Width	64
		Address Space Size	32-bit
		Max 2D Image Size	16384 x 16384
		Max 3D Image Size	2048 x 2048 x 2048
		Max Image Array Size	2048
		Max Image Buffer Size	65536
		Max Samplers	16
		Max Work-Item Size	256 x 256 x 256
		Max Work-Group Size	256
		Max Argument Size	1 KB
		Max Constant Buffer Size	64 KB
		Max Constant Arguments	8
		Max Printf Buffer Size	1 MB
		Native ISA Vector Widths	char4, short2, int1, half1, float1, double1
		Preferred Native Vector Widths	char4, short2, int1, long1, half1, float1, double1
		Profiling Timer Resolution	1 ns
		Profiling Timer Offset Since Epoch	1484726737162857572 ns
		OpenCL DLL	opencl.dll (2.0.6.0)

	Memory Properties:
		Global Memory	1 GB
		Free Global Memory	998137 KB / 767993 KB
		Global Memory Cache	16 KB (Read/Write, 64-byte line)
		Global Memory Channels	4
		Global Memory Channel Banks	16
		Global Memory Channel Bank Width	256 bytes
		Local Memory	32 KB
		Local Memory Size Per Compute Unit	64 KB
		Local Memory Banks	32
		Max Memory Object Allocation Size	576 MB
		Memory Base Address Alignment	2048-bit
		Min Data Type Alignment	128 bytes
		Image Row Pitch Alignment	256 pixels
		Image Base Address Alignment	256 pixels

	OpenCL Compliancy:
		OpenCL 1.1	Yes (100%)
		OpenCL 1.2	Yes (100%)
		OpenCL 2.0	No (87%)

	Device Features:
		Command-Queue Out Of Order Execution	Disabled
		Command-Queue Profiling	Enabled
		Compiler Available	Yes
		Error Correction	Not Supported
		Images	Supported
		Kernel Execution	Supported
		Linker Available	Yes
		Little-Endian Device	Yes
		Native Kernel Execution	Not Supported
		Sub-Group Independent Forward Progress	Not Supported
		SVM Atomics	Not Supported
		SVM Coarse Grain Buffer	Not Supported
		SVM Fine Grain Buffer	Not Supported
		SVM Fine Grain System	Not Supported
		Thread Trace	Not Supported
		Unified Memory	No

	Half-Precision Floating-Point Capabilities:
		Correctly Rounded Divide and Sqrt	Not Supported
		Denorms	Not Supported
		IEEE754-2008 FMA	Not Supported
		INF and NaNs	Not Supported
		Rounding to Infinity	Not Supported
		Rounding to Nearest Even	Not Supported
		Rounding to Zero	Not Supported
		Software Basic Floating-Point Operations	No

	Single-Precision Floating-Point Capabilities:
		Correctly Rounded Divide and Sqrt	Supported
		Denorms	Not Supported
		IEEE754-2008 FMA	Supported
		INF and NaNs	Supported
		Rounding to Infinity	Supported
		Rounding to Nearest Even	Supported
		Rounding to Zero	Supported
		Software Basic Floating-Point Operations	No

	Double-Precision Floating-Point Capabilities:
		Correctly Rounded Divide and Sqrt	Not Supported
		Denorms	Supported
		IEEE754-2008 FMA	Supported
		INF and NaNs	Supported
		Rounding to Infinity	Supported
		Rounding to Nearest Even	Supported
		Rounding to Zero	Supported
		Software Basic Floating-Point Operations	No

	Device Extensions:
		Total / Supported Extensions	96 / 24
		cl_altera_compiler_mode	Not Supported
		cl_altera_device_temperature	Not Supported
		cl_altera_live_object_tracking	Not Supported
		cl_amd_bus_addressable_memory	Not Supported
		cl_amd_c1x_atomics	Not Supported
		cl_amd_compile_options	Not Supported
		cl_amd_core_id	Not Supported
		cl_amd_d3d10_interop	Not Supported
		cl_amd_d3d9_interop	Not Supported
		cl_amd_device_attribute_query	Supported
		cl_amd_device_board_name	Not Supported
		cl_amd_device_memory_flags	Not Supported
		cl_amd_device_persistent_memory	Not Supported
		cl_amd_device_profiling_timer_offset	Not Supported
		cl_amd_device_topology	Not Supported
		cl_amd_event_callback	Not Supported
		cl_amd_fp64	Supported
		cl_amd_hsa	Not Supported
		cl_amd_image2d_from_buffer_read_only	Not Supported
		cl_amd_liquid_flash	Supported
		cl_amd_media_ops	Supported
		cl_amd_media_ops2	Supported
		cl_amd_offline_devices	Not Supported
		cl_amd_popcnt	Supported
		cl_amd_predefined_macros	Not Supported
		cl_amd_printf	Supported
		cl_amd_svm	Not Supported
		cl_amd_vec3	Supported
		cl_apple_contextloggingfunctions	Not Supported
		cl_apple_gl_sharing	Not Supported
		cl_apple_setmemobjectdestructor	Not Supported
		cl_arm_core_id	Not Supported
		cl_arm_printf	Not Supported
		cl_ext_atomic_counters_32	Not Supported
		cl_ext_atomic_counters_64	Not Supported
		cl_ext_device_fission	Not Supported
		cl_ext_migrate_memobject	Not Supported
		cl_intel_accelerator	Not Supported
		cl_intel_advanced_motion_estimation	Not Supported
		cl_intel_ctz	Not Supported
		cl_intel_d3d11_nv12_media_sharing	Not Supported
		cl_intel_device_partition_by_names	Not Supported
		cl_intel_dx9_media_sharing	Not Supported
		cl_intel_exec_by_local_thread	Not Supported
		cl_intel_motion_estimation	Not Supported
		cl_intel_packed_yuv	Not Supported
		cl_intel_printf	Not Supported
		cl_intel_required_subgroup_size	Not Supported
		cl_intel_simultaneous_sharing	Not Supported
		cl_intel_subgroups	Not Supported
		cl_intel_thread_local_exec	Not Supported
		cl_intel_va_api_media_sharing	Not Supported
		cl_intel_visual_analytics	Not Supported
		cl_khr_3d_image_writes	Supported
		cl_khr_byte_addressable_store	Supported
		cl_khr_context_abort	Not Supported
		cl_khr_d3d10_sharing	Supported
		cl_khr_d3d11_sharing	Supported
		cl_khr_depth_images	Not Supported
		cl_khr_dx9_media_sharing	Supported
		cl_khr_egl_event	Not Supported
		cl_khr_egl_image	Not Supported
		cl_khr_fp16	Not Supported
		cl_khr_fp64	Supported
		cl_khr_gl_depth_images	Not Supported
		cl_khr_gl_event	Supported
		cl_khr_gl_msaa_sharing	Not Supported
		cl_khr_gl_sharing	Supported
		cl_khr_global_int32_base_atomics	Supported
		cl_khr_global_int32_extended_atomics	Supported
		cl_khr_icd	Not Supported
		cl_khr_il_program	Not Supported
		cl_khr_image2d_from_buffer	Supported
		cl_khr_initialize_memory	Not Supported
		cl_khr_int64_base_atomics	Supported
		cl_khr_int64_extended_atomics	Supported
		cl_khr_local_int32_base_atomics	Supported
		cl_khr_local_int32_extended_atomics	Supported
		cl_khr_mipmap_image	Not Supported
		cl_khr_mipmap_image_writes	Not Supported
		cl_khr_priority_hints	Not Supported
		cl_khr_select_fprounding_mode	Not Supported
		cl_khr_spir	Supported
		cl_khr_srgb_image_writes	Not Supported
		cl_khr_subgroups	Not Supported
		cl_khr_terminate_context	Not Supported
		cl_khr_throttle_hints	Not Supported
		cl_nv_compiler_options	Not Supported
		cl_nv_copy_opts	Not Supported
		cl_nv_d3d10_sharing	Not Supported
		cl_nv_d3d11_sharing	Not Supported
		cl_nv_d3d9_sharing	Not Supported
		cl_nv_device_attribute_query	Not Supported
		cl_nv_pragma_unroll	Not Supported
		cl_qcom_ext_host_ptr	Not Supported
		cl_qcom_ion_host_ptr	Not Supported

[ OpenCL: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz ]

	OpenCL Properties:
		Platform Name	AMD Accelerated Parallel Processing
		Platform Vendor	Advanced Micro Devices, Inc.
		Platform Version	OpenCL 2.0 AMD-APP (2117.13)
		Platform Profile	Full

	Device Properties:
		Device Name	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
		Device Type	CPU
		Device Vendor	GenuineIntel
		Device Version	OpenCL 1.2 AMD-APP (2117.13)
		Device Profile	Full
		Driver Version	2117.13 (sse2,avx)
		OpenCL C Version	OpenCL C 1.2
		Supported SPIR Versions	1.2
		Clock Rate	3403 MHz
		Compute Units	8
		Address Space Size	32-bit
		Max 2D Image Size	8192 x 8192
		Max 3D Image Size	2048 x 2048 x 2048
		Max Image Array Size	2048
		Max Image Buffer Size	65536
		Max Samplers	16
		Max Work-Item Size	1024 x 1024 x 1024
		Max Work-Group Size	1024
		Max Global Variable Size	1048576 KB
		Preferred Global Variables Total Size	1048576 KB
		Max Argument Size	4 KB
		Max Constant Buffer Size	64 KB
		Max Constant Arguments	8
		Max Pipe Arguments	16
		Max Printf Buffer Size	64 KB
		Native ISA Vector Widths	char16, short8, int2, half4, float8, double4
		Preferred Native Vector Widths	char16, short8, int4, long2, half4, float8, double4
		Profiling Timer Resolution	300 ns
		Profiling Timer Offset Since Epoch	1484726737162857572 ns
		OpenCL DLL	opencl.dll (2.0.6.0)

	Memory Properties:
		Global Memory	2 GB
		Global Memory Cache	32 KB (Read/Write, 64-byte line)
		Local Memory	32 KB
		Max Memory Object Allocation Size	1 GB
		Memory Base Address Alignment	1024-bit
		Min Data Type Alignment	128 bytes

	OpenCL Compliancy:
		OpenCL 1.1	Yes (100%)
		OpenCL 1.2	Yes (100%)
		OpenCL 2.0	No (75%)

	Device Features:
		Command-Queue Out Of Order Execution	Disabled
		Command-Queue Profiling	Enabled
		Compiler Available	Yes
		Error Correction	Not Supported
		Images	Supported
		Kernel Execution	Supported
		Linker Available	Yes
		Little-Endian Device	Yes
		Native Kernel Execution	Supported
		Sub-Group Independent Forward Progress	Not Supported
		SVM Atomics	Not Supported
		SVM Coarse Grain Buffer	Not Supported
		SVM Fine Grain Buffer	Not Supported
		SVM Fine Grain System	Not Supported
		Thread Trace	Not Supported
		Unified Memory	Yes

	Half-Precision Floating-Point Capabilities:
		Correctly Rounded Divide and Sqrt	Not Supported
		Denorms	Not Supported
		IEEE754-2008 FMA	Not Supported
		INF and NaNs	Not Supported
		Rounding to Infinity	Not Supported
		Rounding to Nearest Even	Not Supported
		Rounding to Zero	Not Supported
		Software Basic Floating-Point Operations	No

	Single-Precision Floating-Point Capabilities:
		Correctly Rounded Divide and Sqrt	Supported
		Denorms	Supported
		IEEE754-2008 FMA	Supported
		INF and NaNs	Supported
		Rounding to Infinity	Supported
		Rounding to Nearest Even	Supported
		Rounding to Zero	Supported
		Software Basic Floating-Point Operations	No

	Double-Precision Floating-Point Capabilities:
		Correctly Rounded Divide and Sqrt	Not Supported
		Denorms	Supported
		IEEE754-2008 FMA	Supported
		INF and NaNs	Supported
		Rounding to Infinity	Supported
		Rounding to Nearest Even	Supported
		Rounding to Zero	Supported
		Software Basic Floating-Point Operations	No

	Device Extensions:
		Total / Supported Extensions	95 / 19
		cl_altera_compiler_mode	Not Supported
		cl_altera_device_temperature	Not Supported
		cl_altera_live_object_tracking	Not Supported
		cl_amd_bus_addressable_memory	Not Supported
		cl_amd_c1x_atomics	Not Supported
		cl_amd_compile_options	Not Supported
		cl_amd_core_id	Not Supported
		cl_amd_d3d10_interop	Not Supported
		cl_amd_d3d9_interop	Not Supported
		cl_amd_device_attribute_query	Supported
		cl_amd_device_board_name	Not Supported
		cl_amd_device_memory_flags	Not Supported
		cl_amd_device_persistent_memory	Not Supported
		cl_amd_device_profiling_timer_offset	Not Supported
		cl_amd_device_topology	Not Supported
		cl_amd_event_callback	Not Supported
		cl_amd_fp64	Supported
		cl_amd_hsa	Not Supported
		cl_amd_image2d_from_buffer_read_only	Not Supported
		cl_amd_media_ops	Supported
		cl_amd_media_ops2	Supported
		cl_amd_offline_devices	Not Supported
		cl_amd_popcnt	Supported
		cl_amd_predefined_macros	Not Supported
		cl_amd_printf	Supported
		cl_amd_svm	Not Supported
		cl_amd_vec3	Supported
		cl_apple_contextloggingfunctions	Not Supported
		cl_apple_gl_sharing	Not Supported
		cl_apple_setmemobjectdestructor	Not Supported
		cl_arm_core_id	Not Supported
		cl_arm_printf	Not Supported
		cl_ext_atomic_counters_32	Not Supported
		cl_ext_atomic_counters_64	Not Supported
		cl_ext_device_fission	Supported
		cl_ext_migrate_memobject	Not Supported
		cl_intel_accelerator	Not Supported
		cl_intel_advanced_motion_estimation	Not Supported
		cl_intel_ctz	Not Supported
		cl_intel_d3d11_nv12_media_sharing	Not Supported
		cl_intel_device_partition_by_names	Not Supported
		cl_intel_dx9_media_sharing	Not Supported
		cl_intel_exec_by_local_thread	Not Supported
		cl_intel_motion_estimation	Not Supported
		cl_intel_packed_yuv	Not Supported
		cl_intel_printf	Not Supported
		cl_intel_required_subgroup_size	Not Supported
		cl_intel_simultaneous_sharing	Not Supported
		cl_intel_subgroups	Not Supported
		cl_intel_thread_local_exec	Not Supported
		cl_intel_va_api_media_sharing	Not Supported
		cl_intel_visual_analytics	Not Supported
		cl_khr_3d_image_writes	Supported
		cl_khr_byte_addressable_store	Supported
		cl_khr_context_abort	Not Supported
		cl_khr_d3d10_sharing	Supported
		cl_khr_d3d11_sharing	Not Supported
		cl_khr_depth_images	Not Supported
		cl_khr_dx9_media_sharing	Not Supported
		cl_khr_egl_event	Not Supported
		cl_khr_egl_image	Not Supported
		cl_khr_fp16	Not Supported
		cl_khr_fp64	Supported
		cl_khr_gl_depth_images	Not Supported
		cl_khr_gl_event	Supported
		cl_khr_gl_msaa_sharing	Not Supported
		cl_khr_gl_sharing	Supported
		cl_khr_global_int32_base_atomics	Supported
		cl_khr_global_int32_extended_atomics	Supported
		cl_khr_icd	Not Supported
		cl_khr_il_program	Not Supported
		cl_khr_image2d_from_buffer	Not Supported
		cl_khr_initialize_memory	Not Supported
		cl_khr_int64_base_atomics	Not Supported
		cl_khr_int64_extended_atomics	Not Supported
		cl_khr_local_int32_base_atomics	Supported
		cl_khr_local_int32_extended_atomics	Supported
		cl_khr_mipmap_image	Not Supported
		cl_khr_mipmap_image_writes	Not Supported
		cl_khr_priority_hints	Not Supported
		cl_khr_select_fprounding_mode	Not Supported
		cl_khr_spir	Supported
		cl_khr_srgb_image_writes	Not Supported
		cl_khr_subgroups	Not Supported
		cl_khr_terminate_context	Not Supported
		cl_khr_throttle_hints	Not Supported
		cl_nv_compiler_options	Not Supported
		cl_nv_copy_opts	Not Supported
		cl_nv_d3d10_sharing	Not Supported
		cl_nv_d3d11_sharing	Not Supported
		cl_nv_d3d9_sharing	Not Supported
		cl_nv_device_attribute_query	Not Supported
		cl_nv_pragma_unroll	Not Supported
		cl_qcom_ext_host_ptr	Not Supported
		cl_qcom_ion_host_ptr	Not Supported

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

Mantle


[ AMD Radeon HD 7700 Series (Cape Verde) ]

	Device Properties:
		Device Name	AMD Radeon HD 7700 Series
		GPU Code Name	Cape Verde
		GPU Type	Discrete
		Architecture	AMD GCN
		PCI Device	1002-683F
		Memory Size	1 GB
		GPU Clock	830 MHz
		Pixel Pipelines	16
		Texture Mapping Units	40
		Compute Units / Cores	10 / 640
		Max Memory References Per Submission	16384
		Max Inline Memory Update Size	32 KB
		Max Bound Descriptor Sets	2
		Max Thread Group Size	1024
		Timestamp Frequency	27 MHz
		Driver Version	146.0.0
		API Version	0.24.6
		Min / Max AXL Version	0.0.0 / 0.4.2
		Mantle DLL	mantle32.dll (9.1.10.0146)

	Device Features:
		Dynamic Memory Object Migration	Not Supported
		Multiple Color Target Clears	Not Supported
		System Memory Pinning	Not Supported
		Virtual Memory Remapping	Not Supported

	GPU Queue:
		Queue Type	Universal
		Queue Count	1
		Max Atomic Counters	4096
		Timestamps	Supported

	GPU Queue:
		Queue Type	Compute Only
		Queue Count	1
		Max Atomic Counters	8192
		Timestamps	Supported

	GPU Queue:
		Queue Type	DMA
		Queue Count	1
		Max Atomic Counters	0
		Timestamps	Not Supported

	GPU Queue:
		Queue Type	Timer
		Queue Count	1
		Max Atomic Counters	0
		Timestamps	Not Supported

	GPU Memory Heap:
		Heap Type	Local
		Heap Size	256 MB
		Page Size	64 KB
		Relative Heap Performance Rating for GPU Reads / Writes	63.000 / 37.000
		Relative Heap Performance Rating for CPU Reads / Writes	0.021 / 6.600
		CPU Uncached	Yes
		CPU Visible	Yes
		CPU Write-Combined	Yes
		CPU-GPU Cache Coherent	Yes
		Holds Pinned	No
		Shareable	No

	GPU Memory Heap:
		Heap Type	Local
		Heap Size	768 MB
		Page Size	64 KB
		Relative Heap Performance Rating for GPU Reads / Writes	63.000 / 37.000
		CPU Uncached	No
		CPU Visible	No
		CPU Write-Combined	No
		CPU-GPU Cache Coherent	No
		Holds Pinned	No
		Shareable	No

	GPU Memory Heap:
		Heap Type	Remote
		Heap Size	3911104 KB
		Page Size	64 KB
		Relative Heap Performance Rating for GPU Reads / Writes	9.400 / 3.800
		Relative Heap Performance Rating for CPU Reads / Writes	0.068 / 3.400
		CPU Uncached	Yes
		CPU Visible	Yes
		CPU Write-Combined	Yes
		CPU-GPU Cache Coherent	Yes
		Holds Pinned	No
		Shareable	Yes

	GPU Memory Heap:
		Heap Type	Remote
		Heap Size	3911104 KB
		Page Size	64 KB
		Relative Heap Performance Rating for GPU Reads / Writes	9.400 / 2.600
		Relative Heap Performance Rating for CPU Reads / Writes	5.300 / 5.400
		CPU Uncached	No
		CPU Visible	Yes
		CPU Write-Combined	No
		CPU-GPU Cache Coherent	Yes
		Holds Pinned	Yes
		Shareable	Yes

	Device Extensions:
		Total / Supported Extensions	9 / 8
		GR_ADVANCED_MSAA	Supported
		GR_BORDER_COLOR_PALETTE	Supported
		GR_CONTROL_FLOW	Supported
		GR_COPY_OCCLUSION_DATA	Supported
		GR_DMA_QUEUE	Supported
		GR_GPU_TIMESTAMP_CALIBRATION	Supported
		GR_PERF_PROFILE	Not Supported
		GR_TIMER_QUEUE	Supported
		GR_WSI_WINDOWS	Supported

	Device Manufacturer:
		Company Name	Advanced Micro Devices, Inc.
		Product Information	http://www.amd.com/en-us/products/graphics/desktop
		Driver Download	http://sites.amd.com/us/game/downloads
		Driver Update	http://www.aida64.com/driver-updates

Vulkan


[ AMD Radeon HD 7700 Series (Cape Verde) ]

	Device Properties:
		Device Name	AMD Radeon HD 7700 Series
		Device Code Name	Cape Verde
		Device Type	Discrete GPU
		Architecture	AMD GCN
		Device UUID	02-10-00-00-3F-68-00-00-B8-00-00-00-00-00-00-00
		PCI Device	1002-683F
		Memory Size	1 GB
		Max 1D Image Size	16384
		Max 2D Image Size	16384 x 16384
		Max 3D Image Size	8192 x 8192 x 8192
		Max Cube Image Size	16384 x 16384
		Max Image Layers	2048
		Max Texel Buffer Elements	4294967295
		Max Uniform Buffer Range	4294967295
		Max Storage Buffer Range	4294967295
		Max Push Constants Size	128 bytes
		Max Memory Allocation Count	4096
		Max Sampler Allocation Count	1048576
		Buffer Image Granularity	1 bytes
		Sparse Address Space Size	1099511627775 bytes
		Max Bound Descriptor Sets	32
		Max Per-Stage Descriptor Samplers	4294967295
		Max Per-Stage Descriptor Uniform Buffers	4294967295
		Max Per-Stage Descriptor Storage Buffers	4294967295
		Max Per-Stage Descriptor Sampled Images	4294967295
		Max Per-Stage Descriptor Storage Images	4294967295
		Max Per-Stage Descriptor Input Attachments	4294967295
		Max Per-Stage Resources	4294967295
		Max Descriptor Set Samplers	4294967295
		Max Descriptor Set Uniform Buffers	4294967295
		Max Descriptor Set Dynamic Uniform Buffers	8
		Max Descriptor Set Storage Buffers	4294967295
		Max Descriptor Set Dynamic Storage Buffers	8
		Max Descriptor Set Sampled Images	4294967295
		Max Descriptor Set Storage Images	4294967295
		Max Descriptor Set Input Attachments	4294967295
		Max Vertex Input Attributes	4294967295
		Max Vertex Input Bindings	32
		Max Vertex Input Attribute Offset	4294967295
		Max Vertex Input Binding Stride	16383
		Max Vertex Output Components	128
		Max Tesselation Generation Level	64
		Max Tesselation Patch Size	32
		Max Tesselation Control Per-Vertex Input Components	128
		Max Tesselation Control Per-Vertex Output Components	128
		Max Tesselation Control Per-Patch Output Components	120
		Max Tesselation Control Total Output Components	4096
		Max Tesselation Evaluation Input Components	128
		Max Tesselation Evaluation Output Components	128
		Max Geometry Shader Invocations	127
		Max Geometry Input Components	128
		Max Geometry Output Components	128
		Max Geometry Output Vertices	1024
		Max Geometry Total Output Components	16384
		Max Fragment Input Components	128
		Max Fragment Output Attachments	8
		Max Fragment DualSrc Attachments	1
		Max Fragment Combined Output Resources	4294967295
		Max Compute Shared Memory Size	32768 bytes
		Max Compute Work Group Count	X: 65535, Y: 65535, Z: 65535
		Max Compute Work Group Invocations	256
		Max Compute Work Group Size	X: 256, Y: 256, Z: 256
		Subpixel Precision Bits	8
		Subtexel Precision Bits	8
		Mipmap Precision Bits	8
		Max Draw Indexed Index Value	4294967295
		Max Draw Indirect Count	4294967295
		Max Sampler LOD Bias	15.996094
		Max Sampler Anisotropy	16.000000
		Max Viewports	16
		Max Viewport Size	16384 x 16384
		Viewport Bounds Range	-32768.000000 ... 32767.000000
		Viewport Subpixel Bits	8
		Min Memory Map Alignment	64 bytes
		Min Texel Buffer Offset Alignment	1 bytes
		Min Uniform Buffer Offset Alignment	16 bytes
		Min Storage Buffer Offset Alignment	4 bytes
		Min / Max Texel Offset	-64 / 63
		Min / Max Texel Gather Offset	-32 / 31
		Min / Max Interpolation Offset	-2.000000 / 2.000000
		Subpixel Interpolation Offset Bits	8
		Max Framebuffer Size	16384 x 16384
		Max Framebuffer Layers	2048
		Framebuffer Color Sample Counts	0x0000000F
		Framebuffer Depth Sample Counts	0x0000000F
		Framebuffer Stencil Sample Counts	0x0000000F
		Framebuffer No Attachments Sample Counts	0x0000000F
		Max Color Attachments	8
		Sampled Image Color Sample Counts	0x0000000F
		Sampled Image Integer Sample Counts	0x0000000F
		Sampled Image Depth Sample Counts	0x0000000F
		Sampled Image Stencil Sample Counts	0x0000000F
		Storage Image Sample Counts	0x0000000F
		Max Sample Mask Words	1
		Timestamp Period	37.037037 ns
		Max Clip Distances	8
		Max Cull Distances	8
		Max Combined Clip and Cull Distances	8
		Discrete Queue Priorities	2
		Point Size Range	0.000000 ... 8191.875000
		Line Width Range	0.000000 ... 8191.875000
		Point Size Granularity	0.125000
		Line Width Granularity	0.125000
		Optimal Buffer Copy Offset Alignment	1 bytes
		Optimal Buffer Copy Row Pitch Alignment	1 bytes
		Non-Coherent Atom Size	128 bytes
		Driver Version	1.3.0
		API Version	1.0.21
		Vulkan DLL	C:\WINDOWS\SysWow64\amdvlk32.dll (9.1.0.10.21.0)

	Device Features:
		Alpha To One	Not Supported
		Anisotropic Filtering	Supported
		ASTC LDR Texture Compression	Not Supported
		BC Texture Compression	Supported
		Depth Bias Clamping	Supported
		Depth Bounds Tests	Supported
		Depth Clamping	Supported
		Draw Indirect First Instance	Supported
		Dual Source Blend Operations	Supported
		ETC2 and EAC Texture Compression	Not Supported
		Fragment Stores and Atomics	Supported
		Full Draw Index Uint32	Supported
		Geometry Shader	Supported
		Image Cube Array	Supported
		Independent Blend	Supported
		Inherited Queries	Supported
		Large Points	Supported
		Logic Operations	Supported
		Multi-Draw Indirect	Supported
		Multi Viewport	Supported
		Occlusion Query Precise	Supported
		Pipeline Statistics Query	Supported
		Point and Wireframe Fill Modes	Supported
		Robust Buffer Access	Supported
		Sample Rate Shading	Supported
		Shader Clip Distance	Supported
		Shader Cull Distance	Supported
		Shader Float64	Supported
		Shader Image Gather Extended	Supported
		Shader Int16	Not Supported
		Shader Int64	Supported
		Shader Resource Min LOD	Not Supported
		Shader Resource Residency	Not Supported
		Shader Sampled Image Array Dynamic Indexing	Supported
		Shader Storage Buffer Array Dynamic Indexing	Supported
		Shader Storage Image Array Dynamic Indexing	Supported
		Shader Storage Image Extended Formats	Supported
		Shader Storage Image Multisample	Supported
		Shader Storage Image Read Without Format	Supported
		Shader Storage Image Write Without Format	Supported
		Shader Tesselation and Geometry Point Size	Supported
		Shader Uniform Buffer Array Dynamic Indexing	Supported
		Sparse Binding	Not Supported
		Sparse Residency 2 Samples	Not Supported
		Sparse Residency 4 Samples	Not Supported
		Sparse Residency 8 Samples	Not Supported
		Sparse Residency 16 Samples	Not Supported
		Sparse Residency Aliased	Not Supported
		Sparse Residency Aligned Mip Size	Yes
		Sparse Residency Buffer	Not Supported
		Sparse Residency Image 2D	Not Supported
		Sparse Residency Image 3D	Not Supported
		Sparse Residency Non-Resident Strict	No
		Sparse Residency Standard 2D Block Shape	Yes
		Sparse Residency Standard 2D Multisample Block Shape	No
		Sparse Residency Standard 3D Block Shape	No
		Standard Sample Locations	Yes
		Strict Line Rasterization	Yes
		Tesselation Shader	Supported
		Timestamps on All Graphics and Compute Queues	Supported
		Variable Multisample Rate	Supported
		Vertex Pipeline Stores and Atomics	Supported
		Wide Lines	Supported

	Queue:
		Queue Count	1
		Timestamp Valid Bits	64
		Min Image Transfer Granularity	1 x 1 x 1
		Compute Operations	Supported
		Graphics Operations	Supported
		Sparse Memory Management Operations	Supported
		Transfer Operations	Supported

	Queue:
		Queue Count	2
		Timestamp Valid Bits	64
		Min Image Transfer Granularity	1 x 1 x 1
		Compute Operations	Supported
		Graphics Operations	Not Supported
		Sparse Memory Management Operations	Supported
		Transfer Operations	Supported

	Queue:
		Queue Count	2
		Timestamp Valid Bits	0
		Min Image Transfer Granularity	8 x 8 x 1
		Compute Operations	Not Supported
		Graphics Operations	Not Supported
		Sparse Memory Management Operations	Supported
		Transfer Operations	Supported

	Memory Heap:
		Heap Type	Local
		Heap Size	768 MB
		Host Cached	No
		Host Coherent	No
		Host Visible	No
		Lazily Allocated	No

	Memory Heap:
		Heap Type	Local
		Heap Size	256 MB
		Host Cached	No
		Host Coherent	Yes
		Host Visible	Yes
		Lazily Allocated	No

	Memory Heap:
		Heap Type	Remote
		Heap Size	768 MB
		Host Cached	Yes
		Host Coherent	Yes
		Host Visible	Yes
		Lazily Allocated	No

	Device Extensions:
		VK_AMD_draw_indirect_count	Supported
		VK_AMD_gcn_shader	Supported
		VK_AMD_rasterization_order	Supported
		VK_AMD_shader_ballot	Supported
		VK_AMD_shader_explicit_vertex_parameter	Supported
		VK_AMD_shader_trinary_minmax	Supported
		VK_KHR_sampler_mirror_clamp_to_edge	Supported
		VK_KHR_swapchain	Supported

	Instance Extensions:
		VK_KHR_surface	Supported
		VK_KHR_win32_surface	Supported

	Device Manufacturer:
		Company Name	Advanced Micro Devices, Inc.
		Product Information	http://www.amd.com/en-us/products/graphics/desktop
		Driver Download	http://sites.amd.com/us/game/downloads
		Driver Update	http://www.aida64.com/driver-updates

Fonts


Font Family	Type	Style	Character Set	Char. Size	Char. Weight
@Arial Unicode MS	Swiss	Regular	Arabic	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Baltic	14 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	CHINESE_BIG5	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	CHINESE_GB2312	14 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Greek	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Hangul(Johab)	14 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Hebrew	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Japanese	14 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Turkish	14 x 43	40 %
@Arial Unicode MS	Swiss	Regular	Vietnamese	14 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 43	40 %
@Malgun Gothic Semilight	Swiss	Regular	Baltic	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	CHINESE_BIG5	31 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Cyrillic	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Greek	31 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Hangul	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Hebrew	31 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Turkish	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Vietnamese	31 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 43	30 %
@Malgun Gothic	Swiss	Regular	Hangul	15 x 43	40 %
@Malgun Gothic	Swiss	Regular	Western	15 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	Greek	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	Western	32 x 43	29 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	Greek	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	Western	32 x 41	29 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 41	40 %
@Microsoft JhengHei UI	Swiss	Regular	Greek	15 x 41	40 %
@Microsoft JhengHei UI	Swiss	Regular	Western	15 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 43	40 %
@Microsoft JhengHei	Swiss	Regular	Greek	15 x 43	40 %
@Microsoft JhengHei	Swiss	Regular	Western	15 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 41	29 %
@Microsoft YaHei Light	Swiss	Regular	CHINESE_GB2312	15 x 41	29 %
@Microsoft YaHei Light	Swiss	Regular	Cyrillic	15 x 41	29 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 41	29 %
@Microsoft YaHei Light	Swiss	Regular	Turkish	15 x 41	29 %
@Microsoft YaHei Light	Swiss	Regular	Western	15 x 41	29 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 42	29 %
@Microsoft YaHei UI Light	Swiss	Regular	CHINESE_GB2312	15 x 42	29 %
@Microsoft YaHei UI Light	Swiss	Regular	Cyrillic	15 x 42	29 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 42	29 %
@Microsoft YaHei UI Light	Swiss	Regular	Turkish	15 x 42	29 %
@Microsoft YaHei UI Light	Swiss	Regular	Western	15 x 42	29 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	CHINESE_GB2312	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	Cyrillic	15 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	Turkish	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	Western	15 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	CHINESE_GB2312	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Cyrillic	15 x 42	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Turkish	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Western	15 x 42	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@MingLiU_HKSCS-ExtB	Roman	Regular	Western	16 x 32	40 %
@MingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@MS Gothic	Modern	Regular	Baltic	16 x 32	40 %
@MS Gothic	Modern	Regular	Central European	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@MS Gothic	Modern	Regular	Greek	16 x 32	40 %
@MS Gothic	Modern	Regular	Japanese	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@MS Gothic	Modern	Regular	Western	16 x 32	40 %
@MS Mincho	Modern	Regular	Baltic	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@MS Mincho	Modern	Regular	Cyrillic	16 x 32	40 %
@MS Mincho	Modern	Regular	Greek	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@MS Mincho	Modern	Regular	Turkish	16 x 32	40 %
@MS Mincho	Modern	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
@MS PGothic	Swiss	Regular	Central European	13 x 32	40 %
@MS PGothic	Swiss	Regular	Cyrillic	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
@MS PGothic	Swiss	Regular	Japanese	13 x 32	40 %
@MS PGothic	Swiss	Regular	Turkish	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
@MS UI Gothic	Swiss	Regular	Baltic	13 x 32	40 %
@MS UI Gothic	Swiss	Regular	Central European	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
@MS UI Gothic	Swiss	Regular	Greek	13 x 32	40 %
@MS UI Gothic	Swiss	Regular	Japanese	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
@MS UI Gothic	Swiss	Regular	Western	13 x 32	40 %
@NSimSun	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@PMingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@PMingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@SimSun	Special	Regular	Western	16 x 32	40 %
@SimSun-ExtB	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
@Yu Gothic Light	Swiss	Regular	Baltic	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Central European	31 x 41	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Greek	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Japanese	31 x 41	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Western	31 x 41	30 %
@Yu Gothic Medium	Swiss	Regular	Baltic	31 x 41	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Cyrillic	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Greek	31 x 41	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Turkish	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Western	31 x 41	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Central European	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Cyrillic	17 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Japanese	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Turkish	17 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	30 %
@Yu Gothic UI Semibold	Swiss	Regular	Baltic	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Central European	19 x 43	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Greek	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Japanese	19 x 43	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Western	19 x 43	60 %
@Yu Gothic UI Semilight	Swiss	Regular	Baltic	17 x 43	35 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Cyrillic	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Greek	17 x 43	35 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Turkish	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Western	17 x 43	35 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Central European	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Cyrillic	17 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Japanese	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Turkish	17 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
@Yu Gothic	Swiss	Regular	Baltic	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Central European	31 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Greek	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Japanese	31 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Western	31 x 41	40 %
Adobe Arabic	Roman	Regular	Arabic	20 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 35	40 %
Adobe Arabic	Roman	Regular	Western	20 x 35	40 %
Adobe Caslon Pro Bold	Roman	Bold	Baltic	17 x 54	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 54	70 %
Adobe Caslon Pro Bold	Roman	Bold	Mac	17 x 54	70 %
Adobe Caslon Pro Bold	Roman	Bold	Turkish	17 x 54	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 54	70 %
Adobe Caslon Pro	Roman	Regular	Baltic	17 x 54	40 %
Adobe Caslon Pro	Roman	Regular	Central European	17 x 54	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 54	40 %
Adobe Caslon Pro	Roman	Regular	Turkish	17 x 54	40 %
Adobe Caslon Pro	Roman	Regular	Western	17 x 54	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 43	40 %
Adobe Devanagari	Roman	Regular	Western	16 x 43	40 %
Adobe Fan Heiti Std B	Swiss	B	CHINESE_BIG5	32 x 40	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 40	60 %
Adobe Fan Heiti Std B	Swiss	B	Japanese	32 x 40	60 %
Adobe Fan Heiti Std B	Swiss	B	Western	32 x 40	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 40	40 %
Adobe Fangsong Std R	Roman	R	CHINESE_GB2312	31 x 40	40 %
Adobe Fangsong Std R	Roman	R	Cyrillic	31 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 40	40 %
Adobe Fangsong Std R	Roman	R	Western	31 x 40	40 %
Adobe Garamond Pro Bold	Roman	Bold	Baltic	16 x 38	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 38	70 %
Adobe Garamond Pro Bold	Roman	Bold	Mac	16 x 38	70 %
Adobe Garamond Pro Bold	Roman	Bold	Turkish	16 x 38	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 38	70 %
Adobe Garamond Pro	Roman	Regular	Baltic	16 x 41	40 %
Adobe Garamond Pro	Roman	Regular	Central European	16 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 41	40 %
Adobe Garamond Pro	Roman	Regular	Turkish	16 x 41	40 %
Adobe Garamond Pro	Roman	Regular	Western	16 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 40	70 %
Adobe Gothic Std B	Swiss	B	Hangul(Johab)	32 x 40	70 %
Adobe Gothic Std B	Swiss	B	Hangul	32 x 40	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 40	70 %
Adobe Gothic Std B	Swiss	B	Mac	32 x 40	70 %
Adobe Gothic Std B	Swiss	B	Western	32 x 40	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 38	40 %
Adobe Gurmukhi	Modern	Regular	Western	14 x 38	40 %
Adobe Hebrew	Roman	Regular	Hebrew	15 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 40	40 %
Adobe Hebrew	Roman	Regular	Western	15 x 40	40 %
Adobe Heiti Std R	Swiss	R	Central European	31 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 40	40 %
Adobe Heiti Std R	Swiss	R	Cyrillic	31 x 40	40 %
Adobe Heiti Std R	Swiss	R	Japanese	31 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 40	40 %
Adobe Kaiti Std R	Roman	R	Central European	31 x 40	40 %
Adobe Kaiti Std R	Roman	R	CHINESE_GB2312	31 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 40	40 %
Adobe Kaiti Std R	Roman	R	Japanese	31 x 40	40 %
Adobe Kaiti Std R	Roman	R	Western	31 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 33	30 %
Adobe Ming Std L	Roman	L	Cyrillic	32 x 33	30 %
Adobe Ming Std L	Roman	L	Japanese	32 x 33	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 33	30 %
Adobe Myungjo Std M	Roman	M	Cyrillic	32 x 33	50 %
Adobe Myungjo Std M	Roman	M	Hangul(Johab)	32 x 33	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 33	50 %
Adobe Myungjo Std M	Roman	M	Japanese	32 x 33	50 %
Adobe Myungjo Std M	Roman	M	Mac	32 x 33	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 33	50 %
Adobe Naskh Medium	Modern	Medium	Arabic	20 x 51	50 %
Adobe Naskh Medium	Modern	Medium	Mac	20 x 51	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 51	50 %
Adobe Song Std L	Roman	L	Central European	31 x 37	30 %
Adobe Song Std L	Roman	L	CHINESE_GB2312	31 x 37	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 37	30 %
Adobe Song Std L	Roman	L	Japanese	31 x 37	30 %
Adobe Song Std L	Roman	L	Western	31 x 37	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	10 x 36	40 %
Algerian	Decorative	Regular	Western	17 x 36	40 %
Arial Black	Swiss	Regular	Baltic	18 x 45	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 45	90 %
Arial Black	Swiss	Regular	Cyrillic	18 x 45	90 %
Arial Black	Swiss	Regular	Greek	18 x 45	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 45	90 %
Arial Black	Swiss	Regular	Western	18 x 45	90 %
Arial Narrow	Swiss	Regular	Baltic	12 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 36	40 %
Arial Narrow	Swiss	Regular	Cyrillic	12 x 36	40 %
Arial Narrow	Swiss	Regular	Greek	12 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 36	40 %
Arial Narrow	Swiss	Regular	Western	12 x 36	40 %
Arial Rounded MT Bold	Swiss	Regular	Western	15 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Baltic	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Central European	14 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	CHINESE_GB2312	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Cyrillic	14 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Hangul(Johab)	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Hangul	14 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Japanese	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Thai	14 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Vietnamese	14 x 43	40 %
Arial Unicode MS	Swiss	Regular	Western	14 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Arial	Swiss	Regular	Baltic	14 x 36	40 %
Arial	Swiss	Regular	Central European	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Arial	Swiss	Regular	Greek	14 x 36	40 %
Arial	Swiss	Regular	Hebrew	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Arial	Swiss	Regular	Vietnamese	14 x 36	40 %
Arial	Swiss	Regular	Western	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 37	40 %
Bauhaus 93	Decorative	Regular	Western	14 x 36	40 %
Bell MT	Roman	Regular	Western	13 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	70 %
Berlin Sans FB	Swiss	Regular	Western	13 x 35	40 %
Bernard MT Condensed	Roman	Regular	Western	12 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	10 x 38	40 %
Birch Std	Script	Regular	Western	10 x 38	40 %
Blackadder ITC	Decorative	Regular	Western	10 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	39 x 43	90 %
Blackoak Std	Decorative	Regular	Western	39 x 43	90 %
Bodoni MT Black	Roman	Regular	Western	16 x 37	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	9 x 38	40 %
Bodoni MT Poster Compressed	Roman	Regular	Turkish	8 x 37	30 %
Bodoni MT Poster Compressed	Roman	Regular	Western	8 x 37	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 38	40 %
Book Antiqua	Roman	Regular	Baltic	14 x 40	40 %
Book Antiqua	Roman	Regular	Central European	14 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 40	40 %
Book Antiqua	Roman	Regular	Greek	14 x 40	40 %
Book Antiqua	Roman	Regular	Turkish	14 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 40	40 %
Bookman Old Style	Roman	Regular	Baltic	16 x 36	30 %
Bookman Old Style	Roman	Regular	Central European	16 x 36	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 36	30 %
Bookman Old Style	Roman	Regular	Greek	16 x 36	30 %
Bookman Old Style	Roman	Regular	Turkish	16 x 36	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 36	30 %
Bookshelf Symbol 7	Special	Regular	Symbol	21 x 32	40 %
Bradley Hand ITC	Script	Regular	Western	13 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 35	40 %
Broadway	Decorative	Regular	Western	17 x 36	40 %
Brush Script MT	Script	Italic	Western	10 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 37	50 %
Brush Script Std	Script	Medium	Western	17 x 37	50 %
Calibri Light	Swiss	Regular	Arabic	17 x 39	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	30 %
Calibri Light	Swiss	Regular	Central European	17 x 39	30 %
Calibri Light	Swiss	Regular	Cyrillic	17 x 39	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	30 %
Calibri Light	Swiss	Regular	Hebrew	17 x 39	30 %
Calibri Light	Swiss	Regular	Turkish	17 x 39	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	30 %
Calibri Light	Swiss	Regular	Western	17 x 39	30 %
Calibri	Swiss	Regular	Arabic	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Calibri	Swiss	Regular	Central European	17 x 39	40 %
Calibri	Swiss	Regular	Cyrillic	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Calibri	Swiss	Regular	Hebrew	17 x 39	40 %
Calibri	Swiss	Regular	Turkish	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Calibri	Swiss	Regular	Western	17 x 39	40 %
Californian FB	Roman	Regular	Western	13 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 37	40 %
Cambria Math	Roman	Regular	Baltic	20 x 179	40 %
Cambria Math	Roman	Regular	Central European	20 x 179	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 179	40 %
Cambria Math	Roman	Regular	Greek	20 x 179	40 %
Cambria Math	Roman	Regular	Turkish	20 x 179	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 179	40 %
Cambria Math	Roman	Regular	Western	20 x 179	40 %
Cambria	Roman	Regular	Baltic	20 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 38	40 %
Cambria	Roman	Regular	Cyrillic	20 x 38	40 %
Cambria	Roman	Regular	Greek	20 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 38	40 %
Cambria	Roman	Regular	Vietnamese	20 x 38	40 %
Cambria	Roman	Regular	Western	20 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Candara	Swiss	Regular	Central European	17 x 39	40 %
Candara	Swiss	Regular	Cyrillic	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Candara	Swiss	Regular	Turkish	17 x 39	40 %
Candara	Swiss	Regular	Vietnamese	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Castellar	Roman	Regular	Western	21 x 39	40 %
Centaur	Roman	Regular	Western	12 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 38	40 %
Century Gothic	Swiss	Regular	Central European	16 x 38	40 %
Century Gothic	Swiss	Regular	Cyrillic	16 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 38	40 %
Century Gothic	Swiss	Regular	Turkish	16 x 38	40 %
Century Gothic	Swiss	Regular	Western	16 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 38	40 %
Century Schoolbook	Roman	Regular	Central European	15 x 38	40 %
Century Schoolbook	Roman	Regular	Cyrillic	15 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 38	40 %
Century Schoolbook	Roman	Regular	Turkish	15 x 38	40 %
Century Schoolbook	Roman	Regular	Western	15 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 38	40 %
Century	Roman	Regular	Central European	15 x 38	40 %
Century	Roman	Regular	Cyrillic	15 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 38	40 %
Century	Roman	Regular	Turkish	15 x 38	40 %
Century	Roman	Regular	Western	15 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 38	30 %
Chaparral Pro Light	Roman	Light Italic	Central European	15 x 38	30 %
Chaparral Pro Light	Roman	Light Italic	Mac	15 x 38	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 38	30 %
Chaparral Pro Light	Roman	Light Italic	Western	15 x 38	30 %
Chaparral Pro	Roman	Regular	Baltic	16 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 38	40 %
Chaparral Pro	Roman	Regular	Mac	16 x 38	40 %
Chaparral Pro	Roman	Regular	Turkish	16 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 38	40 %
Charlemagne Std	Decorative	Bold	Mac	21 x 38	70 %
Charlemagne Std	Decorative	Bold	Western	21 x 38	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	9 x 37	40 %
Colonna MT	Decorative	Regular	Western	13 x 34	40 %
Comic Sans MS	Script	Regular	Baltic	15 x 45	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 45	40 %
Comic Sans MS	Script	Regular	Cyrillic	15 x 45	40 %
Comic Sans MS	Script	Regular	Greek	15 x 45	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 45	40 %
Comic Sans MS	Script	Regular	Western	15 x 45	40 %
Consolas	Modern	Regular	Baltic	18 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 37	40 %
Consolas	Modern	Regular	Cyrillic	18 x 37	40 %
Consolas	Modern	Regular	Greek	18 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 37	40 %
Consolas	Modern	Regular	Vietnamese	18 x 37	40 %
Consolas	Modern	Regular	Western	18 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Constantia	Roman	Regular	Central European	17 x 39	40 %
Constantia	Roman	Regular	Cyrillic	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Constantia	Roman	Regular	Turkish	17 x 39	40 %
Constantia	Roman	Regular	Vietnamese	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Cooper Black	Roman	Regular	Western	16 x 37	40 %
Copperplate Gothic Bold	Swiss	Regular	Western	19 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 35	40 %
Corbel	Swiss	Regular	Baltic	17 x 39	40 %
Corbel	Swiss	Regular	Central European	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Corbel	Swiss	Regular	Greek	17 x 39	40 %
Corbel	Swiss	Regular	Turkish	17 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 39	40 %
Corbel	Swiss	Regular	Western	17 x 39	40 %
Courier New	Modern	Regular	Arabic	19 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 36	40 %
Courier New	Modern	Regular	Central European	19 x 36	40 %
Courier New	Modern	Regular	Cyrillic	19 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 36	40 %
Courier New	Modern	Regular	Hebrew	19 x 36	40 %
Courier New	Modern	Regular	Turkish	19 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 36	40 %
Courier New	Modern	Regular	Western	19 x 36	40 %
Courier	Modern		Western	8 x 13	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 42	40 %
Didot	Special	Regular	Baltic	14 x 40	40 %
Didot	Special	Regular	Central European	14 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 40	40 %
Didot	Special	Regular	Vietnamese	14 x 40	40 %
Didot	Special	Regular	Western	14 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 43	40 %
Ebrima	Special	Regular	Central European	19 x 43	40 %
Ebrima	Special	Regular	Turkish	19 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 43	40 %
Edwardian Script ITC	Script	Regular	Western	8 x 38	40 %
Elephant	Roman	Regular	Western	16 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	25 x 37	50 %
Eras Bold ITC	Swiss	Regular	Western	16 x 37	40 %
Eras Demi ITC	Swiss	Regular	Western	15 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 36	40 %
Eras Medium ITC	Swiss	Regular	Western	14 x 36	40 %
Felix Titling	Decorative	Regular	Western	19 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	8 x 15	40 %
Footlight MT Light	Roman	Regular	Western	13 x 34	30 %
Forte	Script	Regular	Western	14 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 36	40 %
Franklin Gothic Book	Swiss	Regular	Central European	13 x 36	40 %
Franklin Gothic Book	Swiss	Regular	Cyrillic	13 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 36	40 %
Franklin Gothic Book	Swiss	Regular	Turkish	13 x 36	40 %
Franklin Gothic Book	Swiss	Regular	Western	13 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 36	40 %
Franklin Gothic Demi Cond	Swiss	Regular	Central European	12 x 36	40 %
Franklin Gothic Demi Cond	Swiss	Regular	Cyrillic	12 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 36	40 %
Franklin Gothic Demi Cond	Swiss	Regular	Turkish	12 x 36	40 %
Franklin Gothic Demi Cond	Swiss	Regular	Western	12 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Franklin Gothic Demi	Swiss	Regular	Central European	14 x 36	40 %
Franklin Gothic Demi	Swiss	Regular	Cyrillic	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Franklin Gothic Demi	Swiss	Regular	Turkish	14 x 36	40 %
Franklin Gothic Demi	Swiss	Regular	Western	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 36	40 %
Franklin Gothic Heavy	Swiss	Regular	Central European	15 x 36	40 %
Franklin Gothic Heavy	Swiss	Regular	Cyrillic	15 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 36	40 %
Franklin Gothic Heavy	Swiss	Regular	Turkish	15 x 36	40 %
Franklin Gothic Heavy	Swiss	Regular	Western	15 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 36	40 %
Franklin Gothic Medium Cond	Swiss	Regular	Central European	12 x 36	40 %
Franklin Gothic Medium Cond	Swiss	Regular	Cyrillic	12 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 36	40 %
Franklin Gothic Medium Cond	Swiss	Regular	Turkish	12 x 36	40 %
Franklin Gothic Medium Cond	Swiss	Regular	Western	12 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Central European	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Cyrillic	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Turkish	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Western	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	8 x 38	40 %
French Script MT	Script	Regular	Western	9 x 36	40 %
Gabriola	Decorative	Regular	Baltic	16 x 59	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 59	40 %
Gabriola	Decorative	Regular	Cyrillic	16 x 59	40 %
Gabriola	Decorative	Regular	Greek	16 x 59	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 59	40 %
Gabriola	Decorative	Regular	Western	16 x 59	40 %
Gadugi	Swiss	Regular	Western	18 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 36	40 %
Garamond	Roman	Regular	Central European	12 x 36	40 %
Garamond	Roman	Regular	Cyrillic	12 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 36	40 %
Garamond	Roman	Regular	Turkish	12 x 36	40 %
Garamond	Roman	Regular	Western	12 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Georgia	Roman	Regular	Central European	14 x 36	40 %
Georgia	Roman	Regular	Cyrillic	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Georgia	Roman	Regular	Turkish	14 x 36	40 %
Georgia	Roman	Regular	Western	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 44	40 %
Gill Sans MT Condensed	Swiss	Regular	Central European	10 x 39	40 %
Gill Sans MT Condensed	Swiss	Regular	Western	10 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	7 x 38	40 %
Gill Sans MT Ext Condensed Bold	Swiss	Regular	Western	7 x 38	40 %
Gill Sans MT	Swiss	Regular	Central European	13 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 37	40 %
Gill Sans Ultra Bold Condensed	Swiss	Regular	Central European	14 x 40	40 %
Gill Sans Ultra Bold Condensed	Swiss	Regular	Western	14 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 40	40 %
Gill Sans Ultra Bold	Swiss	Regular	Western	20 x 40	40 %
Gloucester MT Extra Condensed	Roman	Regular	Western	9 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 36	40 %
Goudy Stout	Roman	Regular	Western	36 x 44	40 %
Haettenschweiler	Swiss	Regular	Baltic	10 x 33	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	10 x 33	40 %
Haettenschweiler	Swiss	Regular	Cyrillic	10 x 33	40 %
Haettenschweiler	Swiss	Regular	Greek	10 x 33	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	10 x 33	40 %
Haettenschweiler	Swiss	Regular	Western	10 x 33	40 %
Harlow Solid Italic	Decorative	Italic	Western	12 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 38	40 %
Helvetica-Compressed	Roman	Regular	Vietnamese	13 x 41	40 %
Helvetica-Compressed	Roman	Regular	Western	13 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 37	40 %
Hobo Std	Swiss	Medium	Mac	18 x 45	50 %
Hobo Std	Swiss	Medium	Western	18 x 45	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 39	40 %
Impact	Swiss	Regular	Central European	19 x 39	40 %
Impact	Swiss	Regular	Cyrillic	19 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 39	40 %
Impact	Swiss	Regular	Turkish	19 x 39	40 %
Impact	Swiss	Regular	Western	19 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 38	40 %
Informal Roman	Script	Regular	Western	12 x 32	40 %
Javanese Text	Special	Regular	Western	26 x 73	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 48	40 %
Juice ITC	Decorative	Regular	Western	9 x 36	40 %
Kozuka Gothic Pr6N B	Swiss	B	Baltic	31 x 59	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 59	70 %
Kozuka Gothic Pr6N B	Swiss	B	Cyrillic	31 x 59	70 %
Kozuka Gothic Pr6N B	Swiss	B	Greek	31 x 59	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 59	70 %
Kozuka Gothic Pr6N B	Swiss	B	Mac	31 x 59	70 %
Kozuka Gothic Pr6N B	Swiss	B	Turkish	31 x 59	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 59	70 %
Kozuka Gothic Pr6N EL	Swiss	EL	Baltic	31 x 55	25 %
Kozuka Gothic Pr6N EL	Swiss	EL	Central European	31 x 55	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 55	25 %
Kozuka Gothic Pr6N EL	Swiss	EL	Greek	31 x 55	25 %
Kozuka Gothic Pr6N EL	Swiss	EL	Japanese	31 x 55	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 55	25 %
Kozuka Gothic Pr6N EL	Swiss	EL	Turkish	31 x 55	25 %
Kozuka Gothic Pr6N EL	Swiss	EL	Western	31 x 55	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 59	90 %
Kozuka Gothic Pr6N H	Swiss	H	Central European	31 x 59	90 %
Kozuka Gothic Pr6N H	Swiss	H	Cyrillic	31 x 59	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 59	90 %
Kozuka Gothic Pr6N H	Swiss	H	Japanese	31 x 59	90 %
Kozuka Gothic Pr6N H	Swiss	H	Mac	31 x 59	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 59	90 %
Kozuka Gothic Pr6N H	Swiss	H	Western	31 x 59	90 %
Kozuka Gothic Pr6N L	Swiss	L	Baltic	31 x 56	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 56	30 %
Kozuka Gothic Pr6N L	Swiss	L	Cyrillic	31 x 56	30 %
Kozuka Gothic Pr6N L	Swiss	L	Greek	31 x 56	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 56	30 %
Kozuka Gothic Pr6N L	Swiss	L	Mac	31 x 56	30 %
Kozuka Gothic Pr6N L	Swiss	L	Turkish	31 x 56	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 56	30 %
Kozuka Gothic Pr6N M	Swiss	M	Baltic	31 x 57	50 %
Kozuka Gothic Pr6N M	Swiss	M	Central European	31 x 57	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 57	50 %
Kozuka Gothic Pr6N M	Swiss	M	Greek	31 x 57	50 %
Kozuka Gothic Pr6N M	Swiss	M	Japanese	31 x 57	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 57	50 %
Kozuka Gothic Pr6N M	Swiss	M	Turkish	31 x 57	50 %
Kozuka Gothic Pr6N M	Swiss	M	Western	31 x 57	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 56	40 %
Kozuka Gothic Pr6N R	Swiss	R	Central European	31 x 56	40 %
Kozuka Gothic Pr6N R	Swiss	R	Cyrillic	31 x 56	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 56	40 %
Kozuka Gothic Pr6N R	Swiss	R	Japanese	31 x 56	40 %
Kozuka Gothic Pr6N R	Swiss	R	Mac	31 x 56	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 56	40 %
Kozuka Gothic Pr6N R	Swiss	R	Western	31 x 56	40 %
Kozuka Gothic Pro B	Swiss	B	Cyrillic	31 x 45	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 45	70 %
Kozuka Gothic Pro B	Swiss	B	Mac	31 x 45	70 %
Kozuka Gothic Pro B	Swiss	B	Western	31 x 45	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 42	25 %
Kozuka Gothic Pro EL	Swiss	EL	Japanese	31 x 42	25 %
Kozuka Gothic Pro EL	Swiss	EL	Mac	31 x 42	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 42	25 %
Kozuka Gothic Pro H	Swiss	H	Cyrillic	31 x 46	90 %
Kozuka Gothic Pro H	Swiss	H	Japanese	31 x 46	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 46	90 %
Kozuka Gothic Pro H	Swiss	H	Western	31 x 46	90 %
Kozuka Gothic Pro L	Swiss	L	Cyrillic	31 x 42	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 42	30 %
Kozuka Gothic Pro L	Swiss	L	Mac	31 x 42	30 %
Kozuka Gothic Pro L	Swiss	L	Western	31 x 42	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 44	50 %
Kozuka Gothic Pro M	Swiss	M	Japanese	31 x 44	50 %
Kozuka Gothic Pro M	Swiss	M	Mac	31 x 44	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 44	50 %
Kozuka Gothic Pro R	Swiss	R	Cyrillic	31 x 43	40 %
Kozuka Gothic Pro R	Swiss	R	Japanese	31 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 43	40 %
Kozuka Gothic Pro R	Swiss	R	Western	31 x 43	40 %
Kozuka Mincho Pr6N B	Roman	B	Baltic	31 x 54	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 54	70 %
Kozuka Mincho Pr6N B	Roman	B	Cyrillic	31 x 54	70 %
Kozuka Mincho Pr6N B	Roman	B	Greek	31 x 54	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 54	70 %
Kozuka Mincho Pr6N B	Roman	B	Mac	31 x 54	70 %
Kozuka Mincho Pr6N B	Roman	B	Turkish	31 x 54	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 54	70 %
Kozuka Mincho Pr6N EL	Roman	EL	Baltic	31 x 52	25 %
Kozuka Mincho Pr6N EL	Roman	EL	Central European	31 x 52	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 52	25 %
Kozuka Mincho Pr6N EL	Roman	EL	Greek	31 x 52	25 %
Kozuka Mincho Pr6N EL	Roman	EL	Japanese	31 x 52	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 52	25 %
Kozuka Mincho Pr6N EL	Roman	EL	Turkish	31 x 52	25 %
Kozuka Mincho Pr6N EL	Roman	EL	Western	31 x 52	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 55	90 %
Kozuka Mincho Pr6N H	Roman	H	Central European	31 x 55	90 %
Kozuka Mincho Pr6N H	Roman	H	Cyrillic	31 x 55	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 55	90 %
Kozuka Mincho Pr6N H	Roman	H	Japanese	31 x 55	90 %
Kozuka Mincho Pr6N H	Roman	H	Mac	31 x 55	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 55	90 %
Kozuka Mincho Pr6N H	Roman	H	Western	31 x 55	90 %
Kozuka Mincho Pr6N L	Roman	L	Baltic	31 x 53	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	30 %
Kozuka Mincho Pr6N L	Roman	L	Cyrillic	31 x 53	30 %
Kozuka Mincho Pr6N L	Roman	L	Greek	31 x 53	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	30 %
Kozuka Mincho Pr6N L	Roman	L	Mac	31 x 53	30 %
Kozuka Mincho Pr6N L	Roman	L	Turkish	31 x 53	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	30 %
Kozuka Mincho Pr6N M	Roman	M	Baltic	31 x 53	50 %
Kozuka Mincho Pr6N M	Roman	M	Central European	31 x 53	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	50 %
Kozuka Mincho Pr6N M	Roman	M	Greek	31 x 53	50 %
Kozuka Mincho Pr6N M	Roman	M	Japanese	31 x 53	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	50 %
Kozuka Mincho Pr6N M	Roman	M	Turkish	31 x 53	50 %
Kozuka Mincho Pr6N M	Roman	M	Western	31 x 53	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	40 %
Kozuka Mincho Pr6N R	Roman	R	Central European	31 x 53	40 %
Kozuka Mincho Pr6N R	Roman	R	Cyrillic	31 x 53	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	40 %
Kozuka Mincho Pr6N R	Roman	R	Japanese	31 x 53	40 %
Kozuka Mincho Pr6N R	Roman	R	Mac	31 x 53	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 53	40 %
Kozuka Mincho Pr6N R	Roman	R	Western	31 x 53	40 %
Kozuka Mincho Pro B	Roman	B	Cyrillic	31 x 44	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 44	70 %
Kozuka Mincho Pro B	Roman	B	Mac	31 x 44	70 %
Kozuka Mincho Pro B	Roman	B	Western	31 x 44	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 43	25 %
Kozuka Mincho Pro EL	Roman	EL	Japanese	31 x 43	25 %
Kozuka Mincho Pro EL	Roman	EL	Mac	31 x 43	25 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 43	25 %
Kozuka Mincho Pro H	Roman	H	Cyrillic	31 x 44	90 %
Kozuka Mincho Pro H	Roman	H	Japanese	31 x 44	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 44	90 %
Kozuka Mincho Pro H	Roman	H	Western	31 x 44	90 %
Kozuka Mincho Pro L	Roman	L	Cyrillic	31 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 43	30 %
Kozuka Mincho Pro L	Roman	L	Mac	31 x 43	30 %
Kozuka Mincho Pro L	Roman	L	Western	31 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 43	50 %
Kozuka Mincho Pro M	Roman	M	Japanese	31 x 43	50 %
Kozuka Mincho Pro M	Roman	M	Mac	31 x 43	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 43	50 %
Kozuka Mincho Pro R	Roman	R	Cyrillic	31 x 43	40 %
Kozuka Mincho Pro R	Roman	R	Japanese	31 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 43	40 %
Kozuka Mincho Pro R	Roman	R	Western	31 x 43	40 %
Kristen ITC	Script	Regular	Western	16 x 44	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	8 x 35	40 %
Leelawadee UI Semilight	Swiss	Regular	Thai	17 x 43	35 %
Leelawadee UI Semilight	Swiss	Regular	Vietnamese	17 x 43	35 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	35 %
Leelawadee UI	Swiss	Regular	Thai	17 x 43	40 %
Leelawadee UI	Swiss	Regular	Vietnamese	17 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
Letter Gothic Std	Modern	Medium	Mac	19 x 39	40 %
Letter Gothic Std	Modern	Medium	Western	19 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 38	40 %
Lithos Pro Regular	Decorative	Regular	Central European	20 x 38	40 %
Lithos Pro Regular	Decorative	Regular	Greek	20 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 38	40 %
Lithos Pro Regular	Decorative	Regular	Turkish	20 x 38	40 %
Lithos Pro Regular	Decorative	Regular	Western	20 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 36	40 %
Lucida Calligraphy	Script	Italic	Western	17 x 40	40 %
Lucida Console	Modern	Regular	Central European	19 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 32	40 %
Lucida Console	Modern	Regular	Greek	19 x 32	40 %
Lucida Console	Modern	Regular	Turkish	19 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 32	40 %
Lucida Fax	Roman	Regular	Western	16 x 37	40 %
Lucida Handwriting	Script	Italic	Western	18 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 36	40 %
Lucida Sans Unicode	Swiss	Regular	Baltic	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Central European	16 x 49	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Greek	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Hebrew	16 x 49	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Western	16 x 49	40 %
Lucida Sans	Swiss	Regular	Western	16 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 39	70 %
Maiandra GD	Swiss	Regular	Western	14 x 38	40 %
Malgun Gothic Semilight	Swiss	Regular	Baltic	31 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	CHINESE_GB2312	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Cyrillic	31 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Hangul(Johab)	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Hangul	31 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Japanese	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Turkish	31 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Western	31 x 43	30 %
Malgun Gothic	Swiss	Regular	Hangul	15 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 43	40 %
Marlett	Special	Regular	Symbol	31 x 32	50 %
Matura MT Script Capitals	Script	Regular	Western	14 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
Microsoft JhengHei Light	Swiss	Regular	CHINESE_BIG5	32 x 43	29 %
Microsoft JhengHei Light	Swiss	Regular	Greek	32 x 43	29 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 43	29 %
Microsoft JhengHei UI Light	Swiss	Regular	CHINESE_BIG5	32 x 41	29 %
Microsoft JhengHei UI Light	Swiss	Regular	Greek	32 x 41	29 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	32 x 41	29 %
Microsoft JhengHei UI	Swiss	Regular	CHINESE_BIG5	15 x 41	40 %
Microsoft JhengHei UI	Swiss	Regular	Greek	15 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 41	40 %
Microsoft JhengHei	Swiss	Regular	CHINESE_BIG5	15 x 43	40 %
Microsoft JhengHei	Swiss	Regular	Greek	15 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 43	40 %
Microsoft New Tai Lue	Swiss	Regular	Western	19 x 42	40 %
Microsoft PhagsPa	Swiss	Regular	Western	24 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Baltic	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Central European	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Greek	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Hebrew	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Turkish	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Vietnamese	14 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 36	40 %
Microsoft Tai Le	Swiss	Regular	Western	19 x 41	40 %
Microsoft YaHei Light	Swiss	Regular	Central European	15 x 41	29 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 41	29 %
Microsoft YaHei Light	Swiss	Regular	Cyrillic	15 x 41	29 %
Microsoft YaHei Light	Swiss	Regular	Greek	15 x 41	29 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 41	29 %
Microsoft YaHei Light	Swiss	Regular	Western	15 x 41	29 %
Microsoft YaHei UI Light	Swiss	Regular	Central European	15 x 42	29 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 42	29 %
Microsoft YaHei UI Light	Swiss	Regular	Cyrillic	15 x 42	29 %
Microsoft YaHei UI Light	Swiss	Regular	Greek	15 x 42	29 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 42	29 %
Microsoft YaHei UI Light	Swiss	Regular	Western	15 x 42	29 %
Microsoft YaHei UI	Swiss	Regular	Central European	15 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	Cyrillic	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	Greek	15 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	Western	15 x 41	40 %
Microsoft YaHei	Swiss	Regular	Central European	15 x 42	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Cyrillic	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Greek	15 x 42	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Western	15 x 42	40 %
Microsoft Yi Baiti	Script	Regular	Western	21 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
MingLiU_HKSCS-ExtB	Roman	Regular	Western	16 x 32	40 %
MingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
Minion Pro Cond	Roman	Bold Cond	Baltic	17 x 44	70 %
Minion Pro Cond	Roman	Bold Cond	Central European	17 x 44	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 44	70 %
Minion Pro Cond	Roman	Bold Cond	Greek	17 x 44	70 %
Minion Pro Cond	Roman	Bold Cond	Mac	17 x 44	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 44	70 %
Minion Pro Cond	Roman	Bold Cond	Western	17 x 44	70 %
Minion Pro Med	Roman	Medium	Baltic	17 x 43	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	50 %
Minion Pro Med	Roman	Medium	Cyrillic	17 x 43	50 %
Minion Pro Med	Roman	Medium	Greek	17 x 43	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	50 %
Minion Pro Med	Roman	Medium	Turkish	17 x 43	50 %
Minion Pro Med	Roman	Medium	Western	17 x 43	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 44	60 %
Minion Pro SmBd	Roman	Semibold	Central European	18 x 44	60 %
Minion Pro SmBd	Roman	Semibold	Cyrillic	18 x 44	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 44	60 %
Minion Pro SmBd	Roman	Semibold	Mac	18 x 44	60 %
Minion Pro SmBd	Roman	Semibold	Turkish	18 x 44	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 44	60 %
Minion Pro	Roman	Regular	Baltic	17 x 43	40 %
Minion Pro	Roman	Regular	Central European	17 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
Minion Pro	Roman	Regular	Greek	17 x 43	40 %
Minion Pro	Roman	Regular	Mac	17 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
Minion Pro	Roman	Regular	Western	17 x 43	40 %
Mistral	Script	Regular	Baltic	10 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	10 x 39	40 %
Mistral	Script	Regular	Cyrillic	10 x 39	40 %
Mistral	Script	Regular	Greek	10 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	10 x 39	40 %
Mistral	Script	Regular	Western	10 x 39	40 %
Modern No. 20	Roman	Regular	Western	13 x 33	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 37	40 %
Mongolian Baiti	Script	Regular	Western	14 x 34	40 %
Monotype Corsiva	Script	Regular	Baltic	11 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	11 x 35	40 %
Monotype Corsiva	Script	Regular	Cyrillic	11 x 35	40 %
Monotype Corsiva	Script	Regular	Greek	11 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	11 x 35	40 %
Monotype Corsiva	Script	Regular	Western	11 x 35	40 %
MS Gothic	Modern	Regular	Baltic	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
MS Gothic	Modern	Regular	Cyrillic	16 x 32	40 %
MS Gothic	Modern	Regular	Greek	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
MS Gothic	Modern	Regular	Turkish	16 x 32	40 %
MS Gothic	Modern	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
MS Mincho	Modern	Regular	Central European	16 x 32	40 %
MS Mincho	Modern	Regular	Cyrillic	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
MS Mincho	Modern	Regular	Japanese	16 x 32	40 %
MS Mincho	Modern	Regular	Turkish	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
MS Outlook	Special	Regular	Symbol	31 x 33	40 %
MS PGothic	Swiss	Regular	Baltic	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
MS PGothic	Swiss	Regular	Cyrillic	13 x 32	40 %
MS PGothic	Swiss	Regular	Greek	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
MS PGothic	Swiss	Regular	Turkish	13 x 32	40 %
MS PGothic	Swiss	Regular	Western	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 39	40 %
MS Reference Sans Serif	Swiss	Regular	Central European	16 x 39	40 %
MS Reference Sans Serif	Swiss	Regular	Cyrillic	16 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 39	40 %
MS Reference Sans Serif	Swiss	Regular	Turkish	16 x 39	40 %
MS Reference Sans Serif	Swiss	Regular	Vietnamese	16 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 39	40 %
MS Reference Specialty	Special	Regular	Symbol	23 x 39	40 %
MS Sans Serif	Swiss		Western	5 x 13	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	5 x 13	40 %
MS UI Gothic	Swiss	Regular	Baltic	13 x 32	40 %
MS UI Gothic	Swiss	Regular	Central European	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
MS UI Gothic	Swiss	Regular	Greek	13 x 32	40 %
MS UI Gothic	Swiss	Regular	Japanese	13 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 32	40 %
MS UI Gothic	Swiss	Regular	Western	13 x 32	40 %
MT Extra	Roman	Regular	Symbol	20 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 52	40 %
Myanmar Text	Swiss	Regular	Western	18 x 60	40 %
Myriad Arabic	Modern	Regular	Arabic	13 x 44	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 44	40 %
Myriad Arabic	Modern	Regular	Mac	13 x 44	40 %
Myriad Arabic	Modern	Regular	Western	13 x 44	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 39	40 %
Myriad Hebrew	Modern	Regular	Hebrew	14 x 39	40 %
Myriad Hebrew	Modern	Regular	Mac	14 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 39	40 %
Myriad Pro Cond	Swiss	Condensed	Baltic	12 x 38	40 %
Myriad Pro Cond	Swiss	Condensed	Central European	12 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 38	40 %
Myriad Pro Cond	Swiss	Condensed	Greek	12 x 38	40 %
Myriad Pro Cond	Swiss	Condensed	Mac	12 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 38	40 %
Myriad Pro Cond	Swiss	Condensed	Western	12 x 38	40 %
Myriad Pro Light	Swiss	Semibold	Baltic	16 x 39	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 39	60 %
Myriad Pro Light	Swiss	Semibold	Cyrillic	16 x 39	60 %
Myriad Pro Light	Swiss	Semibold	Greek	16 x 39	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 39	60 %
Myriad Pro Light	Swiss	Semibold	Turkish	16 x 39	60 %
Myriad Pro Light	Swiss	Semibold	Western	16 x 39	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 38	40 %
Myriad Pro	Swiss	Regular	Central European	15 x 38	40 %
Myriad Pro	Swiss	Regular	Cyrillic	15 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 38	40 %
Myriad Pro	Swiss	Regular	Mac	15 x 38	40 %
Myriad Pro	Swiss	Regular	Turkish	15 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 38	40 %
Niagara Engraved	Decorative	Regular	Western	8 x 34	40 %
Niagara Solid	Decorative	Regular	Western	8 x 34	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	35 %
Nirmala UI	Swiss	Regular	Western	31 x 43	40 %
NSimSun	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
Nueva Std Cond	Swiss	Condensed	Mac	10 x 32	40 %
Nueva Std Cond	Swiss	Condensed	Western	10 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 33	70 %
Nueva Std	Swiss	Bold	Western	15 x 33	70 %
OCR A Extended	Modern	Regular	Western	19 x 33	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	23 x 34	40 %
OCR A Std	Modern	Regular	Western	23 x 34	40 %
Old English Text MT	Script	Regular	Western	12 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	8 x 37	40 %
Orator Std	Modern	Medium	Mac	19 x 43	40 %
Orator Std	Modern	Medium	Western	19 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	7 x 30	40 %
Palatino Linotype	Roman	Regular	Baltic	14 x 43	40 %
Palatino Linotype	Roman	Regular	Central European	14 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 43	40 %
Palatino Linotype	Roman	Regular	Greek	14 x 43	40 %
Palatino Linotype	Roman	Regular	Turkish	14 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 43	40 %
Palatino Linotype	Roman	Regular	Western	14 x 43	40 %
Papyrus	Script	Regular	Western	13 x 50	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	6 x 34	40 %
Perpetua Titling MT	Roman	Light	Western	19 x 38	30 %
Perpetua	Roman	Regular	Western	12 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	8 x 32	40 %
PMingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
PMingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 36	40 %
Poplar Std	Decorative	Black	Mac	13 x 38	70 %
Poplar Std	Decorative	Black	Western	13 x 38	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 36	70 %
Prestige Elite Std	Modern	Bold	Western	19 x 36	70 %
Pristina	Script	Regular	Western	10 x 42	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	11 x 40	40 %
Ravie	Decorative	Regular	Western	22 x 43	40 %
Rockwell Condensed	Roman	Regular	Western	11 x 38	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 38	80 %
Rockwell	Roman	Regular	Western	15 x 38	40 %
Roman	Roman		OEM/DOS	22 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 39	70 %
Script	Script		OEM/DOS	16 x 36	40 %
Segoe MDL2 Assets	Roman	Regular	Western	33 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	21 x 56	40 %
Segoe Print	Special	Regular	Central European	21 x 56	40 %
Segoe Print	Special	Regular	Cyrillic	21 x 56	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	21 x 56	40 %
Segoe Print	Special	Regular	Turkish	21 x 56	40 %
Segoe Print	Special	Regular	Western	21 x 56	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	22 x 51	40 %
Segoe Script	Script	Regular	Central European	22 x 51	40 %
Segoe Script	Script	Regular	Cyrillic	22 x 51	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	22 x 51	40 %
Segoe Script	Script	Regular	Turkish	22 x 51	40 %
Segoe Script	Script	Regular	Western	22 x 51	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Central European	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Cyrillic	20 x 43	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Turkish	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Vietnamese	20 x 43	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	20 x 43	90 %
Segoe UI Emoji	Swiss	Regular	Western	40 x 43	40 %
Segoe UI Historic	Swiss	Regular	Western	27 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Baltic	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Central European	17 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Greek	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Hebrew	17 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Vietnamese	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Western	17 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Baltic	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Central European	18 x 43	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Greek	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Hebrew	18 x 43	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Vietnamese	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Western	18 x 43	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Baltic	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Central European	17 x 43	35 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Greek	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Hebrew	17 x 43	35 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Vietnamese	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Western	17 x 43	35 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	23 x 43	40 %
Segoe UI	Swiss	Regular	Arabic	17 x 43	40 %
Segoe UI	Swiss	Regular	Baltic	17 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
Segoe UI	Swiss	Regular	Cyrillic	17 x 43	40 %
Segoe UI	Swiss	Regular	Greek	17 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
Segoe UI	Swiss	Regular	Turkish	17 x 43	40 %
Segoe UI	Swiss	Regular	Vietnamese	17 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
Showcard Gothic	Decorative	Regular	Western	18 x 40	40 %
SimSun	Special	Regular	CHINESE_GB2312	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 32	40 %
SimSun-ExtB	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
SimSun-ExtB	Modern	Regular	Western	16 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 46	40 %
Sitka Banner	Special	Regular	Central European	16 x 46	40 %
Sitka Banner	Special	Regular	Cyrillic	16 x 46	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 46	40 %
Sitka Banner	Special	Regular	Turkish	16 x 46	40 %
Sitka Banner	Special	Regular	Vietnamese	16 x 46	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 46	40 %
Sitka Display	Special	Regular	Baltic	17 x 46	40 %
Sitka Display	Special	Regular	Central European	17 x 46	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 46	40 %
Sitka Display	Special	Regular	Greek	17 x 46	40 %
Sitka Display	Special	Regular	Turkish	17 x 46	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 46	40 %
Sitka Display	Special	Regular	Western	17 x 46	40 %
Sitka Heading	Special	Regular	Baltic	17 x 46	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 46	40 %
Sitka Heading	Special	Regular	Cyrillic	17 x 46	40 %
Sitka Heading	Special	Regular	Greek	17 x 46	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 46	40 %
Sitka Heading	Special	Regular	Vietnamese	17 x 46	40 %
Sitka Heading	Special	Regular	Western	17 x 46	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	21 x 47	40 %
Sitka Small	Special	Regular	Central European	21 x 47	40 %
Sitka Small	Special	Regular	Cyrillic	21 x 47	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	21 x 47	40 %
Sitka Small	Special	Regular	Turkish	21 x 47	40 %
Sitka Small	Special	Regular	Vietnamese	21 x 47	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	21 x 47	40 %
Sitka Subheading	Special	Regular	Baltic	18 x 46	40 %
Sitka Subheading	Special	Regular	Central European	18 x 46	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 46	40 %
Sitka Subheading	Special	Regular	Greek	18 x 46	40 %
Sitka Subheading	Special	Regular	Turkish	18 x 46	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 46	40 %
Sitka Subheading	Special	Regular	Western	18 x 46	40 %
Sitka Text	Special	Regular	Baltic	19 x 46	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 46	40 %
Sitka Text	Special	Regular	Cyrillic	19 x 46	40 %
Sitka Text	Special	Regular	Greek	19 x 46	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 46	40 %
Sitka Text	Special	Regular	Vietnamese	19 x 46	40 %
Sitka Text	Special	Regular	Western	19 x 46	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	1 x 3	40 %
Snap ITC	Decorative	Regular	Western	19 x 41	40 %
Source Sans Pro Black	Swiss	Black	Baltic	15 x 40	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 40	90 %
Source Sans Pro Black	Swiss	Black	Mac	15 x 40	90 %
Source Sans Pro Black	Swiss	Black	Turkish	15 x 40	90 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 40	90 %
Source Sans Pro ExtraLight	Swiss	ExtraLight	Baltic	14 x 40	20 %
Source Sans Pro ExtraLight	Swiss	ExtraLight	Central European	14 x 40	20 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 40	20 %
Source Sans Pro ExtraLight	Swiss	ExtraLight	Turkish	14 x 40	20 %
Source Sans Pro ExtraLight	Swiss	ExtraLight	Western	14 x 40	20 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 40	30 %
Source Sans Pro Light	Swiss	Light	Central European	14 x 40	30 %
Source Sans Pro Light	Swiss	Light	Mac	14 x 40	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 40	30 %
Source Sans Pro Light	Swiss	Light	Western	14 x 40	30 %
Source Sans Pro Semibold	Swiss	Semibold	Baltic	15 x 40	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 40	60 %
Source Sans Pro Semibold	Swiss	Semibold	Mac	15 x 40	60 %
Source Sans Pro Semibold	Swiss	Semibold	Turkish	15 x 40	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 40	60 %
Source Sans Pro	Swiss	Regular	Baltic	14 x 40	40 %
Source Sans Pro	Swiss	Regular	Central European	14 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 40	40 %
Source Sans Pro	Swiss	Regular	Turkish	14 x 40	40 %
Source Sans Pro	Swiss	Regular	Western	14 x 40	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	18 x 38	40 %
Sylfaen	Roman	Regular	Baltic	13 x 42	40 %
Sylfaen	Roman	Regular	Central European	13 x 42	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 42	40 %
Sylfaen	Roman	Regular	Greek	13 x 42	40 %
Sylfaen	Roman	Regular	Turkish	13 x 42	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 42	40 %
Symbol	Roman	Regular	Symbol	19 x 39	40 %
System	Swiss		Western	7 x 16	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 39	40 %
Tahoma	Swiss	Regular	Baltic	14 x 39	40 %
Tahoma	Swiss	Regular	Central European	14 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 39	40 %
Tahoma	Swiss	Regular	Greek	14 x 39	40 %
Tahoma	Swiss	Regular	Hebrew	14 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 39	40 %
Tahoma	Swiss	Regular	Turkish	14 x 39	40 %
Tahoma	Swiss	Regular	Vietnamese	14 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	14 x 39	40 %
Tekton Pro Cond	Swiss	Bold Condensed	Baltic	12 x 39	70 %
Tekton Pro Cond	Swiss	Bold Condensed	Central European	12 x 39	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	12 x 39	70 %
Tekton Pro Cond	Swiss	Bold Condensed	Turkish	12 x 39	70 %
Tekton Pro Cond	Swiss	Bold Condensed	Western	12 x 39	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 39	70 %
Tekton Pro Ext	Swiss	Bold Extended	Central European	19 x 39	70 %
Tekton Pro Ext	Swiss	Bold Extended	Mac	19 x 39	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 39	70 %
Tekton Pro Ext	Swiss	Bold Extended	Western	19 x 39	70 %
Tekton Pro	Swiss	Bold	Baltic	15 x 39	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 39	70 %
Tekton Pro	Swiss	Bold	Mac	15 x 39	70 %
Tekton Pro	Swiss	Bold	Turkish	15 x 39	70 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 39	70 %
Tempus Sans ITC	Decorative	Regular	Western	13 x 42	40 %
Terminal	Modern		OEM/DOS	8 x 12	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 35	40 %
Times New Roman	Roman	Regular	Baltic	13 x 35	40 %
Times New Roman	Roman	Regular	Central European	13 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 35	40 %
Times New Roman	Roman	Regular	Greek	13 x 35	40 %
Times New Roman	Roman	Regular	Hebrew	13 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 35	40 %
Times New Roman	Roman	Regular	Vietnamese	13 x 35	40 %
Times New Roman	Roman	Regular	Western	13 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	21 x 47	40 %
Trajan Pro 3	Roman	Regular	Central European	21 x 47	40 %
Trajan Pro 3	Roman	Regular	Cyrillic	21 x 47	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	21 x 47	40 %
Trajan Pro 3	Roman	Regular	Mac	21 x 47	40 %
Trajan Pro 3	Roman	Regular	Turkish	21 x 47	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	21 x 47	40 %
Trebuchet MS	Swiss	Regular	Baltic	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Central European	15 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Greek	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Turkish	15 x 37	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	15 x 37	40 %
Tw Cen MT Condensed Extra Bold	Swiss	Regular	Central European	12 x 35	40 %
Tw Cen MT Condensed Extra Bold	Swiss	Regular	Western	12 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	10 x 34	40 %
Tw Cen MT Condensed	Swiss	Regular	Western	10 x 34	40 %
Tw Cen MT	Swiss	Regular	Central European	13 x 35	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	13 x 35	40 %
Verdana	Swiss	Regular	Baltic	16 x 39	40 %
Verdana	Swiss	Regular	Central European	16 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 39	40 %
Verdana	Swiss	Regular	Greek	16 x 39	40 %
Verdana	Swiss	Regular	Turkish	16 x 39	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	16 x 39	40 %
Verdana	Swiss	Regular	Western	16 x 39	40 %
Viner Hand ITC	Script	Regular	Western	15 x 52	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	9 x 38	40 %
Vladimir Script	Script	Regular	Western	10 x 39	40 %
Webdings	Roman	Regular	Symbol	31 x 32	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	26 x 39	40 %
Wingdings 2	Roman	Regular	Symbol	27 x 34	40 %
Wingdings 3	Roman	Regular	Symbol	25 x 36	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	28 x 36	40 %
Yu Gothic Light	Swiss	Regular	Baltic	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Central European	31 x 41	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Greek	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Japanese	31 x 41	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Western	31 x 41	30 %
Yu Gothic Medium	Swiss	Regular	Baltic	31 x 41	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Cyrillic	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Greek	31 x 41	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Turkish	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Western	31 x 41	50 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Central European	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Cyrillic	17 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Japanese	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Turkish	17 x 43	30 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	30 %
Yu Gothic UI Semibold	Swiss	Regular	Baltic	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Central European	19 x 43	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Greek	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Japanese	19 x 43	60 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Western	19 x 43	60 %
Yu Gothic UI Semilight	Swiss	Regular	Baltic	17 x 43	35 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Cyrillic	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Greek	17 x 43	35 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Turkish	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Western	17 x 43	35 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Central European	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Cyrillic	17 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Japanese	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Turkish	17 x 43	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	17 x 43	40 %
Yu Gothic	Swiss	Regular	Baltic	31 x 41	40 %
Yu Gothic	Swiss	Regular	Central European	31 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 41	40 %
Yu Gothic	Swiss	Regular	Greek	31 x 41	40 %
Yu Gothic	Swiss	Regular	Japanese	31 x 41	40 %
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	31 x 41	40 %
Yu Gothic	Swiss	Regular	Western	31 x 41	40 %

Windows Audio


Device	Identifier	Device Description
midi-out.0	0001 001B	Microsoft GS Wavetable Synth
mixer.0	0001 FFFF	Speakers (High Definition Audio
mixer.1	0001 0068	1 - LG ULTRAWIDE (AMD High Defi
mixer.2	0001 FFFF	Digital Audio (S/PDIF) (High De
wave-out.0	0001 FFFF	Speakers (High Definition Audio
wave-out.1	0001 0064	1 - LG ULTRAWIDE (AMD High Defi
wave-out.2	0001 FFFF	Digital Audio (S/PDIF) (High De

PCI / PnP Audio


		Device Description	Type
		ATI Radeon HDMI @ AMD Cape Verde/Pitcairn/Curacao/Heathrow/Chelsea/Venus - High Definition Audio Controller	PCI
		Realtek ALC887 @ Intel Panther Point PCH - High Definition Audio Controller [C-1]	PCI

HD Audio


[ AMD Cape Verde/Pitcairn/Curacao/Heathrow/Chelsea/Venus - High Definition Audio Controller ]

	Device Properties:
		Device Description	AMD Cape Verde/Pitcairn/Curacao/Heathrow/Chelsea/Venus - High Definition Audio Controller
		Device Description (Windows)	High Definition Audio Controller
		Bus Type	PCI
		Bus / Device / Function	1 / 0 / 1
		Device ID	1002-AAB0
		Subsystem ID	1462-AAB0
		Revision	00
		Hardware ID	PCI\VEN_1002&DEV_AAB0&SUBSYS_AAB01462&REV_00

	Device Manufacturer:
		Company Name	Advanced Micro Devices, Inc.
		Product Information	http://www.amd.com/us/products/desktop/chipsets
		Driver Download	http://support.amd.com
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ ATI Radeon HDMI ]

	Device Properties:
		Device Description	ATI Radeon HDMI
		Device Description (Windows)	AMD High Definition Audio Device
		Device Type	Audio
		Bus Type	HDAUDIO
		Device ID	1002-AA01
		Subsystem ID	00AA-0100
		Revision	1003
		Hardware ID	HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1003

	Device Manufacturer:
		Company Name	Advanced Micro Devices, Inc.
		Product Information	http://www.amd.com/us/products/desktop/chipsets
		Driver Download	http://support.amd.com
		Driver Update	http://www.aida64.com/driver-updates

[ Intel Panther Point PCH - High Definition Audio Controller [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - High Definition Audio Controller [C-1]
		Device Description (Windows)	High Definition Audio Controller
		Bus Type	PCI
		Bus / Device / Function	0 / 27 / 0
		Device ID	8086-1E20
		Subsystem ID	1458-A002
		Revision	04
		Hardware ID	PCI\VEN_8086&DEV_1E20&SUBSYS_A0021458&REV_04

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Realtek ALC887 ]

	Device Properties:
		Device Description	Realtek ALC887
		Device Description (Windows)	High Definition Audio Device
		Device Type	Audio
		Bus Type	HDAUDIO
		Device ID	10EC-0887
		Subsystem ID	1458-A002
		Revision	1003
		Hardware ID	HDAUDIO\FUNC_01&VEN_10EC&DEV_0887&SUBSYS_1458A002&REV_1003

	Device Manufacturer:
		Company Name	Realtek Semiconductor Corp.
		Product Information	http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=8&PFid=14&Level=3&Conn=2
		Driver Download	http://www.realtek.com.tw/downloads
		Driver Update	http://www.aida64.com/driver-updates

Audio Codecs


[ Fraunhofer IIS MPEG Layer-3 Codec (decode only) ]

	ACM Driver Properties:
		Driver Description	Fraunhofer IIS MPEG Layer-3 Codec (decode only)
		Copyright Notice	Copyright © 1996-1999 Fraunhofer Institut Integrierte Schaltungen IIS
		Driver Features	decoder only version
		Driver Version	1.09

[ Microsoft ADPCM CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft ADPCM CODEC
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses Microsoft ADPCM audio data.
		Driver Version	4.00

[ Microsoft CCITT G.711 A-Law and u-Law CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft CCITT G.711 A-Law and u-Law CODEC
		Copyright Notice	Copyright (c) 1993-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses CCITT G.711 A-Law and u-Law audio data.
		Driver Version	4.00

[ Microsoft GSM 6.10 Audio CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft GSM 6.10 Audio CODEC
		Copyright Notice	Copyright (C) 1993-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses audio data conforming to the ETSI-GSM (European Telecommunications Standards Institute-Groupe Special Mobile) recommendation 6.10.
		Driver Version	4.00

[ Microsoft IMA ADPCM CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft IMA ADPCM CODEC
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses IMA ADPCM audio data.
		Driver Version	4.00

[ Microsoft PCM Converter ]

	ACM Driver Properties:
		Driver Description	Microsoft PCM Converter
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Converts frequency and bits per sample of PCM audio data.
		Driver Version	5.00

Video Codecs


Driver	Version	Description
iccvid.dll	1.10.0.11	Cinepak® Codec
iyuv_32.dll	10.0.14393.0 (rs1_release.160715-1616)	Intel Indeo(R) Video YUV Codec
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
msvidc32.dll	10.0.14393.0 (rs1_release.160715-1616)	Microsoft Video 1 Compressor
msyuv.dll	10.0.14393.0 (rs1_release.160715-1616)	Microsoft UYVY Video Decompressor
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]

MCI


[ AVIVideo ]

	MCI Device Properties:
		Device	AVIVideo
		Name	Video for Windows
		Description	Video For Windows MCI driver
		Type	Digital Video Device
		Driver	mciavi32.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Play In Reverse	Yes
		Can Record	No
		Can Save Data	No
		Can Freeze Data	No
		Can Lock Data	No
		Can Stretch Frame	Yes
		Can Stretch Input	No
		Can Test	Yes
		Audio Capable	Yes
		Video Capable	Yes
		Still Image Capable	No

[ CDAudio ]

	MCI Device Properties:
		Device	CDAudio
		Name	CD Audio
		Description	MCI driver for cdaudio devices
		Type	CD Audio Device
		Driver	mcicda.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	No
		File Based Device	No
		Can Eject	Yes
		Can Play	Yes
		Can Record	No
		Can Save Data	No
		Audio Capable	Yes
		Video Capable	No

[ MPEGVideo ]

	MCI Device Properties:
		Device	MPEGVideo
		Name	DirectShow
		Description	DirectShow MCI Driver
		Type	Digital Video Device
		Driver	mciqtz32.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Play In Reverse	No
		Can Record	No
		Can Save Data	No
		Can Freeze Data	No
		Can Lock Data	No
		Can Stretch Frame	Yes
		Can Stretch Input	No
		Can Test	Yes
		Audio Capable	Yes
		Video Capable	Yes
		Still Image Capable	No

[ Sequencer ]

	MCI Device Properties:
		Device	Sequencer
		Name	MIDI Sequencer
		Description	MCI driver for MIDI sequencer
		Type	Sequencer Device
		Driver	mciseq.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Record	No
		Can Save Data	No
		Audio Capable	Yes
		Video Capable	No

[ WaveAudio ]

	MCI Device Properties:
		Device	WaveAudio
		Name	Sound
		Description	MCI driver for waveform audio
		Type	Waveform Audio Device
		Driver	mciwave.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Record	No
		Can Save Data	Yes
		Audio Capable	Yes
		Video Capable	No

SAPI


SAPI Properties:
	SAPI4 Version	-
	SAPI5 Version	5.3.19915.0

Voice (SAPI5):
	Name	Microsoft David Desktop - English (United States)
	Voice Path	C:\WINDOWS\Speech_OneCore\Engines\TTS\en-US\M1033David
	Age	Adult
	Gender	Male
	Language	English (United States)
	Vendor	Microsoft
	Version	11.0
	DLL File	C:\Windows\SysWOW64\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll (x86)
	CLSID	{179F3D56-1B0B-42B2-A962-59B7EF59FE1B}

Voice (SAPI5):
	Name	Microsoft Zira Desktop - English (United States)
	Voice Path	C:\WINDOWS\Speech\Engines\TTS\en-US\M1033ZIR
	Age	Adult
	Gender	Female
	Language	English (United States)
	Vendor	Microsoft
	Version	11.0
	DLL File	C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll (x86)
	CLSID	{C64501F6-E6E6-451f-A150-25D0839BC510}

Speech Recognizer (SAPI5):
	Name	Microsoft Speech Recognizer 8.0 for Windows (English - US)
	Description	Microsoft Speech Recognizer 8.0 for Windows (English - US)
	FE Config Data File	C:\WINDOWS\Speech\Engines\SR\en-US\c1033dsk.fe
	Language	English (United States); English
	Speaking Style	Discrete;Continuous
	Supported Locales	English (United States); English (Canada); English (Philippines); English
	Vendor	Microsoft
	Version	8.0
	DLL File	C:\WINDOWS\System32\Speech\Engines\SR\spsreng.dll (x64)
	CLSID	{DAC9F469-0C67-4643-9258-87EC128C5941}
	RecoExtension	{4F4DB904-CA35-4A3A-90AF-C9D8BE7532AC}

Windows Storage


[ Kingston DataTraveler 3.0 USB Device ]

	Device Properties:
		Driver Description	Kingston DataTraveler 3.0 USB Device
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	disk.inf
		INF Section	disk_install.NT

[ Samsung SSD 850 EVO mSATA 500GB ]

	Device Properties:
		Driver Description	Samsung SSD 850 EVO mSATA 500GB
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	disk.inf
		INF Section	disk_install.NT

[ WDC WD600BEVS-60LAT0 ]

	Device Properties:
		Driver Description	WDC WD600BEVS-60LAT0
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	disk.inf
		INF Section	disk_install.NT

[ Standard SATA AHCI Controller ]

	Device Properties:
		Driver Description	Standard SATA AHCI Controller
		Driver Date	6/21/2006
		Driver Version	10.0.14393.206
		Driver Provider	Microsoft
		INF File	mshdc.inf
		INF Section	msahci_Inst

	Device Resources:
		IRQ	65536
		Memory	F7F16000-F7F167FF
		Port	F020-F03F
		Port	F040-F043
		Port	F050-F057
		Port	F060-F063
		Port	F070-F077

[ Microsoft Storage Spaces Controller ]

	Device Properties:
		Driver Description	Microsoft Storage Spaces Controller
		Driver Date	6/21/2006
		Driver Version	10.0.14393.351
		Driver Provider	Microsoft
		INF File	spaceport.inf
		INF Section	Spaceport_Install

Logical Drives


Drive	Drive Type	File System	Total Size	Used Space	Free Space	% Free	Volume Serial
[ TRIAL VERSION ]	Local Disk	NTFS	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
D:	Local Disk	NTFS	57240 MB	34085 MB	23154 MB	40 %	289E-3033
E:	Optical Drive
F: (CLOVER)	Removable Disk	FAT32	196 MB	13 MB	182 MB	93 %	1E02-D411

Physical Drives


[ Drive #1 - WDC WD600BEVS-60LAT0 (55 GB) ]

	Partition	Partition Type	Drive	Start Offset	Partition Length
	#1 (Active)	NTFS	D:	1 MB	57240 MB

[ Drive #2 - Samsung SSD 850 EVO mSATA 500GB (465 GB) ]

	Partition	Partition Type	Drive	Start Offset	Partition Length
	#1 (Active)	NTFS		1 MB	500 MB
	#2	NTFS	C: (Windows 10)	501 MB	128387 MB
	#3	HFS+		128888 MB	19201 MB

[ Drive #3 - KingstonDataTraveler 3.0 (14 GB) ]

	Partition	Partition Type	Drive	Start Offset	Partition Length
	#1 (Active)	FAT32	F:	2 MB	200 MB

ASPI


Host	ID	LUN	Device Type	Vendor	Model	Rev	Extra Information
00	00	00	Disk Drive	Samsung	SSD 850 EVO mSAT	EMT4
00	00	00	Disk Drive	WDC	WD600BEVS-60LAT0	01.0
00	07	00	Host Adapter	storahci

ATA


[ WDC WD600BEVS-60LAT0 (WD-WXE806631173) ]

	ATA Device Properties:
		Model ID	WDC WD600BEVS-60LAT0
		Serial Number	WD-WXE806631173
		Revision	01.06M01
		Device Type	SATA
		Parameters	116301 cylinders, 16 heads, 63 sectors per track, 512 bytes per sector
		LBA Sectors	117231408
		Physical / Logical Sector Size	512 bytes / 512 bytes
		Buffer	8 MB
		Multiple Sectors	16
		Max. PIO Transfer Mode	PIO 4
		Max. MWDMA Transfer Mode	MWDMA 2
		Max. UDMA Transfer Mode	UDMA 5
		Active UDMA Transfer Mode	UDMA 5
		Unformatted Capacity	57242 MB
		ATA Standard	ATA/ATAPI-7

	ATA Device Features:
		48-bit LBA	Supported, Enabled
		Automatic Acoustic Management (AAM)	Not Supported
		Device Configuration Overlay (DCO)	Supported, Enabled
		DMA Setup Auto-Activate	Not Supported
		Free-Fall Control	Not Supported
		General Purpose Logging (GPL)	Supported, Enabled
		Hardware Feature Control	Not Supported
		Host Protected Area (HPA)	Not Supported
		HPA Security Extensions	Not Supported
		Hybrid Information Feature	Not Supported
		In-Order Data Delivery	Not Supported
		Native Command Queuing (NCQ)	Not Supported
		NCQ Autosense	Not Supported
		NCQ Priority Information	Not Supported
		NCQ Queue Management Command	Not Supported
		NCQ Streaming	Not Supported
		Phy Event Counters	Supported
		Read Look-Ahead	Supported, Enabled
		Release Interrupt	Not Supported
		Security Mode	Not Supported
		Sense Data Reporting (SDR)	Not Supported
		Service Interrupt	Not Supported
		SMART	Supported, Enabled
		SMART Error Logging	Supported, Enabled
		SMART Self-Test	Supported, Enabled
		Software Settings Preservation (SSP)	Supported, Enabled
		Streaming	Not Supported
		Tagged Command Queuing (TCQ)	Not Supported
		Write Cache	Supported, Enabled
		Write-Read-Verify	Not Supported

	SSD Features:
		Data Set Management	Not Supported
		Deterministic Read After TRIM	Not Supported
		TRIM Command	Not Supported

	Power Management Features:
		Advanced Power Management	Supported, Enabled
		Automatic Partial to Slumber Transitions (APST)	Disabled
		Device Initiated Interface Power Management (DIPM)	Supported, Disabled
		Device Sleep (DEVSLP)	Not Supported
		Extended Power Conditions (EPC)	Not Supported
		Host Initiated Interface Power Management (HIPM)	Not Supported
		IDLE IMMEDIATE With UNLOAD FEATURE	Supported, Enabled
		Link Power State Device Sleep	Not Supported
		Power Management	Supported, Enabled
		Power-Up In Standby (PUIS)	Not Supported

	ATA Commands:
		DEVICE RESET	Not Supported
		DOWNLOAD MICROCODE	Supported, Enabled
		FLUSH CACHE	Supported, Enabled
		FLUSH CACHE EXT	Supported, Enabled
		NOP	Supported, Enabled
		READ BUFFER	Supported, Enabled
		WRITE BUFFER	Supported, Enabled

	Disk Device Physical Info:
		Manufacturer	Western Digital
		Hard Disk Family	Scorpio Blue
		Form Factor	2.5"
		Formatted Capacity	60 GB
		Physical Dimensions	100.2 x 69.85 x 9.5 mm
		Max. Weight	117 g
		Average Rotational Latency	5.5 ms
		Rotational Speed	5400 RPM
		Max. Internal Data Rate	792 Mbit/s
		Average Seek	12 ms
		Track-To-Track Seek	2 ms
		Interface	SATA
		Buffer-to-Host Data Rate	150 MB/s
		Buffer Size	8 MB
		Spin-Up Time	4 sec

	Device Manufacturer:
		Company Name	Western Digital Corporation
		Product Information	https://www.wdc.com/products/internal-storage.html
		Driver Update	http://www.aida64.com/driver-updates

[ Samsung SSD 850 EVO mSATA 500GB (S33HNCAH506050M) ]

	ATA Device Properties:
		Model ID	Samsung SSD 850 EVO mSATA 500GB
		Serial Number	S33HNCAH506050M
		Revision	EMT41B6Q
		World Wide Name	5-002538-D701F8AB4
		Device Type	SATA-III
		Parameters	969021 cylinders, 16 heads, 63 sectors per track, 512 bytes per sector
		LBA Sectors	976773168
		Physical / Logical Sector Size	512 bytes / 512 bytes
		Multiple Sectors	1
		Max. PIO Transfer Mode	PIO 4
		Max. MWDMA Transfer Mode	MWDMA 2
		Max. UDMA Transfer Mode	UDMA 6
		Active UDMA Transfer Mode	UDMA 5
		Unformatted Capacity	476940 MB
		Rotational Speed	SSD
		ATA Standard	ACS-2

	ATA Device Features:
		48-bit LBA	Supported, Enabled
		Automatic Acoustic Management (AAM)	Not Supported
		Device Configuration Overlay (DCO)	Supported, Enabled
		DMA Setup Auto-Activate	Supported, Disabled
		Free-Fall Control	Not Supported
		General Purpose Logging (GPL)	Supported, Enabled
		Hardware Feature Control	Supported, Enabled
		Host Protected Area (HPA)	Supported, Enabled
		HPA Security Extensions	Supported, Disabled
		Hybrid Information Feature	Not Supported
		In-Order Data Delivery	Not Supported
		Native Command Queuing (NCQ)	Supported
		NCQ Autosense	Not Supported
		NCQ Priority Information	Not Supported
		NCQ Queue Management Command	Not Supported
		NCQ Streaming	Not Supported
		Phy Event Counters	Supported
		Read Look-Ahead	Supported, Enabled
		Release Interrupt	Not Supported
		Security Mode	Supported, Disabled
		Sense Data Reporting (SDR)	Not Supported
		Service Interrupt	Not Supported
		SMART	Supported, Enabled
		SMART Error Logging	Supported, Enabled
		SMART Self-Test	Supported, Enabled
		Software Settings Preservation (SSP)	Supported, Enabled
		Streaming	Not Supported
		Tagged Command Queuing (TCQ)	Not Supported
		Write Cache	Supported, Enabled
		Write-Read-Verify	Supported, Disabled

	SSD Features:
		Data Set Management	Supported
		Deterministic Read After TRIM	Not Supported
		TRIM Command	Supported

	Power Management Features:
		Advanced Power Management	Not Supported
		Automatic Partial to Slumber Transitions (APST)	Disabled
		Device Initiated Interface Power Management (DIPM)	Supported, Disabled
		Device Sleep (DEVSLP)	Supported
		Extended Power Conditions (EPC)	Not Supported
		Host Initiated Interface Power Management (HIPM)	Not Supported
		IDLE IMMEDIATE With UNLOAD FEATURE	Not Supported
		Link Power State Device Sleep	Supported, Disabled
		Power Management	Supported, Enabled
		Power-Up In Standby (PUIS)	Not Supported

	ATA Commands:
		DEVICE RESET	Not Supported
		DOWNLOAD MICROCODE	Supported, Enabled
		FLUSH CACHE	Supported, Enabled
		FLUSH CACHE EXT	Supported, Enabled
		NOP	Supported, Enabled
		READ BUFFER	Supported, Enabled
		WRITE BUFFER	Supported, Enabled

	SSD Physical Info:
		Manufacturer	Samsung
		SSD Family	850 Evo
		Form Factor	mini-SATA
		Formatted Capacity	500 GB
		Controller Type	Samsung MGX S4LN062X01
		Flash Memory Type	Samsung 40nm TLC V-NAND
		Physical Dimensions	50.8 x 29.8 x 3.85 mm
		Max. Weight	8.5 g
		Max. Sequential Read Speed	540 MB/s
		Max. Sequential Write Speed	520 MB/s
		Max. Random 4 KB Read	97000 IOPS
		Max. Random 4 KB Write	88000 IOPS
		Interface	SATA-III
		Interface Data Rate	600 MB/s
		Buffer Size	512 MB

	Device Manufacturer:
		Company Name	Samsung
		Product Information	http://www.samsung.com/us/computer/solid-state-drives
		Driver Update	http://www.aida64.com/driver-updates

SMART


[ WDC WD600BEVS-60LAT0 (WD-WXE806631173) ]

	ID	Attribute Description	Threshold	Value	Worst	Data	Status
	01	Raw Read Error Rate	51	200	200	165	OK: Value is normal
	03	Spinup Time	21	161	160	950	OK: Value is normal
	04	Start/Stop Count	0	97	97	3625	OK: Always passes
	05	Reallocated Sector Count	140	137	137	503	Pre-Failure: Imminent loss of data is being predicted
	07	Seek Error Rate	51	200	200	0	OK: Value is normal
	09	Power-On Time Count	0	90	90	7331	OK: Always passes
	0A	Spinup Retry Count	51	100	100	0	OK: Value is normal
	0B	Calibration Retry Count	51	100	100	0	OK: Value is normal
	0C	Power Cycle Count	0	97	97	3552	OK: Always passes
	C0	Power-Off Retract Count	0	196	196	3525	OK: Always passes
	C1	Load/Unload Cycle Count	0	138	138	186354	OK: Always passes
	C2	Temperature	0	118	87	25	OK: Always passes
	C4	Reallocation Event Count	0	1	1	285	OK: Always passes
	C5	Current Pending Sector Count	0	200	200	0	OK: Always passes
	C6	Offline Uncorrectable Sector Count	0	100	253	0	OK: Always passes
	C7	Ultra ATA CRC Error Rate	0	200	200	0	OK: Always passes
	C8	Write Error Rate	51	100	253	0	OK: Value is normal

[ Samsung SSD 850 EVO mSATA 500GB (S33HNCAH506050M) ]

	ID	Attribute Description	Threshold	Value	Worst	Data	Status
	05	Reallocated Sector Count	10	100	100	0	OK: Value is normal
	09	Power-On Hours Count	0	99	99	540	OK: Always passes
	0C	Power Cycle Count	0	99	99	143	OK: Always passes
	B1	Wear Leveling Count	0	99	99	1	OK: Always passes
	B3	Used Reserved Block Count (Total)	10	100	100	0	OK: Value is normal
	B5	Program Fail Count (Total)	10	100	100	0	OK: Value is normal
	B6	Erase Fail Count (Total)	10	100	100	0	OK: Value is normal
	B7	Runtime Bad Block (Total)	10	100	100	0	OK: Value is normal
	BB	Uncorrectable Error Count	0	100	100	0	OK: Always passes
	BE	Airflow Temperature	0	62	49	38	OK: Always passes
	C3	ECC Error Rate	0	200	200	0	OK: Always passes
	C7	CRC Error Count	0	100	100	0	OK: Always passes
	EB	POR Recovery Count	0	99	99	8	OK: Always passes
	F1	Total LBAs Written	0	99	99	1.16 TB	OK: Always passes

Windows Network


[ Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30) ]

	Network Adapter Properties:
		Network Adapter	Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
		Interface Type	Gigabit Ethernet
		Hardware Address	90-2B-34-DD-8C-3B
		Connection Name	Ethernet
		Connection Speed	100 Mbps
		MTU	1500 bytes
		DHCP Lease Obtained	1/18/2017 5:16:44 PM
		DHCP Lease Expires	1/19/2017 5:16:44 PM
		Bytes Received	4609861890 (4396.3 MB)
		Bytes Sent	118421862 (112.9 MB)

	Network Adapter Addresses:
		IP / Subnet Mask	[ TRIAL VERSION ]
		Gateway	[ TRIAL VERSION ]
		DHCP	[ TRIAL VERSION ]
		DNS	[ TRIAL VERSION ]

	Network Adapter Manufacturer:
		Company Name	Qualcomm Technologies, Inc.
		Product Information	http://www.qualcomm.com/products/networking
		Driver Download	http://www.qualcomm.com
		Driver Update	http://www.aida64.com/driver-updates

PCI / PnP Network


		Device Description	Type
		Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller	PCI

Internet


Internet Settings:
	Start Page	http://go.microsoft.com/fwlink/p/?LinkId=255141
	Search Page	http://go.microsoft.com/fwlink/?LinkId=54896
	Local Page	%11%\blank.htm
	Download Folder

Current Proxy:
	Proxy Status	Disabled

LAN Proxy:
	Proxy Status	Disabled

Routes


Type	Net Destination	Netmask	Gateway	Metric	Interface
Active	0.0.0.0	0.0.0.0	192.168.1.1	35	192.168.1.81 (Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30))
Active	127.0.0.0	255.0.0.0	127.0.0.1	331	127.0.0.1 (Software Loopback Interface 1)
Active	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	331	[ TRIAL VERSION ]
Active	127.255.255.255	255.255.255.255	127.0.0.1	331	127.0.0.1 (Software Loopback Interface 1)
Active	192.168.1.0	255.255.255.0	192.168.1.81	291	192.168.1.81 (Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30))
Active	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	291	[ TRIAL VERSION ]
Active	192.168.1.255	255.255.255.255	192.168.1.81	291	192.168.1.81 (Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30))
Active	224.0.0.0	240.0.0.0	127.0.0.1	331	127.0.0.1 (Software Loopback Interface 1)
Active	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	291	[ TRIAL VERSION ]
Active	255.255.255.255	255.255.255.255	127.0.0.1	331	127.0.0.1 (Software Loopback Interface 1)
Active	255.255.255.255	255.255.255.255	192.168.1.81	291	192.168.1.81 (Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30))

IE Cookie


		Last Access	URL
		2017-01-15 11:29:06	draku@facebook.com/
		2017-01-16 20:11:25	draku@g.live.com/
		2017-01-16 20:11:25	draku@live.com/
		2017-01-16 20:49:28	draku@rarlab.com/

Browser History


		Last Access	URL
		2017-01-15 11:09:46	Draku@file:///C:/WINDOWS/system32/oobe/FirstLogonAnim.html
		2017-01-15 11:21:41	Draku@res://C:\WINDOWS\system32\mmcndmgr.dll/views.htm
		2017-01-15 11:24:29	[ TRIAL VERSION ]
		2017-01-15 11:29:21	Draku@file:///C:/Users/Default/Desktop/654259.jpg
		2017-01-16 20:46:27	Draku@file:///C:/Users/Draku/Downloads/SinhVienIT.Net---UltraISO%20Premium%20Edition%209.5.2%20Build%202836/UltraISO%20Premium%20Edition%209.5.2%20Build%202836/Serial.txt
		2017-01-16 20:46:50	[ TRIAL VERSION ]
		2017-01-16 20:46:56	Draku@file:///C:/Users/Draku/Downloads
		2017-01-16 20:49:22	Draku@http://rarlab.com/Notifier/?language=English&source=RARLAB&landingpage=first&version=540&architecture=64
		2017-01-16 21:05:24	[ TRIAL VERSION ]
		2017-01-16 21:07:18	Draku@file:///C:/Users/Draku/Downloads/10113HDD/R-Drive%20Image%206.0.6000/cracked/Info.txt
		2017-01-17 18:20:37	Draku@file:///C:/Users/Draku/Downloads/LinksVIPTool2.1.zip

DirectX Files


Name	Version	Type	Language	Size	Date
amstream.dll	10.00.14393.0000	Final Retail	English	82944	7/16/2016 6:42:48 PM
bdaplgin.ax	10.00.14393.0000	Final Retail	English	78336	7/16/2016 6:43:52 PM
d2d1.dll	10.00.14393.0206	Final Retail	English	5061120	9/15/2016 11:40:42 PM
d3d10.dll	10.00.14393.0000	Final Retail	English	1057280	7/16/2016 6:43:06 PM
d3d10_1.dll	10.00.14393.0000	Final Retail	English	158720	7/16/2016 6:43:06 PM
d3d10_1core.dll	10.00.14393.0000	Final Retail	English	354816	7/16/2016 6:43:06 PM
d3d10core.dll	10.00.14393.0000	Final Retail	English	320000	7/16/2016 6:43:06 PM
d3d10level9.dll	10.00.14393.0000	Final Retail	English	350680	7/16/2016 6:42:50 PM
d3d10warp.dll	10.00.14393.0447	Final Retail	English	2323728	11/2/2016 6:10:46 PM
d3d11.dll	10.00.14393.0351	Final Retail	English	2276736	10/15/2016 11:20:50 AM
d3d12.dll	10.00.14393.0351	Final Retail	English	806400	10/15/2016 10:39:10 AM
d3d8.dll	10.00.14393.0447	Final Retail	English	731136	11/2/2016 5:43:29 PM
d3d8thk.dll	10.00.14393.0000	Final Retail	English	12800	7/16/2016 6:43:04 PM
d3d9.dll	10.00.14393.0447	Final Retail	English	1425000	11/2/2016 6:01:37 PM
d3dim.dll	10.00.14393.0000	Final Retail	English	401920	7/16/2016 6:43:04 PM
d3dim700.dll	10.00.14393.0000	Final Retail	English	425984	7/16/2016 6:43:04 PM
d3dramp.dll	10.00.14393.0000	Final Retail	English	595456	7/16/2016 6:43:04 PM
d3dxof.dll	10.00.14393.0000	Final Retail	English	58880	7/16/2016 6:43:04 PM
ddraw.dll	10.00.14393.0447	Final Retail	English	548352	11/2/2016 5:40:21 PM
ddrawex.dll	10.00.14393.0000	Final Retail	English	45056	7/16/2016 6:43:04 PM
devenum.dll	10.00.14393.0206	Final Retail	English	83120	9/16/2016 12:33:53 AM
dinput.dll	10.00.14393.0000	Final Retail	English	136192	7/16/2016 6:43:00 PM
dinput8.dll	10.00.14393.0000	Final Retail	English	172032	7/16/2016 6:43:00 PM
dmband.dll	10.00.14393.0000	Final Retail	English	35328	7/16/2016 6:43:00 PM
dmcompos.dll	10.00.14393.0000	Final Retail	English	75776	7/16/2016 6:43:00 PM
dmime.dll	10.00.14393.0000	Final Retail	English	207872	7/16/2016 6:43:00 PM
dmloader.dll	10.00.14393.0000	Final Retail	English	43008	7/16/2016 6:43:00 PM
dmscript.dll	10.00.14393.0000	Final Retail	English	96256	7/16/2016 6:43:00 PM
dmstyle.dll	10.00.14393.0000	Final Retail	English	121856	7/16/2016 6:43:00 PM
dmsynth.dll	10.00.14393.0000	Final Retail	English	115712	7/16/2016 6:43:00 PM
dmusic.dll	10.00.14393.0000	Final Retail	English	115712	7/16/2016 6:43:00 PM
dplaysvr.exe	10.00.14393.0000	Final Retail	English	8192	7/16/2016 6:43:00 PM
dplayx.dll	10.00.14393.0000	Final Retail	English	8192	7/16/2016 6:43:00 PM
dpmodemx.dll	10.00.14393.0000	Final Retail	English	8192	7/16/2016 6:43:00 PM
dpnaddr.dll	10.00.14393.0000	Final Retail	English	8192	7/16/2016 6:43:00 PM
dpnathlp.dll	10.00.14393.0000	Final Retail	English	8192	7/16/2016 6:43:02 PM
dpnet.dll	10.00.14393.0000	Final Retail	English	8192	7/16/2016 6:43:00 PM
dpnhpast.dll	10.00.14393.0000	Final Retail	English	8192	7/16/2016 6:43:00 PM
dpnhupnp.dll	10.00.14393.0000	Final Retail	English	8192	7/16/2016 6:43:00 PM
dpnlobby.dll	10.00.14393.0000	Final Retail	English	8192	7/16/2016 6:43:00 PM
dpnsvr.exe	10.00.14393.0000	Final Retail	English	8192	7/16/2016 6:43:00 PM
dpwsockx.dll	10.00.14393.0000	Final Retail	English	8192	7/16/2016 6:43:00 PM
dsdmo.dll	10.00.14393.0000	Final Retail	English	189440	7/16/2016 6:42:49 PM
dsound.dll	10.00.14393.0000	Final Retail	English	538112	7/16/2016 6:42:49 PM
dswave.dll	10.00.14393.0000	Final Retail	English	24064	7/16/2016 6:43:00 PM
dwrite.dll	10.00.14393.0351	Final Retail	English	2005504	10/15/2016 10:35:32 AM
dxdiagn.dll	10.00.14393.0000	Final Retail	English	274944	7/16/2016 6:43:04 PM
dxgi.dll	10.00.14393.0000	Final Retail	English	527880	7/16/2016 6:42:50 PM
dxmasf.dll	12.00.14393.0082	Final Retail	English	5120	10/3/2016 5:34:55 AM
dxtmsft.dll	11.00.14393.0000	Final Retail	English	413696	7/16/2016 6:44:02 PM
dxtrans.dll	11.00.14393.0447	Final Retail	English	270336	11/2/2016 5:43:34 PM
dxva2.dll	10.00.14393.0000	Final Retail	English	114720	7/16/2016 6:42:50 PM
encapi.dll	10.00.14393.0105	Final Retail	English	22528	10/3/2016 5:34:43 AM
gcdef.dll	10.00.14393.0000	Final Retail	English	123904	7/16/2016 6:43:00 PM
iac25_32.ax	2.00.0005.0053	Final Retail	English	197632	7/16/2016 6:43:00 PM
ir41_32.ax	10.00.14393.0000	Final Retail	English	9216	7/16/2016 6:43:00 PM
ir41_qc.dll	10.00.14393.0000	Final Retail	English	9216	7/16/2016 6:43:00 PM
ir41_qcx.dll	10.00.14393.0000	Final Retail	English	9216	7/16/2016 6:43:00 PM
ir50_32.dll	10.00.14393.0000	Final Retail	English	9216	7/16/2016 6:43:00 PM
ir50_qc.dll	10.00.14393.0000	Final Retail	English	9216	7/16/2016 6:43:00 PM
ir50_qcx.dll	10.00.14393.0000	Final Retail	English	9216	7/16/2016 6:43:00 PM
ivfsrc.ax	5.10.0002.0051	Final Retail	English	146944	7/16/2016 6:43:00 PM
joy.cpl	10.00.14393.0000	Final Retail	English	92672	7/16/2016 6:43:00 PM
ksproxy.ax	10.00.14393.0000	Final Retail	English	234496	7/16/2016 6:42:49 PM
kstvtune.ax	10.00.14393.0000	Final Retail	English	95232	7/16/2016 6:43:52 PM
ksuser.dll	10.00.14393.0000	Final Retail	English	20672	7/16/2016 6:42:49 PM
kswdmcap.ax	10.00.14393.0000	Final Retail	English	118784	7/16/2016 6:42:49 PM
ksxbar.ax	10.00.14393.0000	Final Retail	English	57856	7/16/2016 6:43:52 PM
mciqtz32.dll	10.00.14393.0000	Final Retail	English	39936	7/16/2016 6:42:48 PM
mfc40.dll	4.01.0000.6140	Final Retail	English	924944	7/16/2016 6:42:48 PM
mfc42.dll	6.06.8063.0000	Beta Retail	English	1187328	7/16/2016 6:42:48 PM
mpeg2data.ax	10.00.14393.0000	Final Retail	English	82944	7/16/2016 6:43:52 PM
mpg2splt.ax	10.00.14393.0000	Final Retail	English	223232	7/16/2016 6:43:00 PM
msdmo.dll	10.00.14393.0000	Final Retail	English	28936	7/16/2016 6:42:49 PM
msdvbnp.ax	10.00.14393.0000	Final Retail	English	72192	7/16/2016 6:43:52 PM
msvidctl.dll	6.05.14393.0447	Final Retail	English	2356736	11/2/2016 5:23:48 PM
msyuv.dll	10.00.14393.0000	Final Retail	English	24064	7/16/2016 6:42:49 PM
pid.dll	10.00.14393.0000	Final Retail	English	37888	7/16/2016 6:43:00 PM
psisdecd.dll	10.00.14393.0000	Final Retail	English	501248	7/16/2016 6:43:52 PM
psisrndr.ax	10.00.14393.0000	Final Retail	English	88064	7/16/2016 6:43:52 PM
qasf.dll	12.00.14393.0000	Final Retail	English	139264	7/16/2016 6:43:00 PM
qcap.dll	10.00.14393.0000	Final Retail	English	224256	7/16/2016 6:42:48 PM
qdv.dll	10.00.14393.0000	Final Retail	English	300544	7/16/2016 6:42:49 PM
qdvd.dll	10.00.14393.0187	Final Retail	English	575488	10/3/2016 5:34:43 AM
qedit.dll	10.00.14393.0000	Final Retail	English	577024	7/16/2016 6:43:52 PM
qedwipes.dll	10.00.14393.0000	Final Retail	English	733696	7/16/2016 6:43:52 PM
quartz.dll	10.00.14393.0000	Final Retail	English	1564160	7/16/2016 6:42:48 PM
vbisurf.ax	10.00.14393.0000	Final Retail	English	41472	7/16/2016 6:43:52 PM
vfwwdm32.dll	10.00.14393.0000	Final Retail	English	58880	7/16/2016 6:42:49 PM
wsock32.dll	10.00.14393.0000	Final Retail	English	16384	7/16/2016 6:43:01 PM

DirectX Video


[ Primary Display Driver ]

	DirectDraw Device Properties:
		DirectDraw Driver Name	display
		DirectDraw Driver Description	Primary Display Driver
		Hardware Driver	aticfx32.dll (8.17.10.1484)
		Hardware Description	AMD Radeon HD 7700 Series

	Direct3D Device Properties:
		Rendering Bit Depths	16, 32
		Z-Buffer Bit Depths	16, 24, 32
		Multisample Anti-Aliasing Modes	MSAA 2x, MSAA 4x, MSAA 8x
		Min Texture Size	1 x 1
		Max Texture Size	16384 x 16384
		Unified Shader Version	5.1
		DirectX Hardware Support	DirectX v11.1

	Direct3D Device Features:
		Additive Texture Blending	Supported
		AGP Texturing	Supported
		Anisotropic Filtering	Supported
		Automatic Mipmap Generation	Supported
		Bilinear Filtering	Supported
		Compute Shader	Supported
		Cubic Environment Mapping	Supported
		Cubic Filtering	Not Supported
		Decal-Alpha Texture Blending	Supported
		Decal Texture Blending	Supported
		Directional Lights	Supported
		DirectX Texture Compression	Supported
		DirectX Volumetric Texture Compression	Not Supported
		Dithering	Supported
		Dot3 Texture Blending	Supported
		Double-Precision Floating-Point	Supported
		Driver Concurrent Creates	Supported
		Driver Command Lists	Not Supported
		Dynamic Textures	Supported
		Edge Anti-Aliasing	Not Supported
		Environmental Bump Mapping	Supported
		Environmental Bump Mapping + Luminance	Supported
		Factor Alpha Blending	Supported
		Geometric Hidden-Surface Removal	Not Supported
		Geometry Shader	Supported
		Guard Band	Supported
		Hardware Scene Rasterization	Supported
		Hardware Transform & Lighting	Supported
		Legacy Depth Bias	Supported
		Map On Default Buffers	Supported
		Mipmap LOD Bias Adjustments	Supported
		Mipmapped Cube Textures	Supported
		Mipmapped Volume Textures	Supported
		Modulate-Alpha Texture Blending	Supported
		Modulate Texture Blending	Supported
		Non-Square Textures	Supported
		N-Patches	Not Supported
		Perspective Texture Correction	Supported
		Point Lights	Supported
		Point Sampling	Supported
		Projective Textures	Supported
		Quintic Bezier Curves & B-Splines	Not Supported
		Range-Based Fog	Supported
		Rectangular & Triangular Patches	Not Supported
		Rendering In Windowed Mode	Supported
		Runtime Shader Linking	Supported
		Scissor Test	Supported
		Slope-Scale Based Depth Bias	Supported
		Specular Flat Shading	Supported
		Specular Gouraud Shading	Supported
		Specular Phong Shading	Not Supported
		Spherical Mapping	Supported
		Spot Lights	Supported
		Stencil Buffers	Supported
		Sub-Pixel Accuracy	Supported
		Subtractive Texture Blending	Supported
		Table Fog	Supported
		Texture Alpha Blending	Supported
		Texture Clamping	Supported
		Texture Mirroring	Supported
		Texture Transparency	Supported
		Texture Wrapping	Supported
		Tiled Resources	Supported
		Triangle Culling	Not Supported
		Trilinear Filtering	Supported
		Two-Sided Stencil Test	Supported
		Vertex Alpha Blending	Supported
		Vertex Fog	Supported
		Vertex Tweening	Supported
		Volume Textures	Supported
		W-Based Fog	Supported
		W-Buffering	Not Supported
		Z-Based Fog	Supported
		Z-Bias	Supported
		Z-Test	Supported

	Supported FourCC Codes:
		ATIC	Supported
		AYUV	Supported
		CMSL	Supported
		DXT1	Supported
		DXT2	Supported
		DXT3	Supported
		DXT4	Supported
		DXT5	Supported
		FLGL	Supported
		GET4	Supported
		GINF	Supported
		INST	Supported
		M2IA	Supported
		NULL	Supported
		NV12	Supported
		NV21	Supported
		R2VB	Supported
		RESZ	Supported
		SYV2	Supported
		UYVY	Supported
		YUY2	Supported
		YV12	Supported

	Video Adapter Manufacturer:
		Company Name	Advanced Micro Devices, Inc.
		Product Information	http://www.amd.com/en-us/products/graphics/desktop
		Driver Download	http://sites.amd.com/us/game/downloads
		Driver Update	http://www.aida64.com/driver-updates

DirectX Sound


[ Primary Sound Driver ]

	DirectSound Device Properties:
		Device Description	Primary Sound Driver
		Driver Module
		Primary Buffers	1
		Min / Max Secondary Buffers Sample Rate	100 / 200000 Hz
		Primary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Secondary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Total / Free Sound Buffers	1 / 0
		Total / Free Static Sound Buffers	1 / 0
		Total / Free Streaming Sound Buffers	1 / 0
		Total / Free 3D Sound Buffers	0 / 0
		Total / Free 3D Static Sound Buffers	0 / 0
		Total / Free 3D Streaming Sound Buffers	0 / 0

	DirectSound Device Features:
		Certified Driver	No
		Emulated Device	No
		Precise Sample Rate	Supported
		DirectSound3D	Not Supported
		Creative EAX 1.0	Not Supported
		Creative EAX 2.0	Not Supported
		Creative EAX 3.0	Not Supported
		Creative EAX 4.0	Not Supported
		Creative EAX 5.0	Not Supported
		I3DL2	Not Supported
		Sensaura ZoomFX	Not Supported

[ Speakers (High Definition Audio Device) ]

	DirectSound Device Properties:
		Device Description	Speakers (High Definition Audio Device)
		Driver Module	{0.0.0.00000000}.{f3f3c89a-a201-4747-ac4e-5009d7de968b}
		Primary Buffers	1
		Min / Max Secondary Buffers Sample Rate	100 / 200000 Hz
		Primary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Secondary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Total / Free Sound Buffers	1 / 0
		Total / Free Static Sound Buffers	1 / 0
		Total / Free Streaming Sound Buffers	1 / 0
		Total / Free 3D Sound Buffers	0 / 0
		Total / Free 3D Static Sound Buffers	0 / 0
		Total / Free 3D Streaming Sound Buffers	0 / 0

	DirectSound Device Features:
		Certified Driver	No
		Emulated Device	No
		Precise Sample Rate	Supported
		DirectSound3D	Not Supported
		Creative EAX 1.0	Not Supported
		Creative EAX 2.0	Not Supported
		Creative EAX 3.0	Not Supported
		Creative EAX 4.0	Not Supported
		Creative EAX 5.0	Not Supported
		I3DL2	Not Supported
		Sensaura ZoomFX	Not Supported

[ 1 - LG ULTRAWIDE (AMD High Definition Audio Device) ]

	DirectSound Device Properties:
		Device Description	1 - LG ULTRAWIDE (AMD High Definition Audio Device)
		Driver Module	{0.0.0.00000000}.{2faede64-bb91-40e4-bce7-d6b366df5398}
		Primary Buffers	1
		Min / Max Secondary Buffers Sample Rate	100 / 200000 Hz
		Primary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Secondary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Total / Free Sound Buffers	1 / 0
		Total / Free Static Sound Buffers	1 / 0
		Total / Free Streaming Sound Buffers	1 / 0
		Total / Free 3D Sound Buffers	0 / 0
		Total / Free 3D Static Sound Buffers	0 / 0
		Total / Free 3D Streaming Sound Buffers	0 / 0

	DirectSound Device Features:
		Certified Driver	No
		Emulated Device	No
		Precise Sample Rate	Supported
		DirectSound3D	Not Supported
		Creative EAX 1.0	Not Supported
		Creative EAX 2.0	Not Supported
		Creative EAX 3.0	Not Supported
		Creative EAX 4.0	Not Supported
		Creative EAX 5.0	Not Supported
		I3DL2	Not Supported
		Sensaura ZoomFX	Not Supported

[ Digital Audio (S/PDIF) (High Definition Audio Device) ]

	DirectSound Device Properties:
		Device Description	Digital Audio (S/PDIF) (High Definition Audio Device)
		Driver Module	{0.0.0.00000000}.{4a455f4a-64ea-40c3-ad48-e2fc50fe035d}
		Primary Buffers	1
		Min / Max Secondary Buffers Sample Rate	100 / 200000 Hz
		Primary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Secondary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Total / Free Sound Buffers	1 / 0
		Total / Free Static Sound Buffers	1 / 0
		Total / Free Streaming Sound Buffers	1 / 0
		Total / Free 3D Sound Buffers	0 / 0
		Total / Free 3D Static Sound Buffers	0 / 0
		Total / Free 3D Streaming Sound Buffers	0 / 0

	DirectSound Device Features:
		Certified Driver	No
		Emulated Device	No
		Precise Sample Rate	Supported
		DirectSound3D	Not Supported
		Creative EAX 1.0	Not Supported
		Creative EAX 2.0	Not Supported
		Creative EAX 3.0	Not Supported
		Creative EAX 4.0	Not Supported
		Creative EAX 5.0	Not Supported
		I3DL2	Not Supported
		Sensaura ZoomFX	Not Supported

Windows Devices


[ Devices ]

	Audio inputs and outputs:
		1 - LG ULTRAWIDE (AMD High Definition Audio Device)	10.0.14393.0
		Digital Audio (S/PDIF) (High Definition Audio Device)	10.0.14393.0
		Speakers (High Definition Audio Device)	10.0.14393.0

	Computer:
		ACPI x64-based PC	10.0.14393.0

	Disk drives:
		Kingston DataTraveler 3.0 USB Device	10.0.14393.0
		Samsung SSD 850 EVO mSATA 500GB	10.0.14393.0
		WDC WD600BEVS-60LAT0	10.0.14393.0

	Display adapters:
		AMD Radeon HD 7700 Series	21.19.137.1

	Human Interface Devices:
		HID-compliant consumer control device	10.0.14393.0
		HID-compliant consumer control device	10.0.14393.0
		HID-compliant system controller	10.0.14393.351
		HID-compliant system controller	10.0.14393.351
		HID-compliant vendor-defined device	10.0.14393.351
		USB Input Device	10.0.14393.351
		USB Input Device	10.0.14393.351
		USB Input Device	10.0.14393.351
		USB Input Device	10.0.14393.351

	IDE ATA/ATAPI controllers:
		Standard SATA AHCI Controller	10.0.14393.206

	Keyboards:
		HID Keyboard Device	10.0.14393.206
		HID Keyboard Device	10.0.14393.206

	Mice and other pointing devices:
		HID-compliant mouse	10.0.14393.0

	Monitors:
		LG ULTRAWIDE(HDMI)	1.0.0.0

	Network adapters:
		Microsoft Kernel Debug Network Adapter	10.0.14393.0
		Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)	2.1.0.16

	Portable Devices:
		CLOVER	10.0.14393.0

	Ports (COM & LPT):
		Communications Port (COM1)	10.0.14393.0

	Print queues:
		Fax	10.0.14393.0
		Microsoft Print to PDF	10.0.14393.0
		Microsoft XPS Document Writer	10.0.14393.0
		Root Print Queue	10.0.14393.0

	Processors:
		Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz	10.0.14393.0
		Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz	10.0.14393.0
		Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz	10.0.14393.0
		Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz	10.0.14393.0
		Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz	10.0.14393.0
		Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz	10.0.14393.0
		Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz	10.0.14393.0
		Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz	10.0.14393.0

	Software devices:
		Microsoft GS Wavetable Synth	10.0.14393.0
		Microsoft Radio Device Enumeration Bus	10.0.14393.0

	Sound, video and game controllers:
		AMD High Definition Audio Device	10.0.0.2
		High Definition Audio Device	10.0.14393.0

	Storage controllers:
		Microsoft Storage Spaces Controller	10.0.14393.351

	Storage volumes:
		Volume	10.0.14393.0
		Volume	10.0.14393.0
		Volume	10.0.14393.0
		Volume	10.0.14393.0
		Volume	10.0.14393.0

	System devices:
		ACPI Fan	10.0.14393.0
		ACPI Fan	10.0.14393.0
		ACPI Fan	10.0.14393.0
		ACPI Fan	10.0.14393.0
		ACPI Fan	10.0.14393.0
		ACPI Fixed Feature Button	10.0.14393.0
		ACPI Power Button	10.0.14393.0
		ACPI Thermal Zone	10.0.14393.0
		ACPI Thermal Zone	10.0.14393.0
		Composite Bus Enumerator	10.0.14393.0
		Direct memory access controller	10.0.14393.0
		High Definition Audio Controller	10.0.14393.0
		High Definition Audio Controller	10.0.14393.0
		High precision event timer	10.0.14393.0
		Intel(R) Management Engine Interface	11.0.0.1157
		Legacy device	10.0.14393.0
		LPC Controller	10.0.14393.0
		Memory Controller	10.0.14393.0
		Microsoft ACPI-Compliant System	10.0.14393.447
		Microsoft Basic Display Driver	10.0.14393.0
		Microsoft Basic Render Driver	10.0.14393.0
		Microsoft System Management BIOS Driver	10.0.14393.0
		Microsoft Virtual Drive Enumerator	10.0.14393.0
		Motherboard resources	10.0.14393.0
		Motherboard resources	10.0.14393.0
		Motherboard resources	10.0.14393.0
		Motherboard resources	10.0.14393.0
		Motherboard resources	10.0.14393.0
		NDIS Virtual Network Adapter Enumerator	10.0.14393.0
		Numeric data processor	10.0.14393.0
		PCI Express Root Complex	10.0.14393.351
		PCI-to-PCI Bridge	10.0.14393.351
		PCI-to-PCI Bridge	10.0.14393.351
		PCI-to-PCI Bridge	10.0.14393.351
		PCI-to-PCI Bridge	10.0.14393.351
		PCI-to-PCI Bridge	10.0.14393.351
		Plug and Play Software Device Enumerator	10.0.14393.0
		Programmable interrupt controller	10.0.14393.0
		Remote Desktop Device Redirector Bus	10.0.14393.0
		SM Bus Controller	10.0.14393.0
		System board	10.0.14393.0
		System CMOS/real time clock	10.0.14393.0
		System timer	10.0.14393.0
		UMBus Root Bus Enumerator	10.0.14393.0
		Volume Manager	10.0.14393.0

	Universal Serial Bus controllers:
		Generic USB Hub	10.0.14393.0
		Generic USB Hub	10.0.14393.0
		Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26	10.0.14393.0
		Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D	10.0.14393.0
		Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)	10.0.14393.0
		USB Composite Device	10.0.14393.0
		USB Composite Device	10.0.14393.0
		USB Mass Storage Device	10.0.14393.0
		USB Root Hub (xHCI)	10.0.14393.0
		USB Root Hub	10.0.14393.0
		USB Root Hub	10.0.14393.0

	Unknown:
		Unknown

[ Audio inputs and outputs / 1 - LG ULTRAWIDE (AMD High Definition Audio Device) ]

	Device Properties:
		Driver Description	1 - LG ULTRAWIDE (AMD High Definition Audio Device)
		Driver Date	7/15/2016
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	audioendpoint.inf
		INF Section	NO_DRV
		Hardware ID	MMDEVAPI\AudioEndpoints

[ Audio inputs and outputs / Digital Audio (S/PDIF) (High Definition Audio Device) ]

	Device Properties:
		Driver Description	Digital Audio (S/PDIF) (High Definition Audio Device)
		Driver Date	7/15/2016
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	audioendpoint.inf
		INF Section	NO_DRV
		Hardware ID	MMDEVAPI\AudioEndpoints

[ Audio inputs and outputs / Speakers (High Definition Audio Device) ]

	Device Properties:
		Driver Description	Speakers (High Definition Audio Device)
		Driver Date	7/15/2016
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	audioendpoint.inf
		INF Section	NO_DRV
		Hardware ID	MMDEVAPI\AudioEndpoints

[ Computer / ACPI x64-based PC ]

	Device Properties:
		Driver Description	ACPI x64-based PC
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	hal.inf
		INF Section	ACPI_AMD64_HAL
		Hardware ID	acpiapic

[ Disk drives / Kingston DataTraveler 3.0 USB Device ]

	Device Properties:
		Driver Description	Kingston DataTraveler 3.0 USB Device
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	disk.inf
		INF Section	disk_install.NT
		Hardware ID	USBSTOR\DiskKingstonDataTraveler_3.0PMAP

	Device Manufacturer:
		Company Name	Kingston Technology Corporation
		Product Information	http://www.kingston.com/en/ssd
		Driver Update	http://www.aida64.com/driver-updates

[ Disk drives / Samsung SSD 850 EVO mSATA 500GB ]

	Device Properties:
		Driver Description	Samsung SSD 850 EVO mSATA 500GB
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	disk.inf
		INF Section	disk_install.NT
		Hardware ID	SCSI\DiskSamsung_SSD_850_EVO_mSATEMT4
		Location Information	Bus Number 5, Target Id 0, LUN 0

	Device Manufacturer:
		Company Name	Samsung
		Product Information	http://www.samsung.com/us/computer/solid-state-drives
		Driver Update	http://www.aida64.com/driver-updates

[ Disk drives / WDC WD600BEVS-60LAT0 ]

	Device Properties:
		Driver Description	WDC WD600BEVS-60LAT0
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	disk.inf
		INF Section	disk_install.NT
		Hardware ID	SCSI\DiskWDC_____WD600BEVS-60LAT001.0
		Location Information	Bus Number 1, Target Id 0, LUN 0

	Device Manufacturer:
		Company Name	Western Digital Corporation
		Product Information	https://www.wdc.com/products/internal-storage.html
		Driver Update	http://www.aida64.com/driver-updates

[ Display adapters / AMD Radeon HD 7700 Series ]

	Device Properties:
		Driver Description	AMD Radeon HD 7700 Series
		Driver Date	9/16/2016
		Driver Version	21.19.137.1
		Driver Provider	Advanced Micro Devices, Inc.
		INF File	oem8.inf
		INF Section	ati2mtag_R575ADS
		Hardware ID	PCI\VEN_1002&DEV_683F&SUBSYS_27921462&REV_00
		Location Information	PCI bus 1, device 0, function 0
		PCI Device	MSI R7750 (MS-V279) Video Adapter

	Device Resources:
		IRQ	65536
		Memory	000A0000-000BFFFF
		Memory	E0000000-EFFFFFFF
		Memory	F7E00000-F7E3FFFF
		Port	03B0-03BB
		Port	03C0-03DF
		Port	E000-E0FF

	Video Adapter Manufacturer:
		Company Name	Micro-Star Int'l Co.,Ltd.
		Product Information	http://www.msi.com/product/vga/
		Driver Download	http://www.msi.com/service/download/
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant consumer control device ]

	Device Properties:
		Driver Description	HID-compliant consumer control device
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	hidserv.inf
		INF Section	HIDSystemConsumerDevice
		Hardware ID	HID\VID_04B4&PID_0101&REV_0001&MI_01&Col02

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant consumer control device ]

	Device Properties:
		Driver Description	HID-compliant consumer control device
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	hidserv.inf
		INF Section	HIDSystemConsumerDevice
		Hardware ID	HID\VID_1D57&PID_FFA8&REV_0110&MI_01&Col03

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant system controller ]

	Device Properties:
		Driver Description	HID-compliant system controller
		Driver Date	6/21/2006
		Driver Version	10.0.14393.351
		Driver Provider	Microsoft
		INF File	input.inf
		INF Section	HID_Raw_Inst.NT
		Hardware ID	HID\VID_04B4&PID_0101&REV_0001&MI_01&Col01

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant system controller ]

	Device Properties:
		Driver Description	HID-compliant system controller
		Driver Date	6/21/2006
		Driver Version	10.0.14393.351
		Driver Provider	Microsoft
		INF File	input.inf
		INF Section	HID_Raw_Inst.NT
		Hardware ID	HID\VID_1D57&PID_FFA8&REV_0110&MI_01&Col02

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant vendor-defined device ]

	Device Properties:
		Driver Description	HID-compliant vendor-defined device
		Driver Date	6/21/2006
		Driver Version	10.0.14393.351
		Driver Provider	Microsoft
		INF File	input.inf
		INF Section	HID_Raw_Inst.NT
		Hardware ID	HID\VID_1D57&PID_FFA8&REV_0110&MI_01&Col04

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / USB Input Device ]

	Device Properties:
		Driver Description	USB Input Device
		Driver Date	6/21/2006
		Driver Version	10.0.14393.351
		Driver Provider	Microsoft
		INF File	input.inf
		INF Section	HID_Inst.NT
		Hardware ID	USB\VID_04B4&PID_0101&REV_0001&MI_00
		Location Information	0000.001a.0000.001.005.000.000.000.000

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / USB Input Device ]

	Device Properties:
		Driver Description	USB Input Device
		Driver Date	6/21/2006
		Driver Version	10.0.14393.351
		Driver Provider	Microsoft
		INF File	input.inf
		INF Section	HID_Inst.NT
		Hardware ID	USB\VID_04B4&PID_0101&REV_0001&MI_01
		Location Information	0000.001a.0000.001.005.000.000.000.000

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / USB Input Device ]

	Device Properties:
		Driver Description	USB Input Device
		Driver Date	6/21/2006
		Driver Version	10.0.14393.351
		Driver Provider	Microsoft
		INF File	input.inf
		INF Section	HID_Inst.NT
		Hardware ID	USB\VID_1D57&PID_FFA8&REV_0110&MI_00
		Location Information	0000.001a.0000.001.006.000.000.000.000

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / USB Input Device ]

	Device Properties:
		Driver Description	USB Input Device
		Driver Date	6/21/2006
		Driver Version	10.0.14393.351
		Driver Provider	Microsoft
		INF File	input.inf
		INF Section	HID_Inst.NT
		Hardware ID	USB\VID_1D57&PID_FFA8&REV_0110&MI_01
		Location Information	0000.001a.0000.001.006.000.000.000.000

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ IDE ATA/ATAPI controllers / Standard SATA AHCI Controller ]

	Device Properties:
		Driver Description	Standard SATA AHCI Controller
		Driver Date	6/21/2006
		Driver Version	10.0.14393.206
		Driver Provider	Microsoft
		INF File	mshdc.inf
		INF Section	msahci_Inst
		Hardware ID	PCI\VEN_8086&DEV_1E02&SUBSYS_B0051458&REV_04
		Location Information	PCI bus 0, device 31, function 2
		PCI Device	Intel Panther Point PCH - SATA AHCI Controller [C-1]

	Device Resources:
		IRQ	65536
		Memory	F7F16000-F7F167FF
		Port	F020-F03F
		Port	F040-F043
		Port	F050-F057
		Port	F060-F063
		Port	F070-F077

[ Keyboards / HID Keyboard Device ]

	Device Properties:
		Driver Description	HID Keyboard Device
		Driver Date	6/21/2006
		Driver Version	10.0.14393.206
		Driver Provider	Microsoft
		INF File	keyboard.inf
		INF Section	HID_Keyboard_Inst.NT
		Hardware ID	HID\VID_04B4&PID_0101&REV_0001&MI_00

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Keyboards / HID Keyboard Device ]

	Device Properties:
		Driver Description	HID Keyboard Device
		Driver Date	6/21/2006
		Driver Version	10.0.14393.206
		Driver Provider	Microsoft
		INF File	keyboard.inf
		INF Section	HID_Keyboard_Inst.NT
		Hardware ID	HID\VID_1D57&PID_FFA8&REV_0110&MI_00

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Mice and other pointing devices / HID-compliant mouse ]

	Device Properties:
		Driver Description	HID-compliant mouse
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	msmouse.inf
		INF Section	HID_Mouse_Inst.NT
		Hardware ID	HID\VID_1D57&PID_FFA8&REV_0110&MI_01&Col01

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Monitors / LG ULTRAWIDE(HDMI) ]

	Device Properties:
		Driver Description	LG ULTRAWIDE(HDMI)
		Driver Date	8/26/2015
		Driver Version	1.0.0.0
		Driver Provider	LG
		INF File	oem12.inf
		INF Section	ULTRAWIDE_HDMI.Install
		Hardware ID	MONITOR\GSM59F1

	Monitor Manufacturer:
		Company Name	LG Electronics
		Product Information	http://www.lg.com/us/monitors
		Driver Download	http://www.lg.com/us/support
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / Microsoft Kernel Debug Network Adapter ]

	Device Properties:
		Driver Description	Microsoft Kernel Debug Network Adapter
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	kdnic.inf
		INF Section	KdNic.ndi
		Hardware ID	root\kdnic

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30) ]

	Device Properties:
		Driver Description	Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
		Driver Date	4/1/2013
		Driver Version	2.1.0.16
		Driver Provider	Microsoft
		INF File	netl1c63x64.inf
		INF Section	L1F.MB.ndi
		Hardware ID	PCI\VEN_1969&DEV_1091&SUBSYS_E0001458&REV_10
		Location Information	PCI bus 3, device 0, function 0
		PCI Device	Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller

	Device Resources:
		IRQ	18
		Memory	F7D00000-F7D3FFFF
		Port	D000-D07F

	Network Adapter Manufacturer:
		Company Name	Qualcomm Technologies, Inc.
		Product Information	http://www.qualcomm.com/products/networking
		Driver Download	http://www.qualcomm.com
		Driver Update	http://www.aida64.com/driver-updates

[ Portable Devices / CLOVER ]

	Device Properties:
		Driver Description	CLOVER
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	WpdFs.inf
		INF Section	Basic_Install

[ Ports (COM & LPT) / Communications Port (COM1) ]

	Device Properties:
		Driver Description	Communications Port (COM1)
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	msports.inf
		INF Section	ComPort.NT
		Hardware ID	ACPI\VEN_PNP&DEV_0501

	Device Resources:
		IRQ	04
		Port	03F8-03FF

[ Print queues / Fax ]

	Device Properties:
		Driver Description	Fax
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	printqueue.inf
		INF Section	NO_DRV_LOCAL
		Hardware ID	PRINTENUM\microsoftmicrosoft_s7d14

[ Print queues / Microsoft Print to PDF ]

	Device Properties:
		Driver Description	Microsoft Print to PDF
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	printqueue.inf
		INF Section	NO_DRV_LOCAL
		Hardware ID	PRINTENUM\{084f01fa-e634-4d77-83ee-074817c03581}

[ Print queues / Microsoft XPS Document Writer ]

	Device Properties:
		Driver Description	Microsoft XPS Document Writer
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	printqueue.inf
		INF Section	NO_DRV_LOCAL
		Hardware ID	PRINTENUM\{0f4130dd-19c7-7ab6-99a1-980f03b2ee4e}

[ Print queues / Root Print Queue ]

	Device Properties:
		Driver Description	Root Print Queue
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	printqueue.inf
		INF Section	NO_DRV_LOCAL
		Hardware ID	PRINTENUM\LocalPrintQueue

[ Processors / Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
		Driver Date	4/21/2009
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	cpu.inf
		INF Section	IntelPPM_Inst.NT
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_42

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Core%20i7-2600
		Driver Update	http://www.aida64.com/driver-updates

[ Processors / Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
		Driver Date	4/21/2009
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	cpu.inf
		INF Section	IntelPPM_Inst.NT
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_42

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Core%20i7-2600
		Driver Update	http://www.aida64.com/driver-updates

[ Processors / Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
		Driver Date	4/21/2009
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	cpu.inf
		INF Section	IntelPPM_Inst.NT
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_42

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Core%20i7-2600
		Driver Update	http://www.aida64.com/driver-updates

[ Processors / Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
		Driver Date	4/21/2009
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	cpu.inf
		INF Section	IntelPPM_Inst.NT
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_42

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Core%20i7-2600
		Driver Update	http://www.aida64.com/driver-updates

[ Processors / Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
		Driver Date	4/21/2009
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	cpu.inf
		INF Section	IntelPPM_Inst.NT
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_42

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Core%20i7-2600
		Driver Update	http://www.aida64.com/driver-updates

[ Processors / Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
		Driver Date	4/21/2009
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	cpu.inf
		INF Section	IntelPPM_Inst.NT
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_42

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Core%20i7-2600
		Driver Update	http://www.aida64.com/driver-updates

[ Processors / Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
		Driver Date	4/21/2009
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	cpu.inf
		INF Section	IntelPPM_Inst.NT
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_42

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Core%20i7-2600
		Driver Update	http://www.aida64.com/driver-updates

[ Processors / Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
		Driver Date	4/21/2009
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	cpu.inf
		INF Section	IntelPPM_Inst.NT
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_42

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Core%20i7-2600
		Driver Update	http://www.aida64.com/driver-updates

[ Software devices / Microsoft GS Wavetable Synth ]

	Device Properties:
		Driver Description	Microsoft GS Wavetable Synth
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	c_swdevice.inf
		INF Section	SoftwareDevice

[ Software devices / Microsoft Radio Device Enumeration Bus ]

	Device Properties:
		Driver Description	Microsoft Radio Device Enumeration Bus
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	c_swdevice.inf
		INF Section	SoftwareDevice

[ Sound, video and game controllers / AMD High Definition Audio Device ]

	Device Properties:
		Driver Description	AMD High Definition Audio Device
		Driver Date	1/16/2016
		Driver Version	10.0.0.2
		Driver Provider	Advanced Micro Devices
		INF File	oem2.inf
		INF Section	HDAudioInstall
		Hardware ID	HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1003
		Location Information	Internal High Definition Audio Bus

	Device Manufacturer:
		Company Name	Advanced Micro Devices, Inc.
		Product Information	http://www.amd.com/us/products/desktop/chipsets
		Driver Download	http://support.amd.com
		Driver Update	http://www.aida64.com/driver-updates

[ Sound, video and game controllers / High Definition Audio Device ]

	Device Properties:
		Driver Description	High Definition Audio Device
		Driver Date	7/15/2016
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	hdaudio.inf
		INF Section	HdAudModel
		Hardware ID	HDAUDIO\FUNC_01&VEN_10EC&DEV_0887&SUBSYS_1458A002&REV_1003
		Location Information	Internal High Definition Audio Bus

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Storage controllers / Microsoft Storage Spaces Controller ]

	Device Properties:
		Driver Description	Microsoft Storage Spaces Controller
		Driver Date	6/21/2006
		Driver Version	10.0.14393.351
		Driver Provider	Microsoft
		INF File	spaceport.inf
		INF Section	Spaceport_Install
		Hardware ID	Root\Spaceport

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Storage volumes / Volume ]

	Device Properties:
		Driver Description	Volume
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	volume.inf
		INF Section	volume_install.NT
		Hardware ID	STORAGE\Volume

[ Storage volumes / Volume ]

	Device Properties:
		Driver Description	Volume
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	volume.inf
		INF Section	volume_install.NT
		Hardware ID	STORAGE\Volume

[ Storage volumes / Volume ]

	Device Properties:
		Driver Description	Volume
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	volume.inf
		INF Section	volume_install.NT
		Hardware ID	STORAGE\Volume

[ Storage volumes / Volume ]

	Device Properties:
		Driver Description	Volume
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	volume.inf
		INF Section	volume_install.NT
		Hardware ID	STORAGE\Volume

[ Storage volumes / Volume ]

	Device Properties:
		Driver Description	Volume
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	volume.inf
		INF Section	volume_install.NT
		Hardware ID	STORAGE\Volume

[ System devices / ACPI Fan ]

	Device Properties:
		Driver Description	ACPI Fan
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV
		Hardware ID	ACPI\VEN_PNP&DEV_0C0B

[ System devices / ACPI Fan ]

	Device Properties:
		Driver Description	ACPI Fan
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV
		Hardware ID	ACPI\VEN_PNP&DEV_0C0B

[ System devices / ACPI Fan ]

	Device Properties:
		Driver Description	ACPI Fan
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV
		Hardware ID	ACPI\VEN_PNP&DEV_0C0B

[ System devices / ACPI Fan ]

	Device Properties:
		Driver Description	ACPI Fan
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV
		Hardware ID	ACPI\VEN_PNP&DEV_0C0B

[ System devices / ACPI Fan ]

	Device Properties:
		Driver Description	ACPI Fan
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV
		Hardware ID	ACPI\VEN_PNP&DEV_0C0B

[ System devices / ACPI Fixed Feature Button ]

	Device Properties:
		Driver Description	ACPI Fixed Feature Button
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV
		Hardware ID	ACPI\FixedButton

[ System devices / ACPI Power Button ]

	Device Properties:
		Driver Description	ACPI Power Button
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV
		Hardware ID	ACPI\VEN_PNP&DEV_0C0C

[ System devices / ACPI Thermal Zone ]

	Device Properties:
		Driver Description	ACPI Thermal Zone
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV
		Hardware ID	ACPI\ThermalZone

[ System devices / ACPI Thermal Zone ]

	Device Properties:
		Driver Description	ACPI Thermal Zone
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV
		Hardware ID	ACPI\ThermalZone

[ System devices / Composite Bus Enumerator ]

	Device Properties:
		Driver Description	Composite Bus Enumerator
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	compositebus.inf
		INF Section	CompositeBus_Device.NT
		Hardware ID	ROOT\CompositeBus

[ System devices / Direct memory access controller ]

	Device Properties:
		Driver Description	Direct memory access controller
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_X
		Hardware ID	ACPI\VEN_PNP&DEV_0200

[ System devices / High Definition Audio Controller ]

	Device Properties:
		Driver Description	High Definition Audio Controller
		Driver Date	7/15/2016
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	hdaudbus.inf
		INF Section	HDAudio_Device.NT
		Hardware ID	PCI\VEN_8086&DEV_1E20&SUBSYS_A0021458&REV_04
		Location Information	PCI bus 0, device 27, function 0
		PCI Device	Intel Panther Point PCH - High Definition Audio Controller [C-1]

	Device Resources:
		IRQ	22
		Memory	F7F10000-F7F13FFF

[ System devices / High Definition Audio Controller ]

	Device Properties:
		Driver Description	High Definition Audio Controller
		Driver Date	7/15/2016
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	hdaudbus.inf
		INF Section	HDAudio_Device.NT
		Hardware ID	PCI\VEN_1002&DEV_AAB0&SUBSYS_AAB01462&REV_00
		Location Information	PCI bus 1, device 0, function 1
		PCI Device	AMD Cape Verde/Pitcairn/Curacao/Heathrow/Chelsea/Venus - High Definition Audio Controller

	Device Resources:
		IRQ	17
		Memory	F7E60000-F7E63FFF

[ System devices / High precision event timer ]

	Device Properties:
		Driver Description	High precision event timer
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_HPET
		Hardware ID	ACPI\VEN_PNP&DEV_0103

[ System devices / Intel(R) Management Engine Interface ]

	Device Properties:
		Driver Description	Intel(R) Management Engine Interface
		Driver Date	7/7/2015
		Driver Version	11.0.0.1157
		Driver Provider	Intel
		INF File	oem5.inf
		INF Section	TEE_DDI_W10_x64
		Hardware ID	PCI\VEN_8086&DEV_1E3A&SUBSYS_1C3A1458&REV_04
		Location Information	PCI bus 0, device 22, function 0
		PCI Device	Intel Panther Point PCH - Host Embedded Controller Interface 1 (HECI1) [C-1]

	Device Resources:
		IRQ	65536
		Memory	F7F1A000-F7F1A00F

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ System devices / Legacy device ]

	Device Properties:
		Driver Description	Legacy device
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_MEM
		Hardware ID	ACPI\VEN_INT&DEV_0800

[ System devices / LPC Controller ]

	Device Properties:
		Driver Description	LPC Controller
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	MSISADRV
		Hardware ID	PCI\VEN_8086&DEV_1E44&SUBSYS_50011458&REV_04
		Location Information	PCI bus 0, device 31, function 0
		PCI Device	Intel Z77 Chipset - LPC Interface Controller [C-1]

[ System devices / Memory Controller ]

	Device Properties:
		Driver Description	Memory Controller
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV
		Hardware ID	PCI\VEN_8086&DEV_0100&SUBSYS_50001458&REV_09
		Location Information	PCI bus 0, device 0, function 0
		PCI Device	Intel Sandy Bridge-DT - Host Bridge/DRAM Controller

[ System devices / Microsoft ACPI-Compliant System ]

	Device Properties:
		Driver Description	Microsoft ACPI-Compliant System
		Driver Date	6/21/2006
		Driver Version	10.0.14393.447
		Driver Provider	Microsoft
		INF File	acpi.inf
		INF Section	ACPI_Inst.NT
		Hardware ID	ACPI_HAL\PNP0C08
		PnP Device	ACPI Driver/BIOS

	Device Resources:
		IRQ	100
		IRQ	101
		IRQ	102
		IRQ	103
		IRQ	104
		IRQ	105
		IRQ	106
		IRQ	107
		IRQ	108
		IRQ	109
		IRQ	110
		IRQ	111
		IRQ	112
		IRQ	113
		IRQ	114
		IRQ	115
		IRQ	116
		IRQ	117
		IRQ	118
		IRQ	119
		IRQ	120
		IRQ	121
		IRQ	122
		IRQ	123
		IRQ	124
		IRQ	125
		IRQ	126
		IRQ	127
		IRQ	128
		IRQ	129
		IRQ	130
		IRQ	131
		IRQ	132
		IRQ	133
		IRQ	134
		IRQ	135
		IRQ	136
		IRQ	137
		IRQ	138
		IRQ	139
		IRQ	140
		IRQ	141
		IRQ	142
		IRQ	143
		IRQ	144
		IRQ	145
		IRQ	146
		IRQ	147
		IRQ	148
		IRQ	149
		IRQ	150
		IRQ	151
		IRQ	152
		IRQ	153
		IRQ	154
		IRQ	155
		IRQ	156
		IRQ	157
		IRQ	158
		IRQ	159
		IRQ	160
		IRQ	161
		IRQ	162
		IRQ	163
		IRQ	164
		IRQ	165
		IRQ	166
		IRQ	167
		IRQ	168
		IRQ	169
		IRQ	170
		IRQ	171
		IRQ	172
		IRQ	173
		IRQ	174
		IRQ	175
		IRQ	176
		IRQ	177
		IRQ	178
		IRQ	179
		IRQ	180
		IRQ	181
		IRQ	182
		IRQ	183
		IRQ	184
		IRQ	185
		IRQ	186
		IRQ	187
		IRQ	188
		IRQ	189
		IRQ	190
		IRQ	191
		IRQ	192
		IRQ	193
		IRQ	194
		IRQ	195
		IRQ	196
		IRQ	197
		IRQ	198
		IRQ	199
		IRQ	200
		IRQ	201
		IRQ	202
		IRQ	203
		IRQ	204
		IRQ	256
		IRQ	257
		IRQ	258
		IRQ	259
		IRQ	260
		IRQ	261
		IRQ	262
		IRQ	263
		IRQ	264
		IRQ	265
		IRQ	266
		IRQ	267
		IRQ	268
		IRQ	269
		IRQ	270
		IRQ	271
		IRQ	272
		IRQ	273
		IRQ	274
		IRQ	275
		IRQ	276
		IRQ	277
		IRQ	278
		IRQ	279
		IRQ	280
		IRQ	281
		IRQ	282
		IRQ	283
		IRQ	284
		IRQ	285
		IRQ	286
		IRQ	287
		IRQ	288
		IRQ	289
		IRQ	290
		IRQ	291
		IRQ	292
		IRQ	293
		IRQ	294
		IRQ	295
		IRQ	296
		IRQ	297
		IRQ	298
		IRQ	299
		IRQ	300
		IRQ	301
		IRQ	302
		IRQ	303
		IRQ	304
		IRQ	305
		IRQ	306
		IRQ	307
		IRQ	308
		IRQ	309
		IRQ	310
		IRQ	311
		IRQ	312
		IRQ	313
		IRQ	314
		IRQ	315
		IRQ	316
		IRQ	317
		IRQ	318
		IRQ	319
		IRQ	320
		IRQ	321
		IRQ	322
		IRQ	323
		IRQ	324
		IRQ	325
		IRQ	326
		IRQ	327
		IRQ	328
		IRQ	329
		IRQ	330
		IRQ	331
		IRQ	332
		IRQ	333
		IRQ	334
		IRQ	335
		IRQ	336
		IRQ	337
		IRQ	338
		IRQ	339
		IRQ	340
		IRQ	341
		IRQ	342
		IRQ	343
		IRQ	344
		IRQ	345
		IRQ	346
		IRQ	347
		IRQ	348
		IRQ	349
		IRQ	350
		IRQ	351
		IRQ	352
		IRQ	353
		IRQ	354
		IRQ	355
		IRQ	356
		IRQ	357
		IRQ	358
		IRQ	359
		IRQ	360
		IRQ	361
		IRQ	362
		IRQ	363
		IRQ	364
		IRQ	365
		IRQ	366
		IRQ	367
		IRQ	368
		IRQ	369
		IRQ	370
		IRQ	371
		IRQ	372
		IRQ	373
		IRQ	374
		IRQ	375
		IRQ	376
		IRQ	377
		IRQ	378
		IRQ	379
		IRQ	380
		IRQ	381
		IRQ	382
		IRQ	383
		IRQ	384
		IRQ	385
		IRQ	386
		IRQ	387
		IRQ	388
		IRQ	389
		IRQ	390
		IRQ	391
		IRQ	392
		IRQ	393
		IRQ	394
		IRQ	395
		IRQ	396
		IRQ	397
		IRQ	398
		IRQ	399
		IRQ	400
		IRQ	401
		IRQ	402
		IRQ	403
		IRQ	404
		IRQ	405
		IRQ	406
		IRQ	407
		IRQ	408
		IRQ	409
		IRQ	410
		IRQ	411
		IRQ	412
		IRQ	413
		IRQ	414
		IRQ	415
		IRQ	416
		IRQ	417
		IRQ	418
		IRQ	419
		IRQ	420
		IRQ	421
		IRQ	422
		IRQ	423
		IRQ	424
		IRQ	425
		IRQ	426
		IRQ	427
		IRQ	428
		IRQ	429
		IRQ	430
		IRQ	431
		IRQ	432
		IRQ	433
		IRQ	434
		IRQ	435
		IRQ	436
		IRQ	437
		IRQ	438
		IRQ	439
		IRQ	440
		IRQ	441
		IRQ	442
		IRQ	443
		IRQ	444
		IRQ	445
		IRQ	446
		IRQ	447
		IRQ	448
		IRQ	449
		IRQ	450
		IRQ	451
		IRQ	452
		IRQ	453
		IRQ	454
		IRQ	455
		IRQ	456
		IRQ	457
		IRQ	458
		IRQ	459
		IRQ	460
		IRQ	461
		IRQ	462
		IRQ	463
		IRQ	464
		IRQ	465
		IRQ	466
		IRQ	467
		IRQ	468
		IRQ	469
		IRQ	470
		IRQ	471
		IRQ	472
		IRQ	473
		IRQ	474
		IRQ	475
		IRQ	476
		IRQ	477
		IRQ	478
		IRQ	479
		IRQ	480
		IRQ	481
		IRQ	482
		IRQ	483
		IRQ	484
		IRQ	485
		IRQ	486
		IRQ	487
		IRQ	488
		IRQ	489
		IRQ	490
		IRQ	491
		IRQ	492
		IRQ	493
		IRQ	494
		IRQ	495
		IRQ	496
		IRQ	497
		IRQ	498
		IRQ	499
		IRQ	500
		IRQ	501
		IRQ	502
		IRQ	503
		IRQ	504
		IRQ	505
		IRQ	506
		IRQ	507
		IRQ	508
		IRQ	509
		IRQ	510
		IRQ	511
		IRQ	54
		IRQ	55
		IRQ	56
		IRQ	57
		IRQ	58
		IRQ	59
		IRQ	60
		IRQ	61
		IRQ	62
		IRQ	63
		IRQ	64
		IRQ	65
		IRQ	66
		IRQ	67
		IRQ	68
		IRQ	69
		IRQ	70
		IRQ	71
		IRQ	72
		IRQ	73
		IRQ	74
		IRQ	75
		IRQ	76
		IRQ	77
		IRQ	78
		IRQ	79
		IRQ	80
		IRQ	81
		IRQ	82
		IRQ	83
		IRQ	84
		IRQ	85
		IRQ	86
		IRQ	87
		IRQ	88
		IRQ	89
		IRQ	90
		IRQ	91
		IRQ	92
		IRQ	93
		IRQ	94
		IRQ	95
		IRQ	96
		IRQ	97
		IRQ	98
		IRQ	99

[ System devices / Microsoft Basic Display Driver ]

	Device Properties:
		Driver Description	Microsoft Basic Display Driver
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	basicdisplay.inf
		INF Section	MSBDD_Fallback
		Hardware ID	ROOT\BasicDisplay

[ System devices / Microsoft Basic Render Driver ]

	Device Properties:
		Driver Description	Microsoft Basic Render Driver
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	basicrender.inf
		INF Section	BasicRender
		Hardware ID	ROOT\BasicRender

[ System devices / Microsoft System Management BIOS Driver ]

	Device Properties:
		Driver Description	Microsoft System Management BIOS Driver
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	mssmbios.inf
		INF Section	MSSMBIOS_DRV
		Hardware ID	ROOT\mssmbios

[ System devices / Microsoft Virtual Drive Enumerator ]

	Device Properties:
		Driver Description	Microsoft Virtual Drive Enumerator
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	vdrvroot.inf
		INF Section	VDRVROOT
		Hardware ID	ROOT\vdrvroot

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_MBRES
		Hardware ID	ACPI\VEN_PNP&DEV_0C02

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_MBRES
		Hardware ID	ACPI\VEN_PNP&DEV_0C02

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_MBRES
		Hardware ID	ACPI\VEN_INT&DEV_3F0D

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_MBRES
		Hardware ID	ACPI\VEN_PNP&DEV_0C02

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_MBRES
		Hardware ID	ACPI\VEN_PNP&DEV_0C02

[ System devices / NDIS Virtual Network Adapter Enumerator ]

	Device Properties:
		Driver Description	NDIS Virtual Network Adapter Enumerator
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	ndisvirtualbus.inf
		INF Section	NdisVirtualBus_Device.NT
		Hardware ID	ROOT\NdisVirtualBus

[ System devices / Numeric data processor ]

	Device Properties:
		Driver Description	Numeric data processor
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_X
		Hardware ID	ACPI\VEN_PNP&DEV_0C04

[ System devices / PCI Express Root Complex ]

	Device Properties:
		Driver Description	PCI Express Root Complex
		Driver Date	6/21/2006
		Driver Version	10.0.14393.351
		Driver Provider	Microsoft
		INF File	pci.inf
		INF Section	PCI_ROOT
		Hardware ID	ACPI\VEN_PNP&DEV_0A08

	Device Resources:
		Memory	000A0000-000BFFFF
		Memory	000D0000-000D3FFF
		Memory	000D4000-000D7FFF
		Memory	000D8000-000DBFFF
		Memory	000DC000-000DFFFF
		Memory	000E0000-000E3FFF
		Memory	000E4000-000E7FFF
		Memory	E0000000-FEAFFFFF
		Port	0000-0CF7
		Port	0D00-FFFF

[ System devices / PCI-to-PCI Bridge ]

	Device Properties:
		Driver Description	PCI-to-PCI Bridge
		Driver Date	6/21/2006
		Driver Version	10.0.14393.351
		Driver Provider	Microsoft
		INF File	pci.inf
		INF Section	PCI_BRIDGE
		Hardware ID	PCI\VEN_8086&DEV_0101&SUBSYS_50001458&REV_09
		Location Information	PCI bus 0, device 1, function 0
		PCI Device	Intel Sandy Bridge - PCI Express Controller

	Device Resources:
		Memory	000A0000-000BFFFF
		Memory	E0000000-EFFFFFFF
		Memory	F7E00000-F7EFFFFF
		Port	03B0-03BB
		Port	03C0-03DF
		Port	E000-EFFF

[ System devices / PCI-to-PCI Bridge ]

	Device Properties:
		Driver Description	PCI-to-PCI Bridge
		Driver Date	6/21/2006
		Driver Version	10.0.14393.351
		Driver Provider	Microsoft
		INF File	pci.inf
		INF Section	PCI_BRIDGE
		Hardware ID	PCI\VEN_8086&DEV_1E10&SUBSYS_50011458&REV_C4
		Location Information	PCI bus 0, device 28, function 0
		PCI Device	Intel Panther Point PCH - PCI Express Port 1

[ System devices / PCI-to-PCI Bridge ]

	Device Properties:
		Driver Description	PCI-to-PCI Bridge
		Driver Date	6/21/2006
		Driver Version	10.0.14393.351
		Driver Provider	Microsoft
		INF File	pci.inf
		INF Section	PCI_BRIDGE
		Hardware ID	PCI\VEN_8086&DEV_1E14&SUBSYS_50011458&REV_C4
		Location Information	PCI bus 0, device 28, function 2
		PCI Device	Intel Panther Point PCH - PCI Express Port 3

	Device Resources:
		Memory	F7D00000-F7DFFFFF
		Port	D000-DFFF

[ System devices / PCI-to-PCI Bridge ]

	Device Properties:
		Driver Description	PCI-to-PCI Bridge
		Driver Date	6/21/2006
		Driver Version	10.0.14393.351
		Driver Provider	Microsoft
		INF File	pci.inf
		INF Section	PCI_BRIDGE
		Hardware ID	PCI\VEN_8086&DEV_244E&SUBSYS_50011458&REV_C4
		Location Information	PCI bus 0, device 28, function 3
		PCI Device	Intel 82801EB I/O Controller Hub 5 (ICH5)

[ System devices / PCI-to-PCI Bridge ]

	Device Properties:
		Driver Description	PCI-to-PCI Bridge
		Driver Date	6/21/2006
		Driver Version	10.0.14393.351
		Driver Provider	Microsoft
		INF File	pci.inf
		INF Section	PCI_BRIDGE
		Hardware ID	PCI\VEN_8086&DEV_244E&SUBSYS_88921458&REV_41
		Location Information	PCI bus 4, device 0, function 0
		PCI Device	Intel 82801CA I/O Controller Hub 3-S (ICH3-S) [B-0]

[ System devices / Plug and Play Software Device Enumerator ]

	Device Properties:
		Driver Description	Plug and Play Software Device Enumerator
		Driver Date	7/15/2016
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	swenum.inf
		INF Section	SWENUM
		Hardware ID	ROOT\SWENUM

[ System devices / Programmable interrupt controller ]

	Device Properties:
		Driver Description	Programmable interrupt controller
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_PIC
		Hardware ID	ACPI\VEN_PNP&DEV_0000

[ System devices / Remote Desktop Device Redirector Bus ]

	Device Properties:
		Driver Description	Remote Desktop Device Redirector Bus
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	rdpbus.inf
		INF Section	RDPBUS
		Hardware ID	ROOT\RDPBUS

[ System devices / SM Bus Controller ]

	Device Properties:
		Driver Description	SM Bus Controller
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV
		Hardware ID	PCI\VEN_8086&DEV_1E22&SUBSYS_50011458&REV_04
		Location Information	PCI bus 0, device 31, function 3
		PCI Device	Intel Panther Point PCH - SMBus Controller [C-1]

[ System devices / System board ]

	Device Properties:
		Driver Description	System board
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_MBRES
		Hardware ID	ACPI\VEN_PNP&DEV_0C01

[ System devices / System CMOS/real time clock ]

	Device Properties:
		Driver Description	System CMOS/real time clock
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_X
		Hardware ID	ACPI\VEN_PNP&DEV_0B00

	Device Resources:
		IRQ	08
		Port	0070-0077

[ System devices / System timer ]

	Device Properties:
		Driver Description	System timer
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_X
		Hardware ID	ACPI\VEN_PNP&DEV_0100

[ System devices / UMBus Root Bus Enumerator ]

	Device Properties:
		Driver Description	UMBus Root Bus Enumerator
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	umbus.inf
		INF Section	UmBusRoot_Device.NT
		Hardware ID	root\umbus

[ System devices / Volume Manager ]

	Device Properties:
		Driver Description	Volume Manager
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	volmgr.inf
		INF Section	Volmgr
		Hardware ID	ROOT\VOLMGR

[ Universal Serial Bus controllers / Generic USB Hub ]

	Device Properties:
		Driver Description	Generic USB Hub
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	usb.inf
		INF Section	StandardHub.Dev.NT
		Hardware ID	USB\VID_8087&PID_0024&REV_0000
		Location Information	Port_#0001.Hub_#0001

[ Universal Serial Bus controllers / Generic USB Hub ]

	Device Properties:
		Driver Description	Generic USB Hub
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	usb.inf
		INF Section	StandardHub.Dev.NT
		Hardware ID	USB\VID_8087&PID_0024&REV_0000
		Location Information	Port_#0001.Hub_#0002

[ Universal Serial Bus controllers / Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26 ]

	Device Properties:
		Driver Description	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	usbport.inf
		INF Section	EHCI.Dev.NT
		Hardware ID	PCI\VEN_8086&DEV_1E26&SUBSYS_50061458&REV_04
		Location Information	PCI bus 0, device 29, function 0
		PCI Device	Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1]

	Device Resources:
		IRQ	23
		Memory	F7F17000-F7F173FF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Universal Serial Bus controllers / Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D ]

	Device Properties:
		Driver Description	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	usbport.inf
		INF Section	EHCI.Dev.NT
		Hardware ID	PCI\VEN_8086&DEV_1E2D&SUBSYS_50061458&REV_04
		Location Information	PCI bus 0, device 26, function 0
		PCI Device	Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1]

	Device Resources:
		IRQ	16
		Memory	F7F18000-F7F183FF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Universal Serial Bus controllers / Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft) ]

	Device Properties:
		Driver Description	Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
		Driver Date	7/15/2016
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	usbxhci.inf
		INF Section	Generic.Install.NT
		Hardware ID	PCI\VEN_8086&DEV_1E31&SUBSYS_50071458&REV_04
		Location Information	PCI bus 0, device 20, function 0
		PCI Device	Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1]

	Device Resources:
		IRQ	65536
		Memory	F7F00000-F7F0FFFF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Universal Serial Bus controllers / USB Composite Device ]

	Device Properties:
		Driver Description	USB Composite Device
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	usb.inf
		INF Section	Composite.Dev.NT
		Hardware ID	USB\VID_04B4&PID_0101&REV_0001
		Location Information	Port_#0005.Hub_#0004

[ Universal Serial Bus controllers / USB Composite Device ]

	Device Properties:
		Driver Description	USB Composite Device
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	usb.inf
		INF Section	Composite.Dev.NT
		Hardware ID	USB\VID_1D57&PID_FFA8&REV_0110
		Location Information	Port_#0006.Hub_#0004

[ Universal Serial Bus controllers / USB Mass Storage Device ]

	Device Properties:
		Driver Description	USB Mass Storage Device
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	usbstor.inf
		INF Section	USBSTOR_BULK.NT
		Hardware ID	USB\VID_0951&PID_1666&REV_0110
		Location Information	Port_#0001.Hub_#0004

[ Universal Serial Bus controllers / USB Root Hub (xHCI) ]

	Device Properties:
		Driver Description	USB Root Hub (xHCI)
		Driver Date	7/15/2016
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	usbhub3.inf
		INF Section	Generic.Install.NT
		Hardware ID	USB\ROOT_HUB30&VID8086&PID1E31&REV0004

[ Universal Serial Bus controllers / USB Root Hub ]

	Device Properties:
		Driver Description	USB Root Hub
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	usbport.inf
		INF Section	ROOTHUB.Dev.NT
		Hardware ID	USB\ROOT_HUB20&VID8086&PID1E2D&REV0004

[ Universal Serial Bus controllers / USB Root Hub ]

	Device Properties:
		Driver Description	USB Root Hub
		Driver Date	6/21/2006
		Driver Version	10.0.14393.0
		Driver Provider	Microsoft
		INF File	usbport.inf
		INF Section	ROOTHUB.Dev.NT
		Hardware ID	USB\ROOT_HUB20&VID8086&PID1E26&REV0004

[ Unknown / Unknown ]

	Device Properties:
		Driver Description	Unknown

Physical Devices


PCI Devices:
	Bus 1, Device 0, Function 1	AMD Cape Verde/Pitcairn/Curacao/Heathrow/Chelsea/Venus - High Definition Audio Controller
	Bus 3, Device 0, Function 0	Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller
	Bus 4, Device 0, Function 0	Intel 82801CA I/O Controller Hub 3-S (ICH3-S) [B-0]
	Bus 0, Device 28, Function 3	Intel 82801EB I/O Controller Hub 5 (ICH5)
	Bus 0, Device 27, Function 0	Intel Panther Point PCH - High Definition Audio Controller [C-1]
	Bus 0, Device 22, Function 0	Intel Panther Point PCH - Host Embedded Controller Interface 1 (HECI1) [C-1]
	Bus 0, Device 28, Function 0	Intel Panther Point PCH - PCI Express Port 1
	Bus 0, Device 28, Function 2	Intel Panther Point PCH - PCI Express Port 3
	Bus 0, Device 31, Function 2	Intel Panther Point PCH - SATA AHCI Controller [C-1]
	Bus 0, Device 31, Function 3	Intel Panther Point PCH - SMBus Controller [C-1]
	Bus 0, Device 31, Function 6	Intel Panther Point PCH - Thermal Management Controller [C-1]
	Bus 0, Device 29, Function 0	Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1]
	Bus 0, Device 26, Function 0	Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1]
	Bus 0, Device 20, Function 0	Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1]
	Bus 0, Device 1, Function 0	Intel Sandy Bridge - PCI Express Controller
	Bus 0, Device 0, Function 0	Intel Sandy Bridge-DT - Host Bridge/DRAM Controller
	Bus 0, Device 31, Function 0	Intel Z77 Chipset - LPC Interface Controller [C-1]
	Bus 1, Device 0, Function 0	MSI R7750 (MS-V279) Video Adapter

PnP Devices:
	PNP0501	16550A-compatible UART Serial Port
	PNP0C08	ACPI Driver/BIOS
	FIXEDBUTTON	ACPI Fixed Feature Button
	THERMALZONE	ACPI Thermal Zone
	THERMALZONE	ACPI Thermal Zone
	PNP0A08	ACPI Three-wire Device Bus
	PNP0200	DMA Controller
	PNP0C0B	Fan
	PNP0C0B	Fan
	PNP0C0B	Fan
	PNP0C0B	Fan
	PNP0C0B	Fan
	PNP0103	High Precision Event Timer
	INT0800	Intel Flash EEPROM
	INT3F0D	Intel Watchdog Timer
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-_________INTEL(R)_CORE(TM)_I7-2600_CPU_@_3.40GHZ	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-_________INTEL(R)_CORE(TM)_I7-2600_CPU_@_3.40GHZ	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-_________INTEL(R)_CORE(TM)_I7-2600_CPU_@_3.40GHZ	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-_________INTEL(R)_CORE(TM)_I7-2600_CPU_@_3.40GHZ	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-_________INTEL(R)_CORE(TM)_I7-2600_CPU_@_3.40GHZ	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-_________INTEL(R)_CORE(TM)_I7-2600_CPU_@_3.40GHZ	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-_________INTEL(R)_CORE(TM)_I7-2600_CPU_@_3.40GHZ	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-_________INTEL(R)_CORE(TM)_I7-2600_CPU_@_3.40GHZ	Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
	PNP0C04	Numeric Data Processor
	PNP0C0C	Power Button
	PNP0000	Programmable Interrupt Controller
	PNP0B00	Real-Time Clock
	PNP0C01	System Board Extension
	PNP0100	System Timer
	PNP0C02	Thermal Monitoring ACPI Device
	PNP0C02	Thermal Monitoring ACPI Device
	PNP0C02	Thermal Monitoring ACPI Device
	PNP0C02	Thermal Monitoring ACPI Device

USB Devices:
	8087 0024	Generic USB Hub
	8087 0024	Generic USB Hub
	04B4 0101	USB Composite Device
	1D57 FFA8	USB Composite Device
	04B4 0101	USB Input Device
	04B4 0101	USB Input Device
	1D57 FFA8	USB Input Device
	1D57 FFA8	USB Input Device
	0951 1666	USB Mass Storage Device

Ports:
	COM1	Communications Port (COM1)

PCI Devices


[ AMD Cape Verde/Pitcairn/Curacao/Heathrow/Chelsea/Venus - High Definition Audio Controller ]

	Device Properties:
		Device Description	AMD Cape Verde/Pitcairn/Curacao/Heathrow/Chelsea/Venus - High Definition Audio Controller
		Bus Type	PCI Express 3.0 x16
		Bus / Device / Function	1 / 0 / 1
		Device ID	1002-AAB0
		Subsystem ID	1462-AAB0
		Device Class	0403 (High Definition Audio)
		Revision	00
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller ]

	Device Properties:
		Device Description	Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller
		Bus Type	PCI Express 1.0 x1
		Bus / Device / Function	3 / 0 / 0
		Device ID	1969-1091
		Subsystem ID	1458-E000
		Device Class	0200 (Ethernet Controller)
		Revision	10
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

	Network Adapter Manufacturer:
		Company Name	Qualcomm Technologies, Inc.
		Product Information	http://www.qualcomm.com/products/networking
		Driver Download	http://www.qualcomm.com
		Driver Update	http://www.aida64.com/driver-updates

[ Intel 82801CA I/O Controller Hub 3-S (ICH3-S) [B-0] ]

	Device Properties:
		Device Description	Intel 82801CA I/O Controller Hub 3-S (ICH3-S) [B-0]
		Bus Type	PCI
		Bus / Device / Function	4 / 0 / 0
		Device ID	8086-244E
		Subsystem ID	0000-0000
		Device Class	0604 (PCI/PCI Bridge)
		Revision	41
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel 82801EB I/O Controller Hub 5 (ICH5) ]

	Device Properties:
		Device Description	Intel 82801EB I/O Controller Hub 5 (ICH5)
		Bus Type	PCI
		Bus / Device / Function	0 / 28 / 3
		Device ID	8086-244E
		Subsystem ID	0000-0000
		Device Class	0604 (PCI/PCI Bridge)
		Revision	C4
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Panther Point PCH - High Definition Audio Controller [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - High Definition Audio Controller [C-1]
		Bus Type	PCI Express 1.0
		Bus / Device / Function	0 / 27 / 0
		Device ID	8086-1E20
		Subsystem ID	1458-A002
		Device Class	0403 (High Definition Audio)
		Revision	04
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Panther Point PCH - Host Embedded Controller Interface 1 (HECI1) [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - Host Embedded Controller Interface 1 (HECI1) [C-1]
		Bus Type	PCI
		Bus / Device / Function	0 / 22 / 0
		Device ID	8086-1E3A
		Subsystem ID	1458-1C3A
		Device Class	0780 (Communications Controller)
		Revision	04
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Panther Point PCH - PCI Express Port 1 ]

	Device Properties:
		Device Description	Intel Panther Point PCH - PCI Express Port 1
		Bus Type	PCI
		Bus / Device / Function	0 / 28 / 0
		Device ID	8086-1E10
		Subsystem ID	0000-0000
		Device Class	0604 (PCI/PCI Bridge)
		Revision	C4
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Panther Point PCH - PCI Express Port 3 ]

	Device Properties:
		Device Description	Intel Panther Point PCH - PCI Express Port 3
		Bus Type	PCI
		Bus / Device / Function	0 / 28 / 2
		Device ID	8086-1E14
		Subsystem ID	0000-0000
		Device Class	0604 (PCI/PCI Bridge)
		Revision	C4
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Panther Point PCH - SATA AHCI Controller [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - SATA AHCI Controller [C-1]
		Bus Type	PCI
		Bus / Device / Function	0 / 31 / 2
		Device ID	8086-1E02
		Subsystem ID	1458-B005
		Device Class	0106 (SATA Controller)
		Revision	04
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Supported
		Bus Mastering	Enabled

[ Intel Panther Point PCH - SMBus Controller [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - SMBus Controller [C-1]
		Bus Type	PCI
		Bus / Device / Function	0 / 31 / 3
		Device ID	8086-1E22
		Subsystem ID	1458-5001
		Device Class	0C05 (SMBus Controller)
		Revision	04
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Disabled

[ Intel Panther Point PCH - Thermal Management Controller [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - Thermal Management Controller [C-1]
		Bus Type	PCI
		Bus / Device / Function	0 / 31 / 6
		Device ID	8086-1E24
		Subsystem ID	1458-5000
		Device Class	1180 (Data Acquisition / Signal Processing Controller)
		Revision	04
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Disabled

[ Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1]
		Bus Type	PCI
		Bus / Device / Function	0 / 29 / 0
		Device ID	8086-1E26
		Subsystem ID	1458-5006
		Device Class	0C03 (USB2 EHCI Controller)
		Revision	04
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1]
		Bus Type	PCI
		Bus / Device / Function	0 / 26 / 0
		Device ID	8086-1E2D
		Subsystem ID	1458-5006
		Device Class	0C03 (USB2 EHCI Controller)
		Revision	04
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1]
		Bus Type	PCI
		Bus / Device / Function	0 / 20 / 0
		Device ID	8086-1E31
		Subsystem ID	1458-5007
		Device Class	0C03 (USB3 xHCI Controller)
		Revision	04
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Sandy Bridge - PCI Express Controller ]

	Device Properties:
		Device Description	Intel Sandy Bridge - PCI Express Controller
		Bus Type	PCI
		Bus / Device / Function	0 / 1 / 0
		Device ID	8086-0101
		Subsystem ID	0000-0000
		Device Class	0604 (PCI/PCI Bridge)
		Revision	09
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Sandy Bridge-DT - Host Bridge/DRAM Controller ]

	Device Properties:
		Device Description	Intel Sandy Bridge-DT - Host Bridge/DRAM Controller
		Bus Type	PCI
		Bus / Device / Function	0 / 0 / 0
		Device ID	8086-0100
		Subsystem ID	1458-5000
		Device Class	0600 (Host/PCI Bridge)
		Revision	09
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Z77 Chipset - LPC Interface Controller [C-1] ]

	Device Properties:
		Device Description	Intel Z77 Chipset - LPC Interface Controller [C-1]
		Bus Type	PCI
		Bus / Device / Function	0 / 31 / 0
		Device ID	8086-1E44
		Subsystem ID	1458-5001
		Device Class	0601 (PCI/ISA Bridge)
		Revision	04
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ MSI R7750 (MS-V279) Video Adapter ]

	Device Properties:
		Device Description	MSI R7750 (MS-V279) Video Adapter
		Bus Type	PCI Express 3.0 x16
		Bus / Device / Function	1 / 0 / 0
		Device ID	1002-683F
		Subsystem ID	1462-2792
		Device Class	0300 (VGA Display Controller)
		Revision	00
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

	Video Adapter Manufacturer:
		Company Name	Micro-Star Int'l Co.,Ltd.
		Product Information	http://www.msi.com/product/vga/
		Driver Download	http://www.msi.com/service/download/
		Driver Update	http://www.aida64.com/driver-updates

USB Devices


[ Generic USB Hub ]

	Device Properties:
		Device Description	Generic USB Hub
		Device ID	8087-0024
		Device Class	09 / 00 (Hi-Speed Hub with single TT)
		Device Protocol	01
		Revision	0000h
		Supported USB Version	2.00
		Current Speed	High (USB 2.0)

[ USB Mass Storage Device (DataTraveler 3.0) ]

	Device Properties:
		Device Description	USB Mass Storage Device
		Device ID	0951-1666
		Device Class	08 / 06 (Mass Storage)
		Device Protocol	50
		Revision	0110h
		Manufacturer	Kingston
		Product	DataTraveler 3.0
		Serial Number	D067E51599A7B03106085116
		Supported USB Version	2.10 (USB 3.0 device connected to a USB 2.0 port)
		Current Speed	High (USB 2.0)

[ USB Composite Device (SteelS?¯??DATA) ]

	Device Properties:
		Device Description	USB Composite Device
		Device ID	04B4-0101
		Device Class	03 / 01 (Human Interface Device)
		Device Protocol	01
		Revision	0001h
		Manufacturer	DATACOMP
		Product	SteelS?¯??DATA
		Supported USB Version	1.10
		Current Speed	Low (USB 1.1)

[ USB Composite Device (Game mouse) ]

	Device Properties:
		Device Description	USB Composite Device
		Device ID	1D57-FFA8
		Device Class	03 / 01 (Human Interface Device)
		Device Protocol	01
		Revision	0110h
		Product	Game mouse
		Supported USB Version	1.10
		Current Speed	Full (USB 1.1)

[ Generic USB Hub ]

	Device Properties:
		Device Description	Generic USB Hub
		Device ID	8087-0024
		Device Class	09 / 00 (Hi-Speed Hub with single TT)
		Device Protocol	01
		Revision	0000h
		Supported USB Version	2.00
		Current Speed	High (USB 2.0)

Device Resources


Resource	Share	Device Description
IRQ 04	Exclusive	Communications Port (COM1)
IRQ 08	Exclusive	System CMOS/real time clock
IRQ 100	Exclusive	Microsoft ACPI-Compliant System
IRQ 101	Exclusive	Microsoft ACPI-Compliant System
IRQ 102	Exclusive	Microsoft ACPI-Compliant System
IRQ 103	Exclusive	Microsoft ACPI-Compliant System
IRQ 104	Exclusive	Microsoft ACPI-Compliant System
IRQ 105	Exclusive	Microsoft ACPI-Compliant System
IRQ 106	Exclusive	Microsoft ACPI-Compliant System
IRQ 107	Exclusive	Microsoft ACPI-Compliant System
IRQ 108	Exclusive	Microsoft ACPI-Compliant System
IRQ 109	Exclusive	Microsoft ACPI-Compliant System
IRQ 110	Exclusive	Microsoft ACPI-Compliant System
IRQ 111	Exclusive	Microsoft ACPI-Compliant System
IRQ 112	Exclusive	Microsoft ACPI-Compliant System
IRQ 113	Exclusive	Microsoft ACPI-Compliant System
IRQ 114	Exclusive	Microsoft ACPI-Compliant System
IRQ 115	Exclusive	Microsoft ACPI-Compliant System
IRQ 116	Exclusive	Microsoft ACPI-Compliant System
IRQ 117	Exclusive	Microsoft ACPI-Compliant System
IRQ 118	Exclusive	Microsoft ACPI-Compliant System
IRQ 119	Exclusive	Microsoft ACPI-Compliant System
IRQ 120	Exclusive	Microsoft ACPI-Compliant System
IRQ 121	Exclusive	Microsoft ACPI-Compliant System
IRQ 122	Exclusive	Microsoft ACPI-Compliant System
IRQ 123	Exclusive	Microsoft ACPI-Compliant System
IRQ 124	Exclusive	Microsoft ACPI-Compliant System
IRQ 125	Exclusive	Microsoft ACPI-Compliant System
IRQ 126	Exclusive	Microsoft ACPI-Compliant System
IRQ 127	Exclusive	Microsoft ACPI-Compliant System
IRQ 128	Exclusive	Microsoft ACPI-Compliant System
IRQ 129	Exclusive	Microsoft ACPI-Compliant System
IRQ 130	Exclusive	Microsoft ACPI-Compliant System
IRQ 131	Exclusive	Microsoft ACPI-Compliant System
IRQ 132	Exclusive	Microsoft ACPI-Compliant System
IRQ 133	Exclusive	Microsoft ACPI-Compliant System
IRQ 134	Exclusive	Microsoft ACPI-Compliant System
IRQ 135	Exclusive	Microsoft ACPI-Compliant System
IRQ 136	Exclusive	Microsoft ACPI-Compliant System
IRQ 137	Exclusive	Microsoft ACPI-Compliant System
IRQ 138	Exclusive	Microsoft ACPI-Compliant System
IRQ 139	Exclusive	Microsoft ACPI-Compliant System
IRQ 140	Exclusive	Microsoft ACPI-Compliant System
IRQ 141	Exclusive	Microsoft ACPI-Compliant System
IRQ 142	Exclusive	Microsoft ACPI-Compliant System
IRQ 143	Exclusive	Microsoft ACPI-Compliant System
IRQ 144	Exclusive	Microsoft ACPI-Compliant System
IRQ 145	Exclusive	Microsoft ACPI-Compliant System
IRQ 146	Exclusive	Microsoft ACPI-Compliant System
IRQ 147	Exclusive	Microsoft ACPI-Compliant System
IRQ 148	Exclusive	Microsoft ACPI-Compliant System
IRQ 149	Exclusive	Microsoft ACPI-Compliant System
IRQ 150	Exclusive	Microsoft ACPI-Compliant System
IRQ 151	Exclusive	Microsoft ACPI-Compliant System
IRQ 152	Exclusive	Microsoft ACPI-Compliant System
IRQ 153	Exclusive	Microsoft ACPI-Compliant System
IRQ 154	Exclusive	Microsoft ACPI-Compliant System
IRQ 155	Exclusive	Microsoft ACPI-Compliant System
IRQ 156	Exclusive	Microsoft ACPI-Compliant System
IRQ 157	Exclusive	Microsoft ACPI-Compliant System
IRQ 158	Exclusive	Microsoft ACPI-Compliant System
IRQ 159	Exclusive	Microsoft ACPI-Compliant System
IRQ 16	Shared	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
IRQ 160	Exclusive	Microsoft ACPI-Compliant System
IRQ 161	Exclusive	Microsoft ACPI-Compliant System
IRQ 162	Exclusive	Microsoft ACPI-Compliant System
IRQ 163	Exclusive	Microsoft ACPI-Compliant System
IRQ 164	Exclusive	Microsoft ACPI-Compliant System
IRQ 165	Exclusive	Microsoft ACPI-Compliant System
IRQ 166	Exclusive	Microsoft ACPI-Compliant System
IRQ 167	Exclusive	Microsoft ACPI-Compliant System
IRQ 168	Exclusive	Microsoft ACPI-Compliant System
IRQ 169	Exclusive	Microsoft ACPI-Compliant System
IRQ 17	Shared	High Definition Audio Controller
IRQ 170	Exclusive	Microsoft ACPI-Compliant System
IRQ 171	Exclusive	Microsoft ACPI-Compliant System
IRQ 172	Exclusive	Microsoft ACPI-Compliant System
IRQ 173	Exclusive	Microsoft ACPI-Compliant System
IRQ 174	Exclusive	Microsoft ACPI-Compliant System
IRQ 175	Exclusive	Microsoft ACPI-Compliant System
IRQ 176	Exclusive	Microsoft ACPI-Compliant System
IRQ 177	Exclusive	Microsoft ACPI-Compliant System
IRQ 178	Exclusive	Microsoft ACPI-Compliant System
IRQ 179	Exclusive	Microsoft ACPI-Compliant System
IRQ 18	Shared	Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
IRQ 180	Exclusive	Microsoft ACPI-Compliant System
IRQ 181	Exclusive	Microsoft ACPI-Compliant System
IRQ 182	Exclusive	Microsoft ACPI-Compliant System
IRQ 183	Exclusive	Microsoft ACPI-Compliant System
IRQ 184	Exclusive	Microsoft ACPI-Compliant System
IRQ 185	Exclusive	Microsoft ACPI-Compliant System
IRQ 186	Exclusive	Microsoft ACPI-Compliant System
IRQ 187	Exclusive	Microsoft ACPI-Compliant System
IRQ 188	Exclusive	Microsoft ACPI-Compliant System
IRQ 189	Exclusive	Microsoft ACPI-Compliant System
IRQ 190	Exclusive	Microsoft ACPI-Compliant System
IRQ 191	Exclusive	Microsoft ACPI-Compliant System
IRQ 192	Exclusive	Microsoft ACPI-Compliant System
IRQ 193	Exclusive	Microsoft ACPI-Compliant System
IRQ 194	Exclusive	Microsoft ACPI-Compliant System
IRQ 195	Exclusive	Microsoft ACPI-Compliant System
IRQ 196	Exclusive	Microsoft ACPI-Compliant System
IRQ 197	Exclusive	Microsoft ACPI-Compliant System
IRQ 198	Exclusive	Microsoft ACPI-Compliant System
IRQ 199	Exclusive	Microsoft ACPI-Compliant System
IRQ 200	Exclusive	Microsoft ACPI-Compliant System
IRQ 201	Exclusive	Microsoft ACPI-Compliant System
IRQ 202	Exclusive	Microsoft ACPI-Compliant System
IRQ 203	Exclusive	Microsoft ACPI-Compliant System
IRQ 204	Exclusive	Microsoft ACPI-Compliant System
IRQ 22	Shared	High Definition Audio Controller
IRQ 23	Shared	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26
IRQ 256	Exclusive	Microsoft ACPI-Compliant System
IRQ 257	Exclusive	Microsoft ACPI-Compliant System
IRQ 258	Exclusive	Microsoft ACPI-Compliant System
IRQ 259	Exclusive	Microsoft ACPI-Compliant System
IRQ 260	Exclusive	Microsoft ACPI-Compliant System
IRQ 261	Exclusive	Microsoft ACPI-Compliant System
IRQ 262	Exclusive	Microsoft ACPI-Compliant System
IRQ 263	Exclusive	Microsoft ACPI-Compliant System
IRQ 264	Exclusive	Microsoft ACPI-Compliant System
IRQ 265	Exclusive	Microsoft ACPI-Compliant System
IRQ 266	Exclusive	Microsoft ACPI-Compliant System
IRQ 267	Exclusive	Microsoft ACPI-Compliant System
IRQ 268	Exclusive	Microsoft ACPI-Compliant System
IRQ 269	Exclusive	Microsoft ACPI-Compliant System
IRQ 270	Exclusive	Microsoft ACPI-Compliant System
IRQ 271	Exclusive	Microsoft ACPI-Compliant System
IRQ 272	Exclusive	Microsoft ACPI-Compliant System
IRQ 273	Exclusive	Microsoft ACPI-Compliant System
IRQ 274	Exclusive	Microsoft ACPI-Compliant System
IRQ 275	Exclusive	Microsoft ACPI-Compliant System
IRQ 276	Exclusive	Microsoft ACPI-Compliant System
IRQ 277	Exclusive	Microsoft ACPI-Compliant System
IRQ 278	Exclusive	Microsoft ACPI-Compliant System
IRQ 279	Exclusive	Microsoft ACPI-Compliant System
IRQ 280	Exclusive	Microsoft ACPI-Compliant System
IRQ 281	Exclusive	Microsoft ACPI-Compliant System
IRQ 282	Exclusive	Microsoft ACPI-Compliant System
IRQ 283	Exclusive	Microsoft ACPI-Compliant System
IRQ 284	Exclusive	Microsoft ACPI-Compliant System
IRQ 285	Exclusive	Microsoft ACPI-Compliant System
IRQ 286	Exclusive	Microsoft ACPI-Compliant System
IRQ 287	Exclusive	Microsoft ACPI-Compliant System
IRQ 288	Exclusive	Microsoft ACPI-Compliant System
IRQ 289	Exclusive	Microsoft ACPI-Compliant System
IRQ 290	Exclusive	Microsoft ACPI-Compliant System
IRQ 291	Exclusive	Microsoft ACPI-Compliant System
IRQ 292	Exclusive	Microsoft ACPI-Compliant System
IRQ 293	Exclusive	Microsoft ACPI-Compliant System
IRQ 294	Exclusive	Microsoft ACPI-Compliant System
IRQ 295	Exclusive	Microsoft ACPI-Compliant System
IRQ 296	Exclusive	Microsoft ACPI-Compliant System
IRQ 297	Exclusive	Microsoft ACPI-Compliant System
IRQ 298	Exclusive	Microsoft ACPI-Compliant System
IRQ 299	Exclusive	Microsoft ACPI-Compliant System
IRQ 300	Exclusive	Microsoft ACPI-Compliant System
IRQ 301	Exclusive	Microsoft ACPI-Compliant System
IRQ 302	Exclusive	Microsoft ACPI-Compliant System
IRQ 303	Exclusive	Microsoft ACPI-Compliant System
IRQ 304	Exclusive	Microsoft ACPI-Compliant System
IRQ 305	Exclusive	Microsoft ACPI-Compliant System
IRQ 306	Exclusive	Microsoft ACPI-Compliant System
IRQ 307	Exclusive	Microsoft ACPI-Compliant System
IRQ 308	Exclusive	Microsoft ACPI-Compliant System
IRQ 309	Exclusive	Microsoft ACPI-Compliant System
IRQ 310	Exclusive	Microsoft ACPI-Compliant System
IRQ 311	Exclusive	Microsoft ACPI-Compliant System
IRQ 312	Exclusive	Microsoft ACPI-Compliant System
IRQ 313	Exclusive	Microsoft ACPI-Compliant System
IRQ 314	Exclusive	Microsoft ACPI-Compliant System
IRQ 315	Exclusive	Microsoft ACPI-Compliant System
IRQ 316	Exclusive	Microsoft ACPI-Compliant System
IRQ 317	Exclusive	Microsoft ACPI-Compliant System
IRQ 318	Exclusive	Microsoft ACPI-Compliant System
IRQ 319	Exclusive	Microsoft ACPI-Compliant System
IRQ 320	Exclusive	Microsoft ACPI-Compliant System
IRQ 321	Exclusive	Microsoft ACPI-Compliant System
IRQ 322	Exclusive	Microsoft ACPI-Compliant System
IRQ 323	Exclusive	Microsoft ACPI-Compliant System
IRQ 324	Exclusive	Microsoft ACPI-Compliant System
IRQ 325	Exclusive	Microsoft ACPI-Compliant System
IRQ 326	Exclusive	Microsoft ACPI-Compliant System
IRQ 327	Exclusive	Microsoft ACPI-Compliant System
IRQ 328	Exclusive	Microsoft ACPI-Compliant System
IRQ 329	Exclusive	Microsoft ACPI-Compliant System
IRQ 330	Exclusive	Microsoft ACPI-Compliant System
IRQ 331	Exclusive	Microsoft ACPI-Compliant System
IRQ 332	Exclusive	Microsoft ACPI-Compliant System
IRQ 333	Exclusive	Microsoft ACPI-Compliant System
IRQ 334	Exclusive	Microsoft ACPI-Compliant System
IRQ 335	Exclusive	Microsoft ACPI-Compliant System
IRQ 336	Exclusive	Microsoft ACPI-Compliant System
IRQ 337	Exclusive	Microsoft ACPI-Compliant System
IRQ 338	Exclusive	Microsoft ACPI-Compliant System
IRQ 339	Exclusive	Microsoft ACPI-Compliant System
IRQ 340	Exclusive	Microsoft ACPI-Compliant System
IRQ 341	Exclusive	Microsoft ACPI-Compliant System
IRQ 342	Exclusive	Microsoft ACPI-Compliant System
IRQ 343	Exclusive	Microsoft ACPI-Compliant System
IRQ 344	Exclusive	Microsoft ACPI-Compliant System
IRQ 345	Exclusive	Microsoft ACPI-Compliant System
IRQ 346	Exclusive	Microsoft ACPI-Compliant System
IRQ 347	Exclusive	Microsoft ACPI-Compliant System
IRQ 348	Exclusive	Microsoft ACPI-Compliant System
IRQ 349	Exclusive	Microsoft ACPI-Compliant System
IRQ 350	Exclusive	Microsoft ACPI-Compliant System
IRQ 351	Exclusive	Microsoft ACPI-Compliant System
IRQ 352	Exclusive	Microsoft ACPI-Compliant System
IRQ 353	Exclusive	Microsoft ACPI-Compliant System
IRQ 354	Exclusive	Microsoft ACPI-Compliant System
IRQ 355	Exclusive	Microsoft ACPI-Compliant System
IRQ 356	Exclusive	Microsoft ACPI-Compliant System
IRQ 357	Exclusive	Microsoft ACPI-Compliant System
IRQ 358	Exclusive	Microsoft ACPI-Compliant System
IRQ 359	Exclusive	Microsoft ACPI-Compliant System
IRQ 360	Exclusive	Microsoft ACPI-Compliant System
IRQ 361	Exclusive	Microsoft ACPI-Compliant System
IRQ 362	Exclusive	Microsoft ACPI-Compliant System
IRQ 363	Exclusive	Microsoft ACPI-Compliant System
IRQ 364	Exclusive	Microsoft ACPI-Compliant System
IRQ 365	Exclusive	Microsoft ACPI-Compliant System
IRQ 366	Exclusive	Microsoft ACPI-Compliant System
IRQ 367	Exclusive	Microsoft ACPI-Compliant System
IRQ 368	Exclusive	Microsoft ACPI-Compliant System
IRQ 369	Exclusive	Microsoft ACPI-Compliant System
IRQ 370	Exclusive	Microsoft ACPI-Compliant System
IRQ 371	Exclusive	Microsoft ACPI-Compliant System
IRQ 372	Exclusive	Microsoft ACPI-Compliant System
IRQ 373	Exclusive	Microsoft ACPI-Compliant System
IRQ 374	Exclusive	Microsoft ACPI-Compliant System
IRQ 375	Exclusive	Microsoft ACPI-Compliant System
IRQ 376	Exclusive	Microsoft ACPI-Compliant System
IRQ 377	Exclusive	Microsoft ACPI-Compliant System
IRQ 378	Exclusive	Microsoft ACPI-Compliant System
IRQ 379	Exclusive	Microsoft ACPI-Compliant System
IRQ 380	Exclusive	Microsoft ACPI-Compliant System
IRQ 381	Exclusive	Microsoft ACPI-Compliant System
IRQ 382	Exclusive	Microsoft ACPI-Compliant System
IRQ 383	Exclusive	Microsoft ACPI-Compliant System
IRQ 384	Exclusive	Microsoft ACPI-Compliant System
IRQ 385	Exclusive	Microsoft ACPI-Compliant System
IRQ 386	Exclusive	Microsoft ACPI-Compliant System
IRQ 387	Exclusive	Microsoft ACPI-Compliant System
IRQ 388	Exclusive	Microsoft ACPI-Compliant System
IRQ 389	Exclusive	Microsoft ACPI-Compliant System
IRQ 390	Exclusive	Microsoft ACPI-Compliant System
IRQ 391	Exclusive	Microsoft ACPI-Compliant System
IRQ 392	Exclusive	Microsoft ACPI-Compliant System
IRQ 393	Exclusive	Microsoft ACPI-Compliant System
IRQ 394	Exclusive	Microsoft ACPI-Compliant System
IRQ 395	Exclusive	Microsoft ACPI-Compliant System
IRQ 396	Exclusive	Microsoft ACPI-Compliant System
IRQ 397	Exclusive	Microsoft ACPI-Compliant System
IRQ 398	Exclusive	Microsoft ACPI-Compliant System
IRQ 399	Exclusive	Microsoft ACPI-Compliant System
IRQ 400	Exclusive	Microsoft ACPI-Compliant System
IRQ 401	Exclusive	Microsoft ACPI-Compliant System
IRQ 402	Exclusive	Microsoft ACPI-Compliant System
IRQ 403	Exclusive	Microsoft ACPI-Compliant System
IRQ 404	Exclusive	Microsoft ACPI-Compliant System
IRQ 405	Exclusive	Microsoft ACPI-Compliant System
IRQ 406	Exclusive	Microsoft ACPI-Compliant System
IRQ 407	Exclusive	Microsoft ACPI-Compliant System
IRQ 408	Exclusive	Microsoft ACPI-Compliant System
IRQ 409	Exclusive	Microsoft ACPI-Compliant System
IRQ 410	Exclusive	Microsoft ACPI-Compliant System
IRQ 411	Exclusive	Microsoft ACPI-Compliant System
IRQ 412	Exclusive	Microsoft ACPI-Compliant System
IRQ 413	Exclusive	Microsoft ACPI-Compliant System
IRQ 414	Exclusive	Microsoft ACPI-Compliant System
IRQ 415	Exclusive	Microsoft ACPI-Compliant System
IRQ 416	Exclusive	Microsoft ACPI-Compliant System
IRQ 417	Exclusive	Microsoft ACPI-Compliant System
IRQ 418	Exclusive	Microsoft ACPI-Compliant System
IRQ 419	Exclusive	Microsoft ACPI-Compliant System
IRQ 420	Exclusive	Microsoft ACPI-Compliant System
IRQ 421	Exclusive	Microsoft ACPI-Compliant System
IRQ 422	Exclusive	Microsoft ACPI-Compliant System
IRQ 423	Exclusive	Microsoft ACPI-Compliant System
IRQ 424	Exclusive	Microsoft ACPI-Compliant System
IRQ 425	Exclusive	Microsoft ACPI-Compliant System
IRQ 426	Exclusive	Microsoft ACPI-Compliant System
IRQ 427	Exclusive	Microsoft ACPI-Compliant System
IRQ 428	Exclusive	Microsoft ACPI-Compliant System
IRQ 429	Exclusive	Microsoft ACPI-Compliant System
IRQ 430	Exclusive	Microsoft ACPI-Compliant System
IRQ 431	Exclusive	Microsoft ACPI-Compliant System
IRQ 432	Exclusive	Microsoft ACPI-Compliant System
IRQ 433	Exclusive	Microsoft ACPI-Compliant System
IRQ 434	Exclusive	Microsoft ACPI-Compliant System
IRQ 435	Exclusive	Microsoft ACPI-Compliant System
IRQ 436	Exclusive	Microsoft ACPI-Compliant System
IRQ 437	Exclusive	Microsoft ACPI-Compliant System
IRQ 438	Exclusive	Microsoft ACPI-Compliant System
IRQ 439	Exclusive	Microsoft ACPI-Compliant System
IRQ 440	Exclusive	Microsoft ACPI-Compliant System
IRQ 441	Exclusive	Microsoft ACPI-Compliant System
IRQ 442	Exclusive	Microsoft ACPI-Compliant System
IRQ 443	Exclusive	Microsoft ACPI-Compliant System
IRQ 444	Exclusive	Microsoft ACPI-Compliant System
IRQ 445	Exclusive	Microsoft ACPI-Compliant System
IRQ 446	Exclusive	Microsoft ACPI-Compliant System
IRQ 447	Exclusive	Microsoft ACPI-Compliant System
IRQ 448	Exclusive	Microsoft ACPI-Compliant System
IRQ 449	Exclusive	Microsoft ACPI-Compliant System
IRQ 450	Exclusive	Microsoft ACPI-Compliant System
IRQ 451	Exclusive	Microsoft ACPI-Compliant System
IRQ 452	Exclusive	Microsoft ACPI-Compliant System
IRQ 453	Exclusive	Microsoft ACPI-Compliant System
IRQ 454	Exclusive	Microsoft ACPI-Compliant System
IRQ 455	Exclusive	Microsoft ACPI-Compliant System
IRQ 456	Exclusive	Microsoft ACPI-Compliant System
IRQ 457	Exclusive	Microsoft ACPI-Compliant System
IRQ 458	Exclusive	Microsoft ACPI-Compliant System
IRQ 459	Exclusive	Microsoft ACPI-Compliant System
IRQ 460	Exclusive	Microsoft ACPI-Compliant System
IRQ 461	Exclusive	Microsoft ACPI-Compliant System
IRQ 462	Exclusive	Microsoft ACPI-Compliant System
IRQ 463	Exclusive	Microsoft ACPI-Compliant System
IRQ 464	Exclusive	Microsoft ACPI-Compliant System
IRQ 465	Exclusive	Microsoft ACPI-Compliant System
IRQ 466	Exclusive	Microsoft ACPI-Compliant System
IRQ 467	Exclusive	Microsoft ACPI-Compliant System
IRQ 468	Exclusive	Microsoft ACPI-Compliant System
IRQ 469	Exclusive	Microsoft ACPI-Compliant System
IRQ 470	Exclusive	Microsoft ACPI-Compliant System
IRQ 471	Exclusive	Microsoft ACPI-Compliant System
IRQ 472	Exclusive	Microsoft ACPI-Compliant System
IRQ 473	Exclusive	Microsoft ACPI-Compliant System
IRQ 474	Exclusive	Microsoft ACPI-Compliant System
IRQ 475	Exclusive	Microsoft ACPI-Compliant System
IRQ 476	Exclusive	Microsoft ACPI-Compliant System
IRQ 477	Exclusive	Microsoft ACPI-Compliant System
IRQ 478	Exclusive	Microsoft ACPI-Compliant System
IRQ 479	Exclusive	Microsoft ACPI-Compliant System
IRQ 480	Exclusive	Microsoft ACPI-Compliant System
IRQ 481	Exclusive	Microsoft ACPI-Compliant System
IRQ 482	Exclusive	Microsoft ACPI-Compliant System
IRQ 483	Exclusive	Microsoft ACPI-Compliant System
IRQ 484	Exclusive	Microsoft ACPI-Compliant System
IRQ 485	Exclusive	Microsoft ACPI-Compliant System
IRQ 486	Exclusive	Microsoft ACPI-Compliant System
IRQ 487	Exclusive	Microsoft ACPI-Compliant System
IRQ 488	Exclusive	Microsoft ACPI-Compliant System
IRQ 489	Exclusive	Microsoft ACPI-Compliant System
IRQ 490	Exclusive	Microsoft ACPI-Compliant System
IRQ 491	Exclusive	Microsoft ACPI-Compliant System
IRQ 492	Exclusive	Microsoft ACPI-Compliant System
IRQ 493	Exclusive	Microsoft ACPI-Compliant System
IRQ 494	Exclusive	Microsoft ACPI-Compliant System
IRQ 495	Exclusive	Microsoft ACPI-Compliant System
IRQ 496	Exclusive	Microsoft ACPI-Compliant System
IRQ 497	Exclusive	Microsoft ACPI-Compliant System
IRQ 498	Exclusive	Microsoft ACPI-Compliant System
IRQ 499	Exclusive	Microsoft ACPI-Compliant System
IRQ 500	Exclusive	Microsoft ACPI-Compliant System
IRQ 501	Exclusive	Microsoft ACPI-Compliant System
IRQ 502	Exclusive	Microsoft ACPI-Compliant System
IRQ 503	Exclusive	Microsoft ACPI-Compliant System
IRQ 504	Exclusive	Microsoft ACPI-Compliant System
IRQ 505	Exclusive	Microsoft ACPI-Compliant System
IRQ 506	Exclusive	Microsoft ACPI-Compliant System
IRQ 507	Exclusive	Microsoft ACPI-Compliant System
IRQ 508	Exclusive	Microsoft ACPI-Compliant System
IRQ 509	Exclusive	Microsoft ACPI-Compliant System
IRQ 510	Exclusive	Microsoft ACPI-Compliant System
IRQ 511	Exclusive	Microsoft ACPI-Compliant System
IRQ 54	Exclusive	Microsoft ACPI-Compliant System
IRQ 55	Exclusive	Microsoft ACPI-Compliant System
IRQ 56	Exclusive	Microsoft ACPI-Compliant System
IRQ 57	Exclusive	Microsoft ACPI-Compliant System
IRQ 58	Exclusive	Microsoft ACPI-Compliant System
IRQ 59	Exclusive	Microsoft ACPI-Compliant System
IRQ 60	Exclusive	Microsoft ACPI-Compliant System
IRQ 61	Exclusive	Microsoft ACPI-Compliant System
IRQ 62	Exclusive	Microsoft ACPI-Compliant System
IRQ 63	Exclusive	Microsoft ACPI-Compliant System
IRQ 64	Exclusive	Microsoft ACPI-Compliant System
IRQ 65	Exclusive	Microsoft ACPI-Compliant System
IRQ 65536	Exclusive	Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
IRQ 65536	Exclusive	Intel(R) Management Engine Interface
IRQ 65536	Exclusive	Standard SATA AHCI Controller
IRQ 65536	Exclusive	AMD Radeon HD 7700 Series
IRQ 66	Exclusive	Microsoft ACPI-Compliant System
IRQ 67	Exclusive	Microsoft ACPI-Compliant System
IRQ 68	Exclusive	Microsoft ACPI-Compliant System
IRQ 69	Exclusive	Microsoft ACPI-Compliant System
IRQ 70	Exclusive	Microsoft ACPI-Compliant System
IRQ 71	Exclusive	Microsoft ACPI-Compliant System
IRQ 72	Exclusive	Microsoft ACPI-Compliant System
IRQ 73	Exclusive	Microsoft ACPI-Compliant System
IRQ 74	Exclusive	Microsoft ACPI-Compliant System
IRQ 75	Exclusive	Microsoft ACPI-Compliant System
IRQ 76	Exclusive	Microsoft ACPI-Compliant System
IRQ 77	Exclusive	Microsoft ACPI-Compliant System
IRQ 78	Exclusive	Microsoft ACPI-Compliant System
IRQ 79	Exclusive	Microsoft ACPI-Compliant System
IRQ 80	Exclusive	Microsoft ACPI-Compliant System
IRQ 81	Exclusive	Microsoft ACPI-Compliant System
IRQ 82	Exclusive	Microsoft ACPI-Compliant System
IRQ 83	Exclusive	Microsoft ACPI-Compliant System
IRQ 84	Exclusive	Microsoft ACPI-Compliant System
IRQ 85	Exclusive	Microsoft ACPI-Compliant System
IRQ 86	Exclusive	Microsoft ACPI-Compliant System
IRQ 87	Exclusive	Microsoft ACPI-Compliant System
IRQ 88	Exclusive	Microsoft ACPI-Compliant System
IRQ 89	Exclusive	Microsoft ACPI-Compliant System
IRQ 90	Exclusive	Microsoft ACPI-Compliant System
IRQ 91	Exclusive	Microsoft ACPI-Compliant System
IRQ 92	Exclusive	Microsoft ACPI-Compliant System
IRQ 93	Exclusive	Microsoft ACPI-Compliant System
IRQ 94	Exclusive	Microsoft ACPI-Compliant System
IRQ 95	Exclusive	Microsoft ACPI-Compliant System
IRQ 96	Exclusive	Microsoft ACPI-Compliant System
IRQ 97	Exclusive	Microsoft ACPI-Compliant System
IRQ 98	Exclusive	Microsoft ACPI-Compliant System
IRQ 99	Exclusive	Microsoft ACPI-Compliant System
Memory 000A0000-000BFFFF	Shared	PCI Express Root Complex
Memory 000A0000-000BFFFF	Shared	AMD Radeon HD 7700 Series
Memory 000A0000-000BFFFF	Undetermined	PCI-to-PCI Bridge
Memory 000D0000-000D3FFF	Shared	PCI Express Root Complex
Memory 000D4000-000D7FFF	Shared	PCI Express Root Complex
Memory 000D8000-000DBFFF	Shared	PCI Express Root Complex
Memory 000DC000-000DFFFF	Shared	PCI Express Root Complex
Memory 000E0000-000E3FFF	Shared	PCI Express Root Complex
Memory 000E4000-000E7FFF	Shared	PCI Express Root Complex
Memory E0000000-EFFFFFFF	Exclusive	PCI-to-PCI Bridge
Memory E0000000-EFFFFFFF	Exclusive	AMD Radeon HD 7700 Series
Memory E0000000-FEAFFFFF	Shared	PCI Express Root Complex
Memory F7D00000-F7D3FFFF	Exclusive	Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
Memory F7D00000-F7DFFFFF	Exclusive	PCI-to-PCI Bridge
Memory F7E00000-F7E3FFFF	Exclusive	AMD Radeon HD 7700 Series
Memory F7E00000-F7EFFFFF	Exclusive	PCI-to-PCI Bridge
Memory F7E60000-F7E63FFF	Exclusive	High Definition Audio Controller
Memory F7F00000-F7F0FFFF	Exclusive	Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
Memory F7F10000-F7F13FFF	Exclusive	High Definition Audio Controller
Memory F7F16000-F7F167FF	Exclusive	Standard SATA AHCI Controller
Memory F7F17000-F7F173FF	Exclusive	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26
Memory F7F18000-F7F183FF	Exclusive	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
Memory F7F1A000-F7F1A00F	Exclusive	Intel(R) Management Engine Interface
Port 0000-0CF7	Shared	PCI Express Root Complex
Port 0070-0077	Exclusive	System CMOS/real time clock
Port 03B0-03BB	Shared	AMD Radeon HD 7700 Series
Port 03B0-03BB	Undetermined	PCI-to-PCI Bridge
Port 03C0-03DF	Shared	AMD Radeon HD 7700 Series
Port 03C0-03DF	Undetermined	PCI-to-PCI Bridge
Port 03F8-03FF	Exclusive	Communications Port (COM1)
Port 0D00-FFFF	Shared	PCI Express Root Complex
Port D000-D07F	Exclusive	Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
Port D000-DFFF	Exclusive	PCI-to-PCI Bridge
Port E000-E0FF	Exclusive	AMD Radeon HD 7700 Series
Port E000-EFFF	Exclusive	PCI-to-PCI Bridge
Port F020-F03F	Exclusive	Standard SATA AHCI Controller
Port F040-F043	Exclusive	Standard SATA AHCI Controller
Port F050-F057	Exclusive	Standard SATA AHCI Controller
Port F060-F063	Exclusive	Standard SATA AHCI Controller
Port F070-F077	Exclusive	Standard SATA AHCI Controller

Input


[ HID Keyboard Device ]

	Keyboard Properties:
		Keyboard Name	HID Keyboard Device
		Keyboard Type	IBM enhanced (101- or 102-key) keyboard
		Keyboard Layout	US
		ANSI Code Page	1252 - Western European (Windows)
		OEM Code Page	437
		Repeat Delay	1
		Repeat Rate	31

[ HID-compliant mouse ]

	Mouse Properties:
		Mouse Name	HID-compliant mouse
		Mouse Buttons	5
		Mouse Hand	Right
		Pointer Speed	1
		Double-Click Time	500 msec
		X/Y Threshold	6 / 10
		Wheel Scroll Lines	3

	Mouse Features:
		Active Window Tracking	Disabled
		ClickLock	Disabled
		Hide Pointer While Typing	Enabled
		Mouse Wheel	Present
		Move Pointer To Default Button	Disabled
		Pointer Trails	Disabled
		Sonar	Disabled

Auto Start


Application Description	Start From	Application Command
Acronis Scheduler2 Service	Registry\Common\Run	C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
AcronisTibMounterMonitor	Registry\Common\Run	C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
AdobeAAMUpdater-1.0	Registry\Common\Run	C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
APSDaemon	Registry\Common\Run	C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
AVG_UI	Registry\Common\Run	C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe /lps=av
AvgUi	Registry\Common\Run	C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe /lps=fmw
CocCoc Update	Registry\User\Run	C:\Users\Draku\AppData\Local\CocCoc\Update\CocCocUpdate.exe /c
Dropbox	Registry\Common\Run	C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup
GrooveMonitor	Registry\Common\Run	C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
OneDrive	Registry\User\Run	C:\Users\Draku\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
QuickTime Task	Registry\Common\Run	C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime
StartCN	Registry\Common\Run	C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe atlogon
SunJavaUpdateSched	Registry\Common\Run	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
TrueImageMonitor.exe	Registry\Common\Run	C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
vProt	Registry\Common\Run	C:\Program Files (x86)\AVG Web TuneUp\vprot.exe

Scheduled


[ 4b61d06ef0356dc7e0a79eadfc7c48a5 ]

	Task Properties:
		Task Name	4b61d06ef0356dc7e0a79eadfc7c48a5
		Status	Enabled
		Application Name	rundll32.exe
		Application Parameters	"C:\Program Files (x86)\Microsoft Office\q4fhog.dll",e62dc6c6547f46bda862da2d05af6862
		Working Folder
		Comment
		Account Name	SYSTEM
		Creator	DESKTOP-8V8TQ92\Oscar
		Last Run	1/18/2017 3:08:52 PM
		Next Run	1/18/2017 6:34:00 PM

	Task Triggers:
		One time	At 2:34:00 PM on 10/24/2016 - After triggered, repeat every 4 hours indefinitely

[ Adobe Acrobat Update Task ]

	Task Properties:
		Task Name	Adobe Acrobat Update Task
		Status	Enabled
		Application Name	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
		Application Parameters
		Working Folder
		Comment	This task keeps your Adobe Reader and Acrobat applications up to date with the latest enhancements and security fixes
		Account Name
		Creator	Adobe Systems Incorporated
		Last Run	1/18/2017 3:18:12 PM
		Next Run	1/19/2017 11:00:00 AM

	Task Triggers:
		At log on	At log on of any user - After triggered, repeat every 3 hours indefinitely
		Daily	At 11:00:00 AM every day

[ ChelfNotify Task ]

	Task Properties:
		Task Name	ChelfNotify Task
		Status	Enabled
		Application Name	"C:\ProgramData\ChelfNotify\BrowserUpdate.exe"
		Application Parameters	-do
		Working Folder
		Comment
		Account Name	SYSTEM
		Creator	DESKTOP-8V8TQ92\Oscar
		Last Run	1/18/2017 4:09:01 PM
		Next Run	1/18/2017 6:09:00 PM

	Task Triggers:
		One time	At 12:09:00 AM on 11/22/2016 - After triggered, repeat every 2 hours indefinitely

[ CocCocUpdateTaskUserS-1-5-21-5413862-739192754-441069123-1001Core ]

	Task Properties:
		Task Name	CocCocUpdateTaskUserS-1-5-21-5413862-739192754-441069123-1001Core
		Status	Enabled
		Application Name	C:\Users\Oscar\AppData\Local\CocCoc\Update\CocCocUpdate.exe
		Application Parameters	/c
		Working Folder
		Comment	Keeps your C?c C?c software up to date. If this task is disabled or stopped, your C?c C?c software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no C?c C?c software using it.
		Account Name	Oscar
		Creator	DESKTOP-8V8TQ92\Oscar
		Last Run	1/15/2017 11:03:22 AM
		Next Run	1/18/2017 9:21:00 PM

	Task Triggers:
		Daily	At 9:21:00 PM every day

[ CocCocUpdateTaskUserS-1-5-21-5413862-739192754-441069123-1001UA ]

	Task Properties:
		Task Name	CocCocUpdateTaskUserS-1-5-21-5413862-739192754-441069123-1001UA
		Status	Enabled
		Application Name	C:\Users\Oscar\AppData\Local\CocCoc\Update\CocCocUpdate.exe
		Application Parameters	/ua /installsource scheduler
		Working Folder
		Comment	Keeps your C?c C?c software up to date. If this task is disabled or stopped, your C?c C?c software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no C?c C?c software using it.
		Account Name	Oscar
		Creator	DESKTOP-8V8TQ92\Oscar
		Last Run	1/15/2017 11:03:22 AM
		Next Run	1/18/2017 6:26:00 PM

	Task Triggers:
		Daily	At 9:26:00 PM every day - After triggered, repeat every 1 hour for a duration of 1 day

[ CocCocUpdateTaskUserS-1-5-21-5413862-739192754-441069123-1003Core ]

	Task Properties:
		Task Name	CocCocUpdateTaskUserS-1-5-21-5413862-739192754-441069123-1003Core
		Status	Enabled
		Application Name	C:\Users\Draku\AppData\Local\CocCoc\Update\CocCocUpdate.exe
		Application Parameters	/c
		Working Folder
		Comment	Gi? cho ph?n m?m C?c C?c c?a b?n luôn c?p nh?t. N?u tác v? này b? vô hi?u hóa ho?c b? d?ng, ph?n m?m C?c C?c c?a b?n s? không du?c c?p nh?t. Ði?u này có nghia là các l? h?ng b?o m?t xu?t hi?n s? không th? kh?c ph?c du?c và các tính nang có th? không ho?t d?ng. Tác v? này s? t? g? cài d?t khi không có ph?n m?m C?c C?c nào s? d?ng nó.
		Account Name	Draku
		Creator	DESKTOP-8V8TQ92\Draku
		Last Run	1/18/2017 3:08:52 PM
		Next Run	1/19/2017 11:24:00 AM

	Task Triggers:
		Daily	At 11:24:00 AM every day

[ CocCocUpdateTaskUserS-1-5-21-5413862-739192754-441069123-1003UA ]

	Task Properties:
		Task Name	CocCocUpdateTaskUserS-1-5-21-5413862-739192754-441069123-1003UA
		Status	Enabled
		Application Name	C:\Users\Draku\AppData\Local\CocCoc\Update\CocCocUpdate.exe
		Application Parameters	/ua /installsource scheduler
		Working Folder
		Comment	Gi? cho ph?n m?m C?c C?c c?a b?n luôn c?p nh?t. N?u tác v? này b? vô hi?u hóa ho?c b? d?ng, ph?n m?m C?c C?c c?a b?n s? không du?c c?p nh?t. Ði?u này có nghia là các l? h?ng b?o m?t xu?t hi?n s? không th? kh?c ph?c du?c và các tính nang có th? không ho?t d?ng. Tác v? này s? t? g? cài d?t khi không có ph?n m?m C?c C?c nào s? d?ng nó.
		Account Name	Draku
		Creator	DESKTOP-8V8TQ92\Draku
		Last Run	1/18/2017 5:08:53 PM
		Next Run	1/18/2017 6:24:00 PM

	Task Triggers:
		Daily	At 11:24:00 AM every day - After triggered, repeat every 1 hour for a duration of 1 day

[ DropboxUpdateTaskMachineCore ]

	Task Properties:
		Task Name	DropboxUpdateTaskMachineCore
		Status	Enabled
		Application Name	C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
		Application Parameters	/c
		Working Folder
		Comment	Keeps your Dropbox software up to date. If this task is disabled or stopped, your Dropbox software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Dropbox software using it.
		Account Name	SYSTEM
		Creator	DESKTOP-8V8TQ92\Oscar
		Last Run	1/18/2017 3:08:52 PM
		Next Run	1/19/2017 10:44:00 AM

	Task Triggers:
		At log on	At log on of any user
		Daily	At 10:44:00 AM every day

[ DropboxUpdateTaskMachineUA ]

	Task Properties:
		Task Name	DropboxUpdateTaskMachineUA
		Status	Enabled
		Application Name	C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
		Application Parameters	/ua /installsource scheduler
		Working Folder
		Comment	Keeps your Dropbox software up to date. If this task is disabled or stopped, your Dropbox software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Dropbox software using it.
		Account Name	SYSTEM
		Creator	DESKTOP-8V8TQ92\Oscar
		Last Run	1/18/2017 5:08:53 PM
		Next Run	1/18/2017 6:44:00 PM

	Task Triggers:
		Daily	At 10:44:00 AM every day - After triggered, repeat every 1 hour for a duration of 1 day

[ Garena+ Plugin Host Service ]

	Task Properties:
		Task Name	Garena+ Plugin Host Service
		Status	Enabled
		Application Name	C:\Program Files (x86)\Garena Plus\ggdllhost.exe
		Application Parameters	"C:\Program Files (x86)\Garena Plus\ggspawn.dll",rundll_entry
		Working Folder	C:\Program Files (x86)\Garena Plus
		Comment
		Account Name
		Creator
		Last Run	11/30/1999
		Next Run	Unknown

	Task Triggers:
		At log on	At log on of any user

[ GoogleUpdateTaskMachineCore ]

	Task Properties:
		Task Name	GoogleUpdateTaskMachineCore
		Status	Enabled
		Application Name	C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
		Application Parameters	/c
		Working Folder
		Comment	Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
		Account Name	SYSTEM
		Creator
		Last Run	1/18/2017 3:08:52 PM
		Next Run	1/19/2017 10:57:21 AM

	Task Triggers:
		At log on	At log on of any user
		Daily	At 10:57:21 AM every day

[ GoogleUpdateTaskMachineUA ]

	Task Properties:
		Task Name	GoogleUpdateTaskMachineUA
		Status	Enabled
		Application Name	C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
		Application Parameters	/ua /installsource scheduler
		Working Folder
		Comment	Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
		Account Name	SYSTEM
		Creator
		Last Run	1/18/2017 5:08:53 PM
		Next Run	1/18/2017 6:57:21 PM

	Task Triggers:
		Daily	At 10:57:21 AM every day - After triggered, repeat every 1 hour for a duration of 1 day

[ KuaiZip_Update ]

	Task Properties:
		Task Name	KuaiZip_Update
		Status	Enabled
		Application Name	X86\Update.exe
		Application Parameters
		Working Folder
		Comment
		Account Name	Oscar
		Creator	DESKTOP-8V8TQ92\Oscar
		Last Run	1/15/2017 11:03:22 AM
		Next Run	1/18/2017 6:11:00 PM

	Task Triggers:
		One time	At 2:11:00 PM on 10/23/2016 - After triggered, repeat every 1 hour indefinitely

[ OneDrive Standalone Update Task v2 ]

	Task Properties:
		Task Name	OneDrive Standalone Update Task v2
		Status	Enabled
		Application Name	%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
		Application Parameters
		Working Folder
		Comment
		Account Name	Draku
		Creator	Microsoft Corporation
		Last Run	1/18/2017 3:08:52 PM
		Next Run	1/20/2017 1:36:58 AM

	Task Triggers:
		One time	At 4:00:00 AM on 5/1/1992 - After triggered, repeat every 1 day indefinitely

[ OneDrive Standalone Update Task ]

	Task Properties:
		Task Name	OneDrive Standalone Update Task
		Status	Enabled
		Application Name	C:\Users\Oscar\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
		Application Parameters
		Working Folder
		Comment
		Account Name	Oscar
		Creator	Microsoft Corporation
		Last Run	1/15/2017 11:03:22 AM
		Next Run	1/19/2017 2:58:26 PM

	Task Triggers:
		One time	At 4:00:00 AM on 5/1/1992 - After triggered, repeat every 1 day indefinitely

[ UCBrowserUpdater ]

	Task Properties:
		Task Name	UCBrowserUpdater
		Status	Enabled
		Application Name	C:\Program Files (x86)\UCBrowser\Application\update_task.exe
		Application Parameters	/update
		Working Folder
		Comment	????UC????????,????????????????????,UC????????????,?????????????????,????????????
		Account Name	Oscar
		Creator	DESKTOP-8V8TQ92\Oscar
		Last Run	1/15/2017 11:03:22 AM
		Next Run	1/18/2017 6:42:00 PM

	Task Triggers:
		Daily	At 2:42:00 PM every day - After triggered, repeat every 1 hour for a duration of 1 day

[ Wakoshqiqa Helper ]

	Task Properties:
		Task Name	Wakoshqiqa Helper
		Status	Enabled
		Application Name	"C:\Program Files (x86)\Anjise\rmuy.exe"
		Application Parameters	d4311846-2897-4a54-bbc8-afc8f6866069
		Working Folder
		Comment	Provides global functions for other parts of Wakoshqiqa.
		Account Name	SYSTEM
		Creator	SYSTEM
		Last Run	1/18/2017 4:34:36 PM
		Next Run	1/18/2017 8:34:36 PM

	Task Triggers:
		Daily	At 12:34:36 AM every day
		Daily	At 4:34:36 AM every day
		Daily	At 8:34:36 AM every day
		Daily	At 12:34:36 PM every day
		Daily	At 4:34:36 PM every day
		Daily	At 8:34:36 PM every day

Installed Programs


Program	Version	Inst. Size	GUID	Publisher	Inst. Date
Acroni [ TRIAL VERSION ]	19.0.5634	Unknown	{5E5999 [ TRIAL VERSION ]	Acronis	2016-08-14
Acroni [ TRIAL VERSION ]	11.0.216	Unknown	{9CCC78 [ TRIAL VERSION ]	Acronis	2016-08-13
Adobe [ TRIAL VERSION ]	15.023.20053	Unknown	{AC76BA [ TRIAL VERSION ]	Adobe Systems Incorporated	2017-01-15
Adobe [ TRIAL VERSION ]	9.0.0	Unknown	{38C72D [ TRIAL VERSION ]	Adobe Systems Incorporated
Adobe [ TRIAL VERSION ]	1.8.0	Unknown	{AC76BA [ TRIAL VERSION ]	Adobe Systems Incorporated	2017-01-15
AIDA64 [ TRIAL VERSION ]	5.80	Unknown	AIDA64 [ TRIAL VERSION ]	FinalWire Ltd.	2017-01-18
AMD Se [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{899B0A [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
AMD St [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{918989 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
amuleC	1.0.1	Unknown	{19539992-061C-4E8B-9053-07B175303AF4}	amuleC	2016-11-22
Apple [ TRIAL VERSION ]	2.3.4	Unknown	{5D09C7 [ TRIAL VERSION ]	Apple Inc.	2016-08-13
Apple [ TRIAL VERSION ]	2.1.3.127	Unknown	{789A5B [ TRIAL VERSION ]	Apple Inc.	2016-08-13
AVG 20 [ TRIAL VERSION ]	16.0.4749	Unknown	{322186 [ TRIAL VERSION ]	AVG Technologies	2017-01-15
AVG Pr [ TRIAL VERSION ]	2016.141.7996	Unknown	AVG [ TRIAL VERSION ]	AVG Technologies
AVG We [ TRIAL VERSION ]	4.3.6.255	Unknown	AVG Web [ TRIAL VERSION ]	AVG Technologies
AVG [ TRIAL VERSION ]	16.141.7996	Unknown	{E454B8 [ TRIAL VERSION ]	AVG Technologies	2017-01-15
C?c C? [ TRIAL VERSION ]	54.4.2840.136	Unknown	CocCocB [ TRIAL VERSION ]	Ðon v? ch? qu?n C?c C?c	2017-01-15
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{55A4D3 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{118C21 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{51F857 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{365AEA [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{5A083A [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{8E6F55 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{7ABC6D [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{DF0D7C [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{AD2896 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{C3EE62 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{238F6F [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{84C3F2 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{2F544F [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{EC688B [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{0E8A3B [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{FC4086 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{E27224 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{1E7D30 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{F8EBE5 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{95A52F [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{BA26B7 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{42FBD4 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{A22CDE [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{5FEACE [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{AC85CF [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{C0BFC6 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{A37955 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{B34989 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{94C72E [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{4853A5 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{BE8D6A [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{5B9876 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{B28CF6 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{265675 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{86BFE5 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{43F6D2 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{0809FE [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{074243 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{D4490E [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{5FD706 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{EAEAA8 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{DAB441 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{A4E7CA [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{A39736 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{3AF703 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{59D266 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{6DC925 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{53AE8A [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{970A40 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{B2A837 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{DC9DFC [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{4707CB [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{44ED2C [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{C1EFF2 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{C14A3A [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{345056 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{46EB68 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{A50C89 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{FCE843 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{7A6E43 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Cataly [ TRIAL VERSION ]	2015.1129.2307.41591	Unknown	{0B5633 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-08-13
Cataly [ TRIAL VERSION ]	2016.0624.1251.21301	Unknown	{25D175 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-02
Cataly [ TRIAL VERSION ]	2016.0916.1515.27418	Unknown	{89A1F0 [ TRIAL VERSION ]	Advanced Micro Devices, Inc.	2016-10-27
Celtx [ TRIAL VERSION ]	2.9.7 (en-US)	Unknown	Celtx ( [ TRIAL VERSION ]	Greyfirst
CPUID [ TRIAL VERSION ]		Unknown	CPUID C [ TRIAL VERSION ]		2016-11-09
DaVinci Resolve	12.2.0013	Unknown	{6C60C7F5-DE14-4EEA-AA1D-650B9DC13E29}	Blackmagic Design	2016-08-13
Dropbox Update Helper	1.3.59.1	Unknown	{099218A5-A723-43DC-8DB5-6173656A1E94}	Dropbox, Inc.	2017-01-15
Dropbox	17.4.33	Unknown	Dropbox	Dropbox, Inc.
FMW 1	1.143.3	Unknown	{DC2A8E3D-D5E1-4837-A2E0-C308100AC412}	AVG Technologies	2017-01-15
Garena+	2011	Unknown	im	Garena Online Pte Ltd.
Google Chrome	55.0.2883.87	Unknown	Google Chrome	Google Inc.	2016-10-23
Google Drive	1.32.4066.7445	Unknown	{07A12123-B717-496B-B471-48AF6407B433}	Google, Inc.	2017-01-15
Google Update Helper	1.3.32.7	Unknown	{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	Google Inc.	2017-01-15
Java 8 Update 101	8.0.1010.13	Unknown	{26A24AE4-039D-4CA4-87B4-2F32180101F0}	Oracle Corporation	2016-08-13
Java Auto Updater	2.8.101.13	Unknown	{4A03706F-666A-4037-7777-5F2748764D10}	Oracle Corporation	2016-08-13
jetAudio Basic	8.1.0	Unknown	{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}	COWON	2016-09-19
K-Lite Codec Pack 11.8.5 Full	11.8.5	Unknown	KLiteCodecPack_is1	KLCP	2016-08-13
Magic Bullet Suite 64-bit	11.1.0	Unknown	{93488C33-D8D6-472A-83BB-F71603355CF0}	Red Giant Software	2016-11-02
Microsoft Office Access MUI (English) 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-0015-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office Access Setup Metadata MUI (English) 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-0117-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office Enterprise 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-0030-0000-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office Excel MUI (English) 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-0016-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office Groove MUI (English) 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-00BA-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office Groove Setup Metadata MUI (English) 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-0114-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office InfoPath MUI (English) 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-0044-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office Office 64-bit Components 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-002A-0000-1000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office OneNote MUI (English) 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-00A1-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office Outlook MUI (English) 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-001A-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office PowerPoint MUI (English) 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-0018-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office Proof (English) 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-001F-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office Proof (French) 2007 [french (france)]	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-001F-040C-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office Proof (Spanish) 2007 [spanish (spain, international sort)]	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-001F-0C0A-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office Proofing (English) 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-002C-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office Publisher MUI (English) 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-0019-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office Shared 64-bit MUI (English) 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-002A-0409-1000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-0116-0409-1000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office Shared MUI (English) 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-006E-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office Shared Setup Metadata MUI (English) 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-0115-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft Office Word MUI (English) 2007	12.0.4518.1014 - Office 2007 RTM	Unknown	{90120000-001B-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-08-14
Microsoft OneDrive	17.3.6720.1207	Unknown	OneDriveSetup.exe	Microsoft Corporation
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs	12.0.4518.1014	Unknown	{90120000-00B2-0409-0000-0000000FF1CE}	Microsoft Corporation	2016-08-28
Microsoft Visual C++ 2005 Redistributable (x64)	8.0.61000	Unknown	{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}	Microsoft Corporation	2016-08-13
Microsoft Visual C++ 2005 Redistributable	8.0.61001	Unknown	{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}	Microsoft Corporation	2016-08-13
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	9.0.30729.6161	Unknown	{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}	Microsoft Corporation	2016-08-13
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	9.0.30729.4148	Unknown	{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}	Microsoft Corporation	2017-01-15
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	9.0.30729.6161	Unknown	{9BE518E6-ECC6-35A9-88E4-87755C07200F}	Microsoft Corporation	2016-08-13
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219	10.0.40219	Unknown	{1D8E6291-B0D5-35EC-8441-6616F567A0F7}	Microsoft Corporation	2016-10-23
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219	10.0.40219	Unknown	{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}	Microsoft Corporation	2016-10-23
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727	11.0.50727.1	Unknown	{15134cb0-b767-4960-a911-f2d16ae54797}	Microsoft Corporation
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030	11.0.61030.0	Unknown	{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}	Microsoft Corporation
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727	11.0.50727.1	Unknown	{22154f09-719a-4619-bb71-5b3356999fbf}	Microsoft Corporation
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030	11.0.61030.0	Unknown	{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}	Microsoft Corporation
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727	11.0.50727	Unknown	{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}	Microsoft Corporation	2016-10-02
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030	11.0.61030	Unknown	{37B8F9C7-03FB-3253-8781-2517C99D7C00}	Microsoft Corporation	2016-08-13
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727	11.0.50727	Unknown	{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}	Microsoft Corporation	2016-10-02
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030	11.0.61030	Unknown	{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}	Microsoft Corporation	2016-08-13
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727	11.0.50727	Unknown	{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}	Microsoft Corporation	2016-10-02
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030	11.0.61030	Unknown	{B175520C-86A2-35A7-8619-86DC379688B9}	Microsoft Corporation	2016-08-13
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727	11.0.50727	Unknown	{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}	Microsoft Corporation	2016-10-02
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030	11.0.61030	Unknown	{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}	Microsoft Corporation	2016-08-13
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501	12.0.30501.0	Unknown	{050d4fc8-5d48-4b8f-8972-47c82c46020f}	Microsoft Corporation
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501	12.0.30501.0	Unknown	{f65db027-aff3-4070-886a-0d87064aabb1}	Microsoft Corporation
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005	12.0.21005	Unknown	{929FBD26-9020-399B-9A7A-751D61F0B942}	Microsoft Corporation	2016-10-02
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005	12.0.21005	Unknown	{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}	Microsoft Corporation	2016-10-02
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005	12.0.21005	Unknown	{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}	Microsoft Corporation	2016-10-02
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005	12.0.21005	Unknown	{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}	Microsoft Corporation	2016-10-02
OBS Studio	17.0.0	Unknown	OBS Studio	OBS Project
OpenSCAD (remove only)	2015.03-2	Unknown	OpenSCAD	The OpenSCAD Developers
Paint.NET v3.5.10	3.60.0	Unknown	{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}	dotPDN LLC	2016-08-13
Picasa 3	3.9.141.259	Unknown	Picasa 3	Google, Inc.
QuickTime	7.74.80.86	Unknown	{B67BAFBA-4C9F-48FA-9496-933E3B255044}	Apple Inc.	2016-08-13
R-Drive Image 6.0	6.0.6000	Unknown	R-Drive Image 6.0NSIS	R-Tools Technology Inc.
TeraCopy 2.3		Unknown	TeraCopy_is1	Code Sector	2016-09-22
Total Commander (Remove or Repair)	7.56a	Unknown	Totalcmd	Ghisler Software GmbH
UltraI [ TRIAL VERSION ]		Unknown	UltraIS [ TRIAL VERSION ]		2017-01-16
UniKey [ TRIAL VERSION ]	4.2 RC4	Unknown	{8DB565 [ TRIAL VERSION ]	UniKey	2017-01-16
Visual [ TRIAL VERSION ]	14.0.0.1	Unknown	{8C775E [ TRIAL VERSION ]	AVG Technologies	2016-08-13
Visual [ TRIAL VERSION ]	14.0.0.1	Unknown	{98EFF1 [ TRIAL VERSION ]	AVG Technologies CZ, s.r.o.	2016-08-13
VLC me [ TRIAL VERSION ]	2.2.4	Unknown	VLC med [ TRIAL VERSION ]	VideoLAN
WinRAR [ TRIAL VERSION ]	4.01.0	Unknown	WinRAR [ TRIAL VERSION ]	win.rar GmbH
WinRAR [ TRIAL VERSION ]	5.40.0	Unknown	WinRAR [ TRIAL VERSION ]	win.rar GmbH

Licenses


		Software	Product Key
		Microsoft Internet Explorer 11.447.14393.0	VK7JG- [ TRIAL VERSION ]
		Microsoft Office Enterprise 2007	KGFVY- [ TRIAL VERSION ]
		Microsoft Windows 10 Pro	VK7JG- [ TRIAL VERSION ]

File Types


Extension	File Type Description	Content Type
001	WinRAR archive
002	Kuaizip 002 Archive file
003	Kuaizip 003 Archive file
004	Kuaizip 004 Archive file
005	Kuaizip 005 Archive file
006	Kuaizip 006 Archive file
007	Kuaizip 007 Archive file
008	Kuaizip 008 Archive file
009	Kuaizip 009 Archive file
01	Kuaizip 01 Archive file
010	Kuaizip 010 Archive file
011	Kuaizip 011 Archive file
012	Kuaizip 012 Archive file
013	Kuaizip 013 Archive file
014	Kuaizip 014 Archive file
015	Kuaizip 015 Archive file
016	Kuaizip 016 Archive file
017	Kuaizip 017 Archive file
018	Kuaizip 018 Archive file
019	Kuaizip 019 Archive file
02	Kuaizip 02 Archive file
020	Kuaizip 020 Archive file
021	Kuaizip 021 Archive file
022	Kuaizip 022 Archive file
023	Kuaizip 023 Archive file
024	Kuaizip 024 Archive file
025	Kuaizip 025 Archive file
026	Kuaizip 026 Archive file
027	Kuaizip 027 Archive file
028	Kuaizip 028 Archive file
029	Kuaizip 029 Archive file
03	Kuaizip 03 Archive file
030	Kuaizip 030 Archive file
031	Kuaizip 031 Archive file
032	Kuaizip 032 Archive file
033	Kuaizip 033 Archive file
034	Kuaizip 034 Archive file
035	Kuaizip 035 Archive file
036	Kuaizip 036 Archive file
037	Kuaizip 037 Archive file
038	Kuaizip 038 Archive file
039	Kuaizip 039 Archive file
04	Kuaizip 04 Archive file
040	Kuaizip 040 Archive file
041	Kuaizip 041 Archive file
042	Kuaizip 042 Archive file
043	Kuaizip 043 Archive file
044	Kuaizip 044 Archive file
045	Kuaizip 045 Archive file
046	Kuaizip 046 Archive file
047	Kuaizip 047 Archive file
048	Kuaizip 048 Archive file
049	Kuaizip 049 Archive file
05	Kuaizip 05 Archive file
050	Kuaizip 050 Archive file
051	Kuaizip 051 Archive file
052	Kuaizip 052 Archive file
053	Kuaizip 053 Archive file
054	Kuaizip 054 Archive file
055	Kuaizip 055 Archive file
056	Kuaizip 056 Archive file
057	Kuaizip 057 Archive file
058	Kuaizip 058 Archive file
059	Kuaizip 059 Archive file
06	Kuaizip 06 Archive file
060	Kuaizip 060 Archive file
061	Kuaizip 061 Archive file
062	Kuaizip 062 Archive file
063	Kuaizip 063 Archive file
064	Kuaizip 064 Archive file
065	Kuaizip 065 Archive file
066	Kuaizip 066 Archive file
067	Kuaizip 067 Archive file
068	Kuaizip 068 Archive file
069	Kuaizip 069 Archive file
07	Kuaizip 07 Archive file
070	Kuaizip 070 Archive file
071	Kuaizip 071 Archive file
072	Kuaizip 072 Archive file
073	Kuaizip 073 Archive file
074	Kuaizip 074 Archive file
075	Kuaizip 075 Archive file
076	Kuaizip 076 Archive file
077	Kuaizip 077 Archive file
078	Kuaizip 078 Archive file
079	Kuaizip 079 Archive file
08	Kuaizip 08 Archive file
080	Kuaizip 080 Archive file
081	Kuaizip 081 Archive file
082	Kuaizip 082 Archive file
083	Kuaizip 083 Archive file
084	Kuaizip 084 Archive file
085	Kuaizip 085 Archive file
086	Kuaizip 086 Archive file
087	Kuaizip 087 Archive file
088	Kuaizip 088 Archive file
089	Kuaizip 089 Archive file
09	Kuaizip 09 Archive file
090	Kuaizip 090 Archive file
091	Kuaizip 091 Archive file
092	Kuaizip 092 Archive file
093	Kuaizip 093 Archive file
094	Kuaizip 094 Archive file
095	Kuaizip 095 Archive file
096	Kuaizip 096 Archive file
097	Kuaizip 097 Archive file
098	Kuaizip 098 Archive file
099	Kuaizip 099 Archive file
386	Virtual Device Driver
3G2	3GPP2 Movie	video/3gpp2
3GA	VLC media file (.3ga)
3GP	3GPP Movie	video/3gpp
3GP2	3GPP2 Movie	video/3gpp2
3GPP	3GPP Movie	video/3gpp
669	VLC media file (.669)
7Z	WinRAR archive
A52	VLC media file (.a52)
AAC	AAC File	audio/aac
AC3	VLC media file (.ac3)	audio/ac3
ACCDA	Microsoft Office Access Add-in	application/msaccess
ACCDB	Microsoft Office Access 2007 Database	application/msaccess
ACCDC	Microsoft Office Access Signed Package	application/msaccess
ACCDE	Microsoft Office Access ACCDE Database	application/msaccess
ACCDR	Microsoft Office Access Runtime Application	application/msaccess
ACCDT	Microsoft Office Access Template	application/msaccess
ACCDU	Microsoft Office Access Add-in Data
ACCOUNTPICTURE-MS	Account Picture File	application/windows-accountpicture
ACE	WinRAR archive
ACL	AutoCorrect List File
ACROBATSECURITYSETTINGS	Adobe Acrobat Security Settings Document	application/vnd.adobe.acrobat-security-settings
ADE	Microsoft Office Access Project Extension	application/msaccess
ADN	Microsoft Office Access Blank Project Template
ADP	Microsoft Office Access Project	application/msaccess
ADT	ADTS Audio	audio/vnd.dlna.adts
ADTS	ADTS File	audio/aac
AEX	Adobe PremierePro Effect
AIF	VLC media file (.aif)	audio/aiff
AIFC	VLC media file (.aifc)	audio/aiff
AIFF	VLC media file (.aiff)	audio/aiff
ALAC	ALAC Audio File
AMC	AMC Movie	application/x-mpeg
AMV	VLC media file (.amv)
ANI	Animated Cursor
AOB	VLC media file (.aob)
APE	VLC media file (.ape)
API	API File
APK	Kuaizip APK Archive file
APPCONTENT-MS	Application Content	application/windows-appcontent+xml
APPLICATION	Application Manifest	application/x-ms-application
APPREF-MS	Application Reference
ARJ	WinRAR archive
ASA	ASA File
ASF	Windows Media Audio/Video file	video/x-ms-asf
ASP	ASP File
ASX	VLC media file (.asx)	video/x-ms-asf
AU	VLC media file (.au)	audio/basic
AVGFV	avgfilevault
AVI	Video Clip	video/avi
AW	Answer Wizard File
B4S	VLC media file (.b4s)
BAT	Windows Batch File
BDMV	Blu-ray File
BIK	VLC media file (.bik)
BIN	BIN File
BLG	Performance Monitor File
BMP	Bitmap Image	image/bmp
BZ	WinRAR archive
BZ2	WinRAR archive
CAB	WinRAR archive
CAF	VLC media file (.caf)	audio/x-caf
CAMP	WCS Viewing Condition Profile
CAT	Security Catalog	application/vnd.ms-pki.seccat
CDA	VLC media file (.cda)
CDDA	AIFF Audio	audio/aiff
CDMP	WCS Device Profile
CDX	CDX File
CDXML	CDXML File
CELTX	Celtx Document
CER	Security Certificate	application/x-x509-ca-cert
CHK	Recovered File Fragments
CHM	Compiled HTML Help file
CMD	Windows Command Script
COM	MS-DOS Application
COMPOSITEFONT	Composite Font File
CONTACT	Contact File	text/x-ms-contact
CPL	Control Panel Item
CRL	Certificate Revocation List	application/pkix-crl
CRT	Security Certificate	application/x-x509-ca-cert
CRTX	Microsoft Office Chart Template
CSS	Cascading Style Sheet Document	text/css
CSV	Microsoft Office Excel Comma Separated Values File	application/vnd.ms-excel
CUE	VLC media file (.cue)
CUR	Cursor
DB	Data Base File
DCTX	Open Extended Dictionary
DCTXC	Open Extended Dictionary
DDS	DDS Image	image/vnd.ms-dds
DEL	Adobe Premiere Edit Decision List
DER	Security Certificate	application/x-x509-ca-cert
DESKLINK	Desktop Shortcut
DESKTHEMEPACK	Windows Desktop Theme Pack
DET	Office Data File
DIAGCAB	Diagnostic Cabinet
DIAGCFG	Diagnostic Configuration
DIAGPKG	Diagnostic Document
DIB	Bitmap Image	image/bmp
DIF	DV Movie	video/x-dv
DLL	Application Extension	application/x-msdownload
DLX	Adobe Premiere Movie
DOC	Microsoft Office Word 97 - 2003 Document	application/msword
DOCHTML	Microsoft Word HTML Document
DOCM	Microsoft Office Word Macro-Enabled Document	application/vnd.ms-word.document.macroEnabled.12
DOCMHTML	DOCMHTML File
DOCX	Microsoft Office Word Document	application/vnd.openxmlformats-officedocument.wordprocessingml.document
DOCXML	Microsoft Word XML Document
DOT	Microsoft Office Word 97 - 2003 Template	application/msword
DOTHTML	Microsoft Word HTML Template
DOTM	Microsoft Office Word Macro-Enabled Template	application/vnd.ms-word.template.macroEnabled.12
DOTX	Microsoft Office Word Template	application/vnd.openxmlformats-officedocument.wordprocessingml.template
DQY	Microsoft Office Excel ODBC Query files
DRC	VLC media file (.drc)
DRV	Device Driver
DSN	Microsoft OLE DB Provider for ODBC Drivers
DTS	VLC media file (.dts)
DV	VLC media file (.dv)	video/x-dv
DWFX	XPS Document	model/vnd.dwfx+xps
EASMX	XPS Document	model/vnd.easmx+xps
EDRWX	XPS Document	model/vnd.edrwx+xps
ELM	Microsoft Office Themes File
EMF	EMF File	image/x-emf
EML	EML File
EMPTYBINARYREGISTRY	URL:OneNote Protocol
EPF	Exchange Certificate File
EPRTX	XPS Document	model/vnd.eprtx+xps
EVO	EVO Video File
EVT	EVT File
EVTX	EVTX File
EXE	Application	application/x-msdownload
F4V	VLC media file (.f4v)
FAD	Office Data File
FDF	Adobe Acrobat Forms Document	application/vnd.fdf
FDM	Microsoft Office Outlook Form Definition
FLAC	FLAC Audio	audio/x-flac
FLV	VLC media file (.flv)	video/x-flv
FON	Font file
GCSX	Microsoft Office SmartArt Graphic Color Variation
GFS	Microsoft Office Groove Remote File
GIF	GIF Image	image/gif
GLK	Microsoft Office Groove Shortcut
GLOX	Microsoft Office SmartArt Graphic Layout
GMMP	WCS Gamut Mapping Profile
GQSX	Microsoft Office SmartArt Graphic Quick Style
GRA	Microsoft Graph Chart
GRFX	GraphStudioNext Filter Graph File
GROUP	Contact Group File	text/x-ms-group
GRP	Microsoft Program Group
GRV	Microsoft Office Groove File	application/vnd.groove-injector
GSA	Microsoft Office Groove Space Archive
GSM	GSM Audio	audio/x-gsm
GTA	Microsoft Office Groove Tool Archive
GVI	VLC media file (.gvi)
GXF	VLC media file (.gxf)
GZ	WinRAR archive
GZIP	Kuaizip GZIP Archive file
HDMOV	HDMOV Video File
HLP	Help File
HOL	Microsoft Office Outlook Holidays
HTA	HTML Application	application/hta
HTM	URL:HyperText Transfer Protocol	text/html
HTML	URL:HyperText Transfer Protocol	text/html
HXA	Microsoft Help Attribute Definition File	application/xml
HXC	Microsoft Help Collection Definition File	application/xml
HXD	Microsoft Help Validator File	application/octet-stream
HXE	Microsoft Help Samples Definition File	application/xml
HXF	Microsoft Help Include File	application/xml
HXH	Microsoft Help Merged Hierarchy File	application/octet-stream
HXI	Microsoft Help Compiled Index File	application/octet-stream
HXK	Microsoft Help Index File	application/xml
HXQ	Microsoft Help Merged Query Index File	application/octet-stream
HXR	Microsoft Help Merged Attribute Index File	application/octet-stream
HXS	Microsoft Help Compiled Storage File	application/octet-stream
HXT	Microsoft Help Table of Contents File	application/xml
HXV	Microsoft Help Virtual Topic Definition File	application/xml
HXW	Microsoft Help Attribute Definition File	application/octet-stream
IBC	InterConnect Bizcard File
ICC	ICC Profile
ICL	Icon Library
ICM	ICC Profile
ICO	Icon	image/x-icon
ICS	iCalendar File
IFO	VLC media file (.ifo)
IMESX	IME Search provider definition
IMG	Disc Image File
INF	Setup Information
INFOPATHXML	Microsoft Office InfoPath Form	application/ms-infopath.xml
INI	Configuration Settings
IQY	Microsoft Office Excel Web Query File	text/x-ms-iqy
ISO	UltraISO File
ISZ	UltraISO File
IT	VLC media file (.it)
JAR	Kuaizip JAR Archive file
JCX	jetChat Shortcut
JEQ	jetAudio EQ Presets
JFIF	JPEG Image	image/jpeg
JLR	jetAudio Lyric
JNLP	JNLP File	application/x-java-jnlp-file
JOB	Task Scheduler Task Object
JOD	Microsoft.Jet.OLEDB.4.0
JPE	JPEG Image	image/jpeg
JPEG	JPEG Image	image/jpeg
JPG	JPEG Image	image/jpeg
JS	JavaScript File
JSE	JScript Encoded File
JSK	jetAudio Skin
JTX	XPS Document	application/x-jtx+xps
JXR	Windows Media Photo	image/vnd.ms-photo
KYS	KYS File
KZ	Kuaizip KZ Archive file
LABEL	Property List
LACCDB	Microsoft Office Access Record-Locking Information
LAYOUT	Adobe Premiere Layout
LDB	Microsoft Office Access Record-Locking Information
LEX	Dictionary File
LHA	WinRAR archive
LIBRARY-MS	Library Folder	application/windows-library+xml
LNK	Shortcut
LOG	Text Document
LZH	WinRAR archive
M1V	VLC media file (.m1v)	video/mpeg
M2P	MPEG Video File
M2T	AVCHD Video	video/vnd.dlna.mpeg-tts
M2TS	AVCHD Video	video/vnd.dlna.mpeg-tts
M2V	VLC media file (.m2v)	video/mpeg
M3U	M3U file	audio/x-mpegurl
M3U8	VLC media file (.m3u8)
M4A	AAC audio	audio/x-m4a
M4B	AAC audio book	audio/x-m4b
M4P	VLC media file (.m4p)	audio/x-m4p
M4V	MPEG-4 video	video/x-m4v
MAC	MacPaint Image	image/x-macpaint
MAD	Microsoft Office Access Module Shortcut
MAF	Microsoft Office Access Form Shortcut
MAG	Microsoft Office Access Diagram Shortcut
MAM	Microsoft Office Access Macro Shortcut
MAPIMAIL	Mail Service
MAQ	Microsoft Office Access Query Shortcut
MAR	Microsoft Office Access Report Shortcut
MAS	Microsoft Office Access Stored Procedure Shortcut
MAT	Microsoft Office Access Table Shortcut
MAU	MAU File
MAV	Microsoft Office Access View Shortcut
MAW	Microsoft Office Access Data Access Page Shortcut
MD5	MD5 Checksum File
MDA	Microsoft Office Access Add-in	application/msaccess
MDB	Microsoft Office Access Database	application/msaccess
MDBHTML	Microsoft Office Access HTML Document
MDE	Microsoft Office Access MDE Database	application/msaccess
MDN	Microsoft Office Access Blank Database Template
MDT	Microsoft Office Access Add-in Data
MDW	Microsoft Office Access Workgroup Information
MGC	Media Catalog File
MHT	MHTML Document	message/rfc822
MHTML	MHTML Document	message/rfc822
MID	VLC media file (.mid)	audio/mid
MIDI	MIDI Sequence	audio/mid
MK3D	Matroska 3D Video File
MKA	VLC media file (.mka)	audio/x-matroska
MKV	MKV Video	video/x-matroska
MLC	Language Pack File_
MLP	VLC media file (.mlp)
MML	Media Catalog File
MMW	Media Catalog File
MOD	Movie Clip	video/mpeg
MOU	Kuaizip MOU Archive file
MOV	QuickTime Movie	video/quicktime
MP1	VLC media file (.mp1)
MP2	VLC media file (.mp2)	audio/mpeg
MP2V	VLC media file (.mp2v)	video/mpeg
MP3	MP3 Format Sound	audio/mpeg
MP4	MPEG-4 Movie	video/mp4
MP4V	MP4 Video	video/mp4
MPA	Movie Clip	audio/mpeg
MPC	VLC media file (.mpc)
MPCPL	MPC Playlist File
MPE	Movie Clip	video/mpeg
MPEG	Movie Clip	video/mpeg
MPEG1	VLC media file (.mpeg1)
MPEG2	VLC media file (.mpeg2)
MPEG4	VLC media file (.mpeg4)
MPF	Clip Organizer Media Package File	application/vnd.ms-mediapackage
MPG	Movie Clip	video/mpeg
MPGA	VLC media file (.mpga)
MPL	DVD Audio File
MPLS	Blu-ray Playlist File
MPV2	Movie Clip	video/mpeg
MPV4	MPV4 Video File
MQV	QuickTime Movie	video/quicktime
MSC	Microsoft Common Console Document
MSG	Outlook Item
MSI	Windows Installer Package
MSP	Windows Installer Patch
MSRCINCIDENT	Windows Remote Assistance Invitation
MSSTYLES	Windows Visual Style File
MSU	Microsoft Update Standalone Package
MS-WINDOWS-STORE-LICENSE	Windows Store License
MTS	AVCHD Video	video/vnd.dlna.mpeg-tts
MTV	VLC media file (.mtv)
MXF	VLC media file (.mxf)
MYDOCS	MyDocs Drop Target
NFO	MSInfo Configuration File
NICK	Office Data File
NK2	Office Data File
NSV	VLC media file (.nsv)
NUV	VLC media file (.nuv)
OCX	ActiveX control
ODC	Microsoft Office Data Connection	text/x-ms-odc
ODCCUBEFILE	ODCCUBEFILE File
ODCDATABASEFILE	ODCDATABASEFILE File
ODCNEWFILE	ODCNEWFILE File
ODCTABLEFILE	ODCTABLEFILE File
ODT	ODF Text Document
OFS	OFS File
OFT	Outlook Item Template
OGA	VLC media file (.oga)
OGG	VLC media file (.ogg)
OGM	VLC media file (.ogm)
OGV	VLC media file (.ogv)
OGX	VLC media file (.ogx)
OLS	Microsoft Office List Shortcut	application/vnd.ms-publisher
OMA	VLC media file (.oma)
ONE	Microsoft Office OneNote Section	application/msonenote
ONEPKG	Microsoft Office OneNote Single File Package	application/msonenote
ONETOC	Microsoft Office OneNote 2003 Table Of Contents
ONETOC2	Microsoft Office OneNote Table Of Contents
OPC	Microsoft Clean-up Wizard File
OPUS	VLC media file (.opus)
OQY	Microsoft Office Excel OLAP Query File
OSDX	OpenSearch Description File	application/opensearchdescription+xml
OST	Microsoft Office Outlook Offline Folders
OTF	OpenType Font file
OTM	Outlook VBA Project File
OXPS	XPS Document
P10	Certificate Request	application/pkcs10
P12	Personal Information Exchange	application/x-pkcs12
P7B	PKCS #7 Certificates	application/x-pkcs7-certificates
P7C	Digital ID File	application/pkcs7-mime
P7M	PKCS #7 MIME Message	application/pkcs7-mime
P7R	Certificate Request Response	application/x-pkcs7-certreqresp
P7S	PKCS #7 Signature	application/pkcs7-signature
PAB	Office Data File
PANO	PANO File	application/vnd.ms-pano
PARTIAL	Partial Download
PBK	Dial-Up Phonebook
PCB	PCB File
PCT	PICT Image	image/pict
PDF	PDF File	application/pdf
PDFXML	Adobe Acrobat PDFXML Document	application/vnd.adobe.pdfxml
PDN	Paint.NET Image
PDX	Acrobat Catalog Index	application/vnd.adobe.pdx
PERFMONCFG	Performance Monitor Configuration
PFM	Type 1 Font file
PFX	Personal Information Exchange	application/x-pkcs12
PIC	PICT Image	image/pict
PICT	PICT Image	image/pict
PIF	Shortcut to MS-DOS Program
PIP	Microsoft Office Settings File
PKO	Public Key Security Object	application/vnd.ms-pki.pko
PLIST	QuickTime Preferences
PLS	VLC media file (.pls)
PNF	Precompiled Setup Information
PNG	PNG Image	image/png
PNT	MacPaint Image	image/x-macpaint
PNTG	MacPaint Image	image/x-macpaint
POT	Microsoft Office PowerPoint 97-2003 Template	application/vnd.ms-powerpoint
POTHTML	Microsoft Office PowerPoint HTML Template
POTM	Microsoft Office PowerPoint Macro-Enabled Design Template	application/vnd.ms-powerpoint.template.macroEnabled.12
POTX	Microsoft Office PowerPoint Template	application/vnd.openxmlformats-officedocument.presentationml.template
PPA	Microsoft Office PowerPoint 97-2003 Addin	application/vnd.ms-powerpoint
PPAM	Microsoft Office PowerPoint Addin	application/vnd.ms-powerpoint.addin.macroEnabled.12
PPJ	Adobe Premiere Project
PPKG	RunTime Provisioning Tool
PPROJ	Adobe Premiere Project
PPS	Microsoft Office PowerPoint 97-2003 Slide Show	application/vnd.ms-powerpoint
PPSM	Microsoft Office PowerPoint Macro-Enabled Slide Show	application/vnd.ms-powerpoint.slideshow.macroEnabled.12
PPSX	Microsoft Office PowerPoint Slide Show	application/vnd.openxmlformats-officedocument.presentationml.slideshow
PPT	Microsoft Office PowerPoint 97-2003 Presentation	application/vnd.ms-powerpoint
PPTHTML	Microsoft Office PowerPoint HTML Document
PPTM	Microsoft Office PowerPoint Macro-Enabled Presentation	application/vnd.ms-powerpoint.presentation.macroEnabled.12
PPTMHTML	PPTMHTML File
PPTX	Microsoft Office PowerPoint Presentation	application/vnd.openxmlformats-officedocument.presentationml.presentation
PPTXML	Microsoft Office PowerPoint XML Presentation
PREXPORT	PREXPORT File
PRF	PICS Rules File	application/pics-rules
PRFPSET	PRFPSET File
PRINTEREXPORT	Printer Migration File
PRM	Adobe Premiere Plugin
PRMP	Adobe Premiere Plugin
PRPRESET	PRPRESET File
PRPROJ	Adobe Premiere Project
PRSL	PRSL File
PRTL	Adobe Premiere Title
PS1	PS1 File
PS1XML	PS1XML File
PSC1	PSC1 File	application/PowerShell
PSD1	PSD1 File
PSM1	PSM1 File
PSSC	PSSC File
PST	Microsoft Office Outlook Personal Folders
PUB	Microsoft Office Publisher Document	application/vnd.ms-publisher
PUBHTML	PUBHTML File
PUBMHTML	PUBMHTML File
PWZ	Microsoft PowerPoint Wizard	application/vnd.ms-powerpoint
QCP	VLC media file (.qcp)
QDS	Directory Query
QHT	QHT File	text/x-html-insertion
QHTM	QHTM File	text/x-html-insertion
QPA	QuickTime Player Addition
QT	QuickTime Movie	video/quicktime
QTI	QuickTime Image	image/x-quicktime
QTIF	QuickTime Image	image/x-quicktime
QTL	QuickTime Movie	application/x-quicktimeplayer
QTP	QuickTime Preferences
QTR	QuickTime Resources
QTS	QuickTime
QTX	QuickTime Extension
R00	WinRAR archive
R01	WinRAR archive
R02	WinRAR archive
R03	WinRAR archive
R04	WinRAR archive
R05	WinRAR archive
R06	WinRAR archive
R07	WinRAR archive
R08	WinRAR archive
R09	WinRAR archive
R10	WinRAR archive
R11	WinRAR archive
R12	WinRAR archive
R13	WinRAR archive
R14	WinRAR archive
R15	WinRAR archive
R16	WinRAR archive
R17	WinRAR archive
R18	WinRAR archive
R19	WinRAR archive
R20	WinRAR archive
R21	WinRAR archive
R22	WinRAR archive
R23	WinRAR archive
R24	WinRAR archive
R25	WinRAR archive
R26	WinRAR archive
R27	WinRAR archive
R28	WinRAR archive
R29	WinRAR archive
RA	VLC media file (.ra)
RAM	VLC media file (.ram)
RAR	WinRAR archive
RAT	Rating System File	application/rat-file
RDI	Command file of R-Drive Image
RDP	Remote Desktop Connection
RDR	Image file of R-Drive Image
REC	VLC media file (.rec)
REG	Registration Entries
RESMONCFG	Resource Monitor Configuration
REV	RAR recovery volume
RLE	RLE File
RLL	Application Extension
RM	VLC media file (.rm)
RMI	VLC media file (.rmi)	audio/mid
RMVB	VLC media file (.rmvb)
RPL	VLC media file (.rpl)
RPM	Kuaizip RPM Archive file
RQY	Microsoft Office Excel OLE DB Query files	text/x-ms-rqy
RTF	Rich Text Format	application/msword
RWZ	Office Data File
S3M	VLC media file (.s3m)
SCAD	OpenSCAD_File
SCF	File Explorer Command
SCP	Text Document
SCR	Screen saver
SCT	Windows Script Component	text/scriptlet
SD2	Sound Designer 2	audio/x-sd2
SDP	VLC media file (.sdp)	application/sdp
SEARCHCONNECTOR-MS	Search Connector Folder	application/windows-search-connector+xml
SEARCH-MS	Saved Search
SECSTORE	SECSTORE File
SETTINGCONTENT-MS	Setting Content
SFCACHE	ReadyBoost Cache File
SFV	SFV Checksum File
SHTM	URL:HyperText Transfer Protocol
SHTML	URL:HyperText Transfer Protocol
SLDM	Microsoft Office PowerPoint Macro-Enabled Slide	application/vnd.ms-powerpoint.slide.macroEnabled.12
SLDX	Microsoft Office PowerPoint Slide	application/vnd.openxmlformats-officedocument.presentationml.slide
SLK	Microsoft Office Excel SLK Data Import Format	application/vnd.ms-excel
SND	VLC media file (.snd)	audio/basic
SPC	PKCS #7 Certificates	application/x-pkcs7-certificates
SPL	Shockwave Flash Object	application/futuresplash
SPX	VLC media file (.spx)
SST	Microsoft Serialized Certificate Store	application/vnd.ms-pki.certstore
SVG	SVG Document	image/svg+xml
SWF	Shockwave Flash Object	application/x-shockwave-flash
SYMLINK	.symlink
SYS	System file
TAK	TAK Audio File
TAR	WinRAR archive
TAZ	WinRAR archive
TBZ	WinRAR archive
TBZ2	WinRAR archive
TCELTX	Celtx Template
TGA	Paint.NET Image	image/targa
TGZ	WinRAR archive
THEME	Windows Theme File
THEMEPACK	Windows Theme Pack
THMX	Microsoft Office Theme	application/vnd.ms-officetheme
THP	VLC media file (.thp)
TIB	Acronis True Image Backup Archive
TIF	TIF File	image/tiff
TIFF	TIFF File	image/tiff
TIS	Acronis True Image Script
TP	MPEG-TS Video File
TPS	MPEG-TS Video File
TRP	MPEG-TS Video File
TS	MPEG-2 TS Video	video/vnd.dlna.mpeg-tts
TTA	VLC media file (.tta)
TTC	TrueType Collection Font file
TTF	TrueType Font file
TTS	MPEG-2 TS Video	video/vnd.dlna.mpeg-tts
TXT	Text Document	text/plain
TXZ	WinRAR archive
UDL	Microsoft Data Link
UI	UltraISO File
URL	Internet Shortcut
UU	WinRAR archive
UUE	WinRAR archive
UXDC	UXDC File
VBE	VBScript Encoded File
VBS	VBScript Script File
VCF	vCard File	text/x-vcard
VCG	Microsoft Office Groove VCard	application/vnd.groove-vcard
VCS	vCalendar File
VDX	Microsoft Visio Document	application/vnd.ms-visio.viewer
VHD	Disc Image File
VHDX	Disc Image File
VLC	VLC media file (.vlc)
VOB	VLC media file (.vob)
VOC	VLC media file (.voc)
VPR	VPR File
VQF	VLC media file (.vqf)
VRO	VLC media file (.vro)
VSD	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSS	Microsoft Visio Document	application/vnd.ms-visio.viewer
VST	Microsoft Visio Document	application/vnd.ms-visio.viewer
VSX	Microsoft Visio Document	application/vnd.ms-visio.viewer
VTX	Microsoft Visio Document	application/vnd.ms-visio.viewer
VXD	Virtual Device Driver
W64	VLC media file (.w64)
WAB	Address Book File
WAV	Wave Sound	audio/wav
WAX	Windows Media Audio shortcut	audio/x-ms-wax
WBCAT	Windows Backup Catalog File
WBK	Microsoft Word Backup Document	application/msword
WCX	Workspace Configuration File
WDP	Windows Media Photo	image/vnd.ms-photo
WEBM	VLC media file (.webm)
WEBP	URL:HyperText Transfer Protocol
WEBPNP	Web Point And Print File
WEBSITE	Pinned Site Shortcut	application/x-mswebsite
WIM	Kuaizip WIM Archive file
WIZ	Microsoft Word Wizard	application/msword
WIZHTML	Microsoft Office Access HTML Template
WLL	WLL File
WM	Windows Media Audio/Video file	video/x-ms-wm
WMA	Windows Media Audio file	audio/x-ms-wma
WMD	Windows Media Player Download Package	application/x-ms-wmd
WMDB	Windows Media Library
WMF	WMF File	image/x-wmf
WMS	Windows Media Player Skin File
WMV	Windows Media Audio/Video file	video/x-ms-wmv
WMX	Windows Media Audio/Video playlist	video/x-ms-wmx
WMZ	Windows Media Player Skin Package	application/x-ms-wmz
WPL	Windows Media playlist	application/vnd.ms-wpl
WSC	Windows Script Component	text/scriptlet
WSF	Windows Script File
WSH	Windows Script Host Settings File
WTX	Text Document
WV	VLC media file (.wv)
WVX	VLC media file (.wvx)	video/x-ms-wvx
XA	VLC media file (.xa)
XAML	Windows Markup File	application/xaml+xml
XBAP	XAML Browser Application	application/x-ms-xbap
XDP	Adobe Acrobat XML Data Package File	application/vnd.adobe.xdp+xml
XESC	VLC media file (.xesc)
XFDF	Adobe Acrobat Forms Document	application/vnd.adobe.xfdf
XHT	URL:HyperText Transfer Protocol	application/xhtml+xml
XHTML	URL:HyperText Transfer Protocol	application/xhtml+xml
XLA	Microsoft Office Excel Add-In	application/vnd.ms-excel
XLAM	Microsoft Office Excel Add-In	application/vnd.ms-excel.addin.macroEnabled.12
XLK	Microsoft Office Excel Backup File	application/vnd.ms-excel
XLL	Microsoft Office Excel XLL Add-In	application/vnd.ms-excel
XLM	Microsoft Office Excel 4.0 Macro	application/vnd.ms-excel
XLS	Microsoft Office Excel 97-2003 Worksheet	application/vnd.ms-excel
XLSB	Microsoft Office Excel Binary Worksheet	application/vnd.ms-excel.sheet.binary.macroEnabled.12
XLSHTML	Microsoft Office Excel HTML Document
XLSM	Microsoft Office Excel Macro-Enabled Worksheet	application/vnd.ms-excel.sheet.macroEnabled.12
XLSMHTML	XLSMHTML File
XLSX	Microsoft Office Excel Worksheet	application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
XLT	Microsoft Office Excel Template	application/vnd.ms-excel
XLTHTML	Microsoft Office Excel HTML Template
XLTM	Microsoft Office Excel Macro-Enabled Template	application/vnd.ms-excel.template.macroEnabled.12
XLTX	Microsoft Office Excel Template	application/vnd.openxmlformats-officedocument.spreadsheetml.template
XLW	Microsoft Office Excel Workspace	application/vnd.ms-excel
XLXML	Microsoft Office Excel XML Worksheet
XM	VLC media file (.xm)
XML	XML Document	text/xml
XPS	XPS Document	application/vnd.ms-xpsdocument
XRM-MS	XrML Digital License	text/xml
XSF	Microsoft Office InfoPath Form Definition File
XSL	XSL Stylesheet	text/xml
XSN	Microsoft Office InfoPath Form Template
XSPF	VLC media file (.xspf)
XST	Microsoft Office Outlook Personal Folders
XTP	Microsoft Office InfoPath Template Part File
XXE	WinRAR archive
XZ	WinRAR archive
Z	WinRAR archive
ZFSENDTOTARGET	Compressed (zipped) Folder SendTo Target
ZIP	WinRAR ZIP archive
ZIPX	Kuaizip ZIPX Archive file

Windows Security


Operating System Properties:
	OS Name	Microsoft Windows 10 Pro
	OS Service Pack	[ TRIAL VERSION ]
	Winlogon Shell	explorer.exe
	User Account Control (UAC)	Enabled
	UAC Remote Restrictions	Enabled
	System Restore	Enabled
	Windows Update Agent	10.0.14393.0 (rs1_release.160715-1616)

Data Execution Prevention (DEP, NX, EDB):
	Supported by Operating System	Yes
	Supported by CPU	Yes
	Active (To Protect Applications)	Yes
	Active (To Protect Drivers)	Yes

Windows Update


Update Description	Update Type	Inst. Date
(Automatic Update)	Unknown
Advanced Micro Devices, Inc. driver update for AMD Radeon HD 7700 Series	Update	10/27/2016
Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB3194496)	Update	10/3/2016
Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB3194798)	Update	10/12/2016
Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB3197954)	Update	10/31/2016
Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB3200970)	Update	11/9/2016
Definition Update for Windows Defender - KB2267602 (Definition 1.231.2173.0)	Update	11/17/2016
Definition Update for Windows Defender - KB2267602 (Definition 1.233.119.0)	Update	11/19/2016
Definition Update for Windows Defender - KB2267602 (Definition 1.233.216.0)	Update	11/21/2016
Definition Update for Windows Defender - KB2267602 (Definition 1.233.303.0)	Update	11/22/2016
Definition Update for Windows Defender - KB2267602 (Definition 1.235.428.0)	Update	1/15/2017
Definition Update for Windows Defender - KB2267602 (Definition 1.235.533.0)	Update	1/16/2017
Feature update to Windows 10, version 1607	Update	10/2/2016
Security Update for Adobe Flash Player for Windows 10 Version 1607 (for x64-based Systems) (KB3194343)	Update	10/12/2016
Security Update for Adobe Flash Player for Windows 10 Version 1607 (for x64-based Systems) (KB3201860)	Update	10/31/2016
Security Update for Adobe Flash Player for Windows 10 Version 1607 (for x64-based Systems) (KB3202790)	Update	11/9/2016
Security Update for Adobe Flash Player for Windows 10 Version 1607 (for x64-based Systems) (KB3214628)	Update	1/17/2017
Security Update for Adobe Flash Player for Windows 10 Version 1607 for x64-based Systems (KB3188128)	Update	10/3/2016
Update for Windows 10 Version 1607 for x64-based Systems (KB3176936)	Update	10/3/2016
Update for Windows 10 Version 1607 for x64-based Systems (KB3199209)	Update	10/18/2016
Update for Windows 10 Version 1607 for x64-based Systems (KB3199986)	Update	10/31/2016
Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - October 2016 (KB890830)	Update	10/14/2016
Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - January 2017 (KB890830)	Update	1/17/2017
Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - November 2016 (KB890830)	Update	11/9/2016

Anti-Virus


Software Description	Software Version	Virus Database Date	Known Viruses
Windows Defender	4.10.14393.187(rs1_release_inmarket.160906-1818)	1/16/2017	?

Firewall


Software Description	Software Version	Status
Windows Firewall	10.0.14393.0	Enabled

Anti-Spyware


		Software Description	Software Version
		Microsoft Windows Defender	4.10.14393.187(rs1_release_inmarket.160906-1818)

Regional


Time Zone:
	Current Time Zone	SE Asia Standard Time
	Current Time Zone Description	(UTC+07:00) Bangkok, Hanoi, Jakarta
	Change To Standard Time
	Change To Daylight Saving Time

Language:
	Language Name (Native)	English
	Language Name (English)	English
	Language Name (ISO 639)	en

Country/Region:
	Country Name (Native)	United States
	Country Name (English)	United States
	Country Name (ISO 3166)	US
	Country Code	1

Currency:
	Currency Name (Native)	US Dollar
	Currency Name (English)	US Dollar
	Currency Symbol (Native)	$
	Currency Symbol (ISO 4217)	USD
	Currency Format	$123,456,789.00
	Negative Currency Format	($123,456,789.00)

Formatting:
	Time Format	h:mm:ss tt
	Short Date Format	M/d/yyyy
	Long Date Format	dddd, MMMM d, yyyy
	Number Format	123,456,789.00
	Negative Number Format	-123,456,789.00
	List Format	first, second, third
	Native Digits	0123456789

Days of Week:
	Native Name for Monday	Monday / Mon
	Native Name for Tuesday	Tuesday / Tue
	Native Name for Wednesday	Wednesday / Wed
	Native Name for Thursday	Thursday / Thu
	Native Name for Friday	Friday / Fri
	Native Name for Saturday	Saturday / Sat
	Native Name for Sunday	Sunday / Sun

Months:
	Native Name for January	January / Jan
	Native Name for February	February / Feb
	Native Name for March	March / Mar
	Native Name for April	April / Apr
	Native Name for May	May / May
	Native Name for June	June / Jun
	Native Name for July	July / Jul
	Native Name for August	August / Aug
	Native Name for September	September / Sep
	Native Name for October	October / Oct
	Native Name for November	November / Nov
	Native Name for December	December / Dec

Miscellaneous:
	Calendar Type	Gregorian (localized)
	Default Paper Size	US Letter
	Measurement System	U.S.

Display Languages:
	LCID 0409h (Active)	English (United States)

Environment


		Variable	Value
		__COMPAT_LAYER	Installer
		ALLUSERSPROFILE	C:\ProgramData
		APPDATA	C:\Users\Draku\AppData\Roaming
		BREAKPAD_DUMP_LOCATION	C:\Program Files (x86)\Bedhat\Reports\Dump
		CLASSPATH	.;C:\Program Files (x86)\Java\jre7\lib\ext\QTJava.zip
		CommonProgramFiles(x86)	C:\Program Files (x86)\Common Files
		CommonProgramFiles	C:\Program Files (x86)\Common Files
		CommonProgramW6432	C:\Program Files\Common Files
		COMPUTERNAME	DESKTOP-8V8TQ92
		ComSpec	C:\WINDOWS\system32\cmd.exe
		FPS_BROWSER_APP_PROFILE_STRING	Internet Explorer
		FPS_BROWSER_USER_PROFILE_STRING	Default
		HOMEDRIVE	C:
		HOMEPATH	\Users\Draku
		LOCALAPPDATA	C:\Users\Draku\AppData\Local
		LOGONSERVER	\\DESKTOP-8V8TQ92
		NUMBER_OF_PROCESSORS	8
		OneDrive	C:\Users\Draku\OneDrive
		OS	Windows_NT
		Path	C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Users\Draku\AppData\Local\Microsoft\WindowsApps
		PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
		PROCESSOR_ARCHITECTURE	x86
		PROCESSOR_ARCHITEW6432	AMD64
		PROCESSOR_IDENTIFIER	Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
		PROCESSOR_LEVEL	6
		PROCESSOR_REVISION	2a07
		ProgramData	C:\ProgramData
		ProgramFiles(x86)	C:\Program Files (x86)
		ProgramFiles	C:\Program Files (x86)
		ProgramW6432	C:\Program Files
		PSModulePath	C:\Program Files\WindowsPowerShell\Modules;C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules
		PUBLIC	C:\Users\Public
		QTJAVA	C:\Program Files (x86)\Java\jre7\lib\ext\QTJava.zip
		SystemDrive	C:
		SystemRoot	C:\WINDOWS
		TEMP	C:\Users\Draku\AppData\Local\Temp
		TMP	C:\Users\Draku\AppData\Local\Temp
		USERDOMAIN_ROAMINGPROFILE	DESKTOP-8V8TQ92
		USERDOMAIN	DESKTOP-8V8TQ92
		USERNAME	Draku
		USERPROFILE	C:\Users\Draku
		windir	C:\WINDOWS

Control Panel


		Name	Comment
		Flash Player	Manage Flash Player Settings
		Java	Java Control Panel
		Mail	Microsoft Office Outlook Profiles
		QuickTime	Configures QuickTime software and hardware components.

Recycle Bin


Drive	Items Size	Items Count	Space %	Recycle Bin
C:	0	0	?	?
D:	0	0	?	?

System Files


	[ system.ini ]

		; for 16-bit app support
		[386Enh]
		woafont=dosapp.fon
		EGA80WOA.FON=EGA80WOA.FON
		EGA40WOA.FON=EGA40WOA.FON
		CGA80WOA.FON=CGA80WOA.FON
		CGA40WOA.FON=CGA40WOA.FON

		[drivers]
		wave=mmdrv.dll
		timer=timer.drv

		[mci]

	[ win.ini ]

		; for 16-bit app support
		[fonts]
		[extensions]
		[mci extensions]
		[files]
		[Mail]
		MAPI=1
		CMCDLLNAME32=mapi32.dll
		CMC=1
		MAPIX=1
		MAPIXVER=1.0.0.1
		OLEMessaging=1

	[ hosts ]












	[ lmhosts.sam ]

System Folders


		System Folder	Path
		Administrative Tools	C:\Users\Draku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
		AppData	C:\Users\Draku\AppData\Roaming
		Cache	C:\Users\Draku\AppData\Local\Microsoft\Windows\INetCache
		CD Burning	C:\Users\Draku\AppData\Local\Microsoft\Windows\Burn\Burn
		Common Administrative Tools	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
		Common AppData	C:\ProgramData
		Common Desktop	C:\Users\Public\Desktop
		Common Documents	C:\Users\Public\Documents
		Common Favorites	C:\Users\Draku\Favorites
		Common Files (x86)	C:\Program Files (x86)\Common Files
		Common Files	C:\Program Files (x86)\Common Files
		Common Music	C:\Users\Public\Music
		Common Pictures	C:\Users\Public\Pictures
		Common Programs	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
		Common Start Menu	C:\ProgramData\Microsoft\Windows\Start Menu
		Common Startup	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
		Common Templates	C:\ProgramData\Microsoft\Windows\Templates
		Common Video	C:\Users\Public\Videos
		Cookies	C:\Users\Draku\AppData\Local\Microsoft\Windows\INetCookies
		Desktop	C:\Users\Draku\Desktop
		Device	C:\WINDOWS\inf
		Favorites	C:\Users\Draku\Favorites
		Fonts	C:\WINDOWS\Fonts
		History	C:\Users\Draku\AppData\Local\Microsoft\Windows\History
		Local AppData	C:\Users\Draku\AppData\Local
		My Documents	C:\Users\Draku\Documents
		My Music	C:\Users\Draku\Music
		My Pictures	C:\Users\Draku\Pictures
		My Video	C:\Users\Draku\Videos
		NetHood	C:\Users\Draku\AppData\Roaming\Microsoft\Windows\Network Shortcuts
		PrintHood	C:\Users\Draku\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
		Profile	C:\Users\Draku
		Program Files (x86)	C:\Program Files (x86)
		Program Files	C:\Program Files (x86)
		Programs	C:\Users\Draku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
		Recent	C:\Users\Draku\AppData\Roaming\Microsoft\Windows\Recent
		Resources	C:\WINDOWS\resources
		SendTo	C:\Users\Draku\AppData\Roaming\Microsoft\Windows\SendTo
		Start Menu	C:\Users\Draku\AppData\Roaming\Microsoft\Windows\Start Menu
		Startup	C:\Users\Draku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
		System (x86)	C:\WINDOWS\SysWoW64
		System	C:\WINDOWS\system32
		Temp	C:\Users\Draku\AppData\Local\Temp\
		Templates	C:\Users\Draku\AppData\Roaming\Microsoft\Windows\Templates
		Windows	C:\WINDOWS

Event Logs


Log Name	Event Type	Category	Generated On	User	Source	Description
Application	Error	None	2017-01-15 10:37:07		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Application	Error	3	2017-01-15 10:46:52		DbxSvc	320: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
Application	Error	3	2017-01-15 10:50:31		DbxSvc	320: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
Application	Error	None	2017-01-15 10:50:38		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Application	Error	None	2017-01-15 10:50:38		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Application	Error	3	2017-01-15 10:57:23		DbxSvc	320: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
Application	Error	None	2017-01-15 10:57:33		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Application	Error	None	2017-01-15 10:57:34		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Application	Error	3	2017-01-15 11:09:23		DbxSvc	320: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
Application	Error	None	2017-01-15 11:09:33		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Application	Warning	None	2017-01-15 11:09:35	SYSTEM	Microsoft-Windows-User Profiles Service	1534: Profile notification of event Create for component {2c86c843-77ae-4284-9722-27d65366543c} failed, error code is Not implemented .
Application	Error	None	2017-01-15 11:09:36		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Application	Error	None	2017-01-15 11:24:36		SideBySide	33: Activation context generation failed for "c:\program files (x86)\avg\setup\avgntdumpx.exe". Dependent Assembly AVG.VC140.CRT,processorArchitecture="x86",publicKeyToken="f92d94485545da78",type="win32",version="14.0.23918.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-15 11:24:45		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-15 11:24:45		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-15 11:24:45		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-15 11:24:45		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-15 11:24:51		SideBySide	33: Activation context generation failed for "C:\WINDOWS\Temp\AvgSetup\a193d94b-cce9-47cf-8a8d-4162723965c8\install\fmw\avgrdsttesta.exe". Dependent Assembly AVG.VC140.CRT,processorArchitecture="amd64",publicKeyToken="f92d94485545da78",type="win32",version="14.0.23918.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-15 11:24:53		SideBySide	33: Activation context generation failed for "C:\WINDOWS\Temp\AvgSetup\a193d94b-cce9-47cf-8a8d-4162723965c8\install\fmw\avgrdsttestx.exe". Dependent Assembly AVG.VC140.CRT,processorArchitecture="x86",publicKeyToken="f92d94485545da78",type="win32",version="14.0.23918.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Warning	None	2017-01-15 11:26:42	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'C:\Windows\explorer.exe' (pid 5556) cannot be restarted - 1.
Application	Warning	None	2017-01-15 11:26:42	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'C:\Program Files (x86)\AVG\Av\avgui.exe' (pid 7800) cannot be restarted - 1.
Application	Warning	None	2017-01-15 11:26:42	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'D:\Program Files (x86)\GarenaLoLLCUVN\GameData\Apps\LoLLCUVN\LeagueClient\LeagueClient.exe' (pid 5256) cannot be restarted - 1.
Application	Warning	None	2017-01-15 11:26:42	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'D:\Program Files (x86)\GarenaLoLLCUVN\GameData\Apps\LoLLCUVN\LeagueClient\LeagueClientUx.exe' (pid 9636) cannot be restarted - 1.
Application	Warning	None	2017-01-15 11:26:42	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'D:\Program Files (x86)\GarenaLoLLCUVN\GameData\Apps\LoLLCUVN\LeagueClient\LeagueClientUx.exe' (pid 3464) cannot be restarted - 1.
Application	Warning	None	2017-01-15 11:26:42	SYSTEM	Microsoft-Windows-RestartManager	10010: Application 'D:\Program Files (x86)\GarenaLoLLCUVN\GameData\Apps\LoLLCUVN\LeagueClient\LeagueClientUx.exe' (pid 7580) cannot be restarted - 1.
Application	Error	None	2017-01-15 13:21:21		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Application	Error	None	2017-01-15 13:30:15		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Application	Error	None	2017-01-15 21:14:25		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x80072EE7 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Application	Error	None	2017-01-15 21:14:27		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Application	Error	None	2017-01-16 20:11:14		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-16 20:11:14		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-16 20:11:14		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-16 20:11:14		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-16 20:11:15		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Application	Error	None	2017-01-16 20:11:15		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
Application	Error	None	2017-01-16 20:15:15		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-16 20:15:15		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-16 20:15:15		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-16 20:15:15		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-16 20:46:55		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-16 20:46:55		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-16 20:46:55		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-16 20:46:55		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-16 21:06:49		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-16 21:06:49		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-16 21:06:49		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-16 21:06:49		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-16 23:26:19		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Application	Error	None	2017-01-17 18:18:59		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
Application	Error	None	2017-01-17 18:18:59		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Application	Error	None	2017-01-17 18:19:59		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-17 18:19:59		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-17 18:19:59		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-17 18:19:59		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-17 18:22:31		Perflib	1008: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Application	Error	None	2017-01-18 15:05:55		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Application	Error	None	2017-01-18 15:06:14		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Application	Error	None	2017-01-18 15:33:58		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Application	Error	None	2017-01-18 17:16:47		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Application	Error	None	2017-01-18 17:57:59		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-18 17:57:59		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-18 17:57:59		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Application	Error	None	2017-01-18 17:57:59		SideBySide	33: Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Security	Audit Success	13312	2017-01-15 10:36:41		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x234 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:36:41		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x254 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x234 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13573	2017-01-15 10:36:41		Microsoft-Windows-Security-Auditing	4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
Security	Audit Success	13312	2017-01-15 10:36:48		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x294 New Process Name: ??????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x234 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:36:48		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x29c New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x294 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	12288	2017-01-15 10:36:50		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2017-01-15 10:36:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:36:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:36:50		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13312	2017-01-15 10:36:50		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x300 New Process Name: ??????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x234 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:36:50		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x308 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x294 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:36:50		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x310 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x300 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:36:50		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x354 New Process Name: ????????????????-??6??8?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x308 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:36:50		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x35c New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x308 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13568	2017-01-15 10:36:50		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xee15
Security	Audit Success	12544	2017-01-15 10:36:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:36:51		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3bc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2017-01-15 10:36:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x15a8d Linked Logon ID: 0x15aa9 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3bc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:36:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x15aa9 Linked Logon ID: 0x15a8d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3bc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:36:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:36:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x15a8d Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:36:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x15aa9 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	101	2017-01-15 10:36:52		Microsoft-Windows-Eventlog	1101: Audit events have been dropped by the transport. 0
Security	Audit Success	12544	2017-01-15 10:36:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:36:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:36:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:36:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:36:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:36:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 10:36:52		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x434 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 10:36:52		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x434 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12292	2017-01-15 10:36:53		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12544	2017-01-15 10:36:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:36:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:36:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:36:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:36:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x39984 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:36:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:36:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:36:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:36:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13824	2017-01-15 10:36:53		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x398 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13826	2017-01-15 10:36:53		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x5fc Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 10:36:53		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x5fc Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12292	2017-01-15 10:36:54		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2017-01-15 10:36:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:36:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:36:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:36:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 10:36:54		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xd9c Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2017-01-15 10:36:54		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xd9c Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	12290	2017-01-15 10:37:01		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 510a38ec-b74c-f087-969f-826bc0f2d9aa Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2017-01-15 10:37:01		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 510a38ec-b74c-f087-969f-826bc0f2d9aa Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12290	2017-01-15 10:37:06		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 510a38ec-b74c-f087-969f-826bc0f2d9aa Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2017-01-15 10:37:06		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 510a38ec-b74c-f087-969f-826bc0f2d9aa Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2017-01-15 10:37:07		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:37:07		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 10:37:39		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x434 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 10:37:39		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x434 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13824	2017-01-15 10:37:44		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x398 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	12544	2017-01-15 10:39:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:39:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 10:39:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:39:55		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13824	2017-01-15 10:39:56		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1058 Process Name: C:\Windows\System32\CompatTelRunner.exe
Security	Audit Success	13826	2017-01-15 10:44:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x434 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 10:44:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x434 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2017-01-15 10:47:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:47:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 10:47:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:47:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 10:47:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:47:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:47:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:47:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 10:47:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x14b8 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 10:47:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x14b8 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 10:47:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x14b8 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 10:47:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x14b8 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 10:47:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x14b8 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 10:47:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x14b8 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 10:47:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x14b8 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 10:47:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x14b8 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13568	2017-01-15 10:47:20		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x14b8 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x984bb5
Security	Audit Success	13568	2017-01-15 10:47:20		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x14b8 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x984bb5
Security	Audit Success	13824	2017-01-15 10:47:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x398 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	12544	2017-01-15 10:47:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x354 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:47:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13568	2017-01-15 10:47:25		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x14b8 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x9c834b
Security	Audit Success	13568	2017-01-15 10:47:25		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x14b8 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x9c834b
Security	Audit Success	103	2017-01-15 10:47:32		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	13312	2017-01-15 10:50:20		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x234 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13573	2017-01-15 10:50:20		Microsoft-Windows-Security-Auditing	4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
Security	Audit Success	13312	2017-01-15 10:50:21		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x254 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x234 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:50:27		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x294 New Process Name: ??????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x234 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:50:27		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2a0 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x294 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	12288	2017-01-15 10:50:29		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2017-01-15 10:50:29		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:50:29		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x358 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:50:29		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x358 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:50:29		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:50:29		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	13312	2017-01-15 10:50:29		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x304 New Process Name: ??????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x234 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:50:29		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x30c New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x294 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:50:29		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x314 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x304 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:50:29		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x358 New Process Name: ????????????????-??6??c?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x30c Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:50:29		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x360 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x30c Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13568	2017-01-15 10:50:29		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xbff2
Security	Audit Success	12544	2017-01-15 10:50:30		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3a8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2017-01-15 10:50:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12c43 Linked Logon ID: 0x12c60 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3a8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:50:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12c60 Linked Logon ID: 0x12c43 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3a8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:50:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x358 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:50:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x358 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:50:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x358 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:50:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x358 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:50:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x358 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:50:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12c43 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:50:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12c60 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12548	2017-01-15 10:50:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:50:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:50:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:50:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:50:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12292	2017-01-15 10:50:31		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12292	2017-01-15 10:50:31		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2017-01-15 10:50:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x358 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:50:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x358 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:50:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2e9bb Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:50:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:50:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13824	2017-01-15 10:50:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1f0 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13826	2017-01-15 10:50:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x5f4 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 10:50:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x5f4 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 10:50:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x434 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 10:50:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x434 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2017-01-15 10:50:34		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x434 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2017-01-15 10:50:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5445b Linked Logon ID: 0x548c4 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x434 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-8V8TQ92 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:50:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x548c4 Linked Logon ID: 0x5445b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x434 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-8V8TQ92 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:50:34		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5445b Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 10:50:34		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x434 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2017-01-15 10:50:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x358 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:50:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x358 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:50:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:50:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 10:50:36		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1194 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2017-01-15 10:50:36		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1194 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	12290	2017-01-15 10:50:37		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 510a38ec-b74c-f087-969f-826bc0f2d9aa Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2017-01-15 10:50:37		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 510a38ec-b74c-f087-969f-826bc0f2d9aa Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2017-01-15 10:50:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x358 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:50:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12290	2017-01-15 10:50:38		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 510a38ec-b74c-f087-969f-826bc0f2d9aa Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2017-01-15 10:50:38		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 510a38ec-b74c-f087-969f-826bc0f2d9aa Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267 Operation: %%2458 Return Code: 0x0
Security	Audit Success	13826	2017-01-15 10:50:41		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x434 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 10:50:41		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x434 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13824	2017-01-15 10:51:59		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x548c4 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1e94 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Success	13824	2017-01-15 10:52:26		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x548c4 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1240 Process Name: C:\Windows\explorer.exe
Security	Audit Success	12290	2017-01-15 10:52:31		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2017-01-15 10:52:31		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\WINDOWS\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_4189c412-eeaf-4ea6-82d0-0f5f64531f8a Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2017-01-15 10:52:31		Microsoft-Windows-Security-Auditing	5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
Security	Audit Success	13824	2017-01-15 10:52:40		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x548c4 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1240 Process Name: C:\Windows\explorer.exe
Security	Audit Success	13824	2017-01-15 10:53:03		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x548c4 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1240 Process Name: C:\Windows\explorer.exe
Security	Audit Success	13824	2017-01-15 10:53:03		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x548c4 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1240 Process Name: C:\Windows\explorer.exe
Security	Audit Success	13824	2017-01-15 10:54:49		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x548c4 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x215c Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Success	13312	2017-01-15 10:57:08		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x238 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13573	2017-01-15 10:57:08		Microsoft-Windows-Security-Auditing	4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
Security	Audit Success	13312	2017-01-15 10:57:09		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x260 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x238 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:57:19		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2a8 New Process Name: ??????????????-??6??8?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x238 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:57:19		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2b0 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2a8 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:57:21		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x314 New Process Name: ??????????????-??6??8?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x238 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:57:21		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x31c New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2a8 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:57:21		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x324 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x314 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	12288	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x368 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x368 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3cc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x13cf6 Linked Logon ID: 0x13d18 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3cc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x13d18 Linked Logon ID: 0x13cf6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3cc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x368 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x368 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x368 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x13cf6 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x13d18 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12548	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13312	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x368 New Process Name: ????????????????-??6??c?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x31c Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x378 New Process Name: ????????????????-??6??c?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x31c Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x388 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x31c Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13568	2017-01-15 10:57:22		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xceea
Security	Audit Success	101	2017-01-15 10:57:23		Microsoft-Windows-Eventlog	1101: Audit events have been dropped by the transport. 0
Security	Audit Success	12292	2017-01-15 10:57:23		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12544	2017-01-15 10:57:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x368 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:57:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x368 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:57:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x368 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:57:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x368 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:57:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:57:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:57:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:57:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 10:57:23		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x618 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 10:57:23		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x618 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12292	2017-01-15 10:57:24		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2017-01-15 10:57:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2d45a Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:57:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x368 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:57:24		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13824	2017-01-15 10:57:24		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x40c Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13826	2017-01-15 10:57:24		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x44c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 10:57:24		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x44c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 10:57:25		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xf6c Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2017-01-15 10:57:25		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xf6c Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	12544	2017-01-15 10:57:27		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x44c Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2017-01-15 10:57:27		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da Linked Logon ID: 0x71b54 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x44c Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-8V8TQ92 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:57:27		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 Linked Logon ID: 0x716da Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x44c Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-8V8TQ92 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:57:27		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 10:57:27		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x44c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2017-01-15 10:57:28		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x368 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:57:28		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 10:57:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x368 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:57:32		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 10:57:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x368 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:57:38		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 10:57:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x44c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 10:57:38		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x44c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13824	2017-01-15 10:57:39		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: Administrator Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-15 10:57:39		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1374 Process Name: C:\Windows\explorer.exe
Security	Audit Success	13824	2017-01-15 10:57:39		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1374 Process Name: C:\Windows\explorer.exe
Security	Audit Success	13824	2017-01-15 10:57:46		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1dd0 Process Name: C:\Windows\System32\dllhost.exe
Security	Audit Success	13824	2017-01-15 10:57:46		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1dd0 Process Name: C:\Windows\System32\dllhost.exe
Security	Audit Success	13824	2017-01-15 10:57:48		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-500 Account Name: Administrator Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:57:48		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-503 Account Name: DefaultAccount Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:57:48		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:57:48		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:57:48		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-1002 Account Name: postgres Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:57:48		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-500 Account Name: Administrator Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:57:48		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-503 Account Name: DefaultAccount Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:57:48		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:57:48		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:57:48		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-1002 Account Name: postgres Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	12544	2017-01-15 10:57:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x368 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 10:57:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x368 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 10:57:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 10:57:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 10:57:52		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1e80 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 10:57:52		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1e80 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 10:57:52		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1e80 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 10:57:52		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1e80 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 10:57:52		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1e80 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 10:57:52		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1e80 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 10:57:52		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1e80 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 10:57:52		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1e80 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13568	2017-01-15 10:57:53		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1e80 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x1bbb0a
Security	Audit Success	13568	2017-01-15 10:57:53		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1e80 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x1bbb0a
Security	Audit Success	13824	2017-01-15 10:57:59		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-500 Account Name: Administrator Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:57:59		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-503 Account Name: DefaultAccount Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:57:59		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:57:59		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:57:59		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-1002 Account Name: postgres Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:58:20		Microsoft-Windows-Security-Auditing	4720: A user account was created. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da New Account: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Attributes: SAM Account Name: Draku Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x15 User Account Control: %%2080 %%2082 %%2084 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges -
Security	Audit Success	13824	2017-01-15 10:58:20		Microsoft-Windows-Security-Auditing	4722: A user account was enabled. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da Target Account: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-15 10:58:20		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da Target Account: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Changed Attributes: SAM Account Name: Draku Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x15 New UAC Value: 0x14 User Account Control: %%2048 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2017-01-15 10:58:20		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da Target Account: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Changed Attributes: SAM Account Name: Draku Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 1/15/2017 10:58:20 AM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x14 New UAC Value: 0x14 User Account Control: - User Parameters: - SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2017-01-15 10:58:20		Microsoft-Windows-Security-Auditing	4724: An attempt was made to reset an account's password. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da Target Account: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-15 10:58:20		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da Target Account: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Changed Attributes: SAM Account Name: - Display Name: - User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2017-01-15 10:58:20		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da Target Account: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Changed Attributes: SAM Account Name: Draku Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 1/15/2017 10:58:20 AM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x14 New UAC Value: 0x214 User Account Control: %%2089 User Parameters: - SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2017-01-15 10:58:20		Microsoft-Windows-Security-Auditing	4724: An attempt was made to reset an account's password. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da Target Account: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-15 10:58:20		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-500 Account Name: Administrator Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:58:20		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-503 Account Name: DefaultAccount Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:58:20		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:58:20		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:58:20		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:58:20		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-1002 Account Name: postgres Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13826	2017-01-15 10:58:20		Microsoft-Windows-Security-Auditing	4728: A member was added to a security-enabled global group. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da Member: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: - Group: Security ID: S-1-5-21-5413862-739192754-441069123-513 Group Name: None Group Domain: DESKTOP-8V8TQ92 Additional Information: Privileges: - Expiration time: (null)
Security	Audit Success	13826	2017-01-15 10:58:20		Microsoft-Windows-Security-Auditing	4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da Member: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: - Expiration time: (null)
Security	Audit Success	13824	2017-01-15 10:58:26		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1584 Process Name: C:\Windows\System32\SystemSettingsAdminFlows.exe
Security	Audit Success	13824	2017-01-15 10:58:26		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1584 Process Name: C:\Windows\System32\SystemSettingsAdminFlows.exe
Security	Audit Success	13824	2017-01-15 10:58:26		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1584 Process Name: C:\Windows\System32\SystemSettingsAdminFlows.exe
Security	Audit Success	13824	2017-01-15 10:58:29		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-500 Account Name: Administrator Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:58:29		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-503 Account Name: DefaultAccount Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:58:29		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:58:29		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:58:29		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13824	2017-01-15 10:58:29		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-1002 Account Name: postgres Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1c94 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Security	Audit Success	13826	2017-01-15 10:58:29		Microsoft-Windows-Security-Auditing	4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da Member: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: - Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Additional Information: Privileges: - Expiration time: (null)
Security	Audit Success	12290	2017-01-15 10:58:35		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2017-01-15 10:58:35		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\WINDOWS\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_4189c412-eeaf-4ea6-82d0-0f5f64531f8a Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2017-01-15 10:58:35		Microsoft-Windows-Security-Auditing	5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
Security	Audit Success	13824	2017-01-15 10:58:57		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1374 Process Name: C:\Windows\explorer.exe
Security	Audit Success	13824	2017-01-15 10:58:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: Administrator Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-15 10:58:57		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1374 Process Name: C:\Windows\explorer.exe
Security	Audit Success	13824	2017-01-15 10:58:57		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1374 Process Name: C:\Windows\explorer.exe
Security	Audit Success	13824	2017-01-15 10:59:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1dd0 Process Name: C:\Windows\System32\dllhost.exe
Security	Audit Success	13824	2017-01-15 10:59:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1dd0 Process Name: C:\Windows\System32\dllhost.exe
Security	Audit Success	13824	2017-01-15 10:59:06		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x716da User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1dd0 Process Name: C:\Windows\System32\dllhost.exe
Security	Audit Success	13824	2017-01-15 10:59:55		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x71b54 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1704 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Success	13826	2017-01-15 11:03:25		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x44c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 11:03:25		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x44c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2017-01-15 11:04:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x368 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 11:04:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 11:04:37		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1894 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2017-01-15 11:04:37		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1894 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	12544	2017-01-15 11:06:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x368 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 11:06:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13312	2017-01-15 11:09:17		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x238 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13573	2017-01-15 11:09:17		Microsoft-Windows-Security-Auditing	4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
Security	Audit Success	13312	2017-01-15 11:09:18		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x254 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x238 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 11:09:19		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x284 New Process Name: ??????????????-??6??8?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x238 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 11:09:19		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x290 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	12288	2017-01-15 11:09:21		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2017-01-15 11:09:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	13312	2017-01-15 11:09:21		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2fc New Process Name: ??????????????-??6??8?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x238 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 11:09:21		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x304 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 11:09:21		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x30c New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2fc Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 11:09:21		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x350 New Process Name: ????????????????-??6??4?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x304 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 11:09:21		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x360 New Process Name: ????????????????-??6??4?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x304 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-15 11:09:21		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x370 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x304 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	101	2017-01-15 11:09:22		Microsoft-Windows-Eventlog	1101: Audit events have been dropped by the transport. 0
Security	Audit Success	12544	2017-01-15 11:09:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 11:09:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 11:09:22		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2017-01-15 11:09:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11650 Linked Logon ID: 0x11678 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 11:09:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11678 Linked Logon ID: 0x11650 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 11:09:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 11:09:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 11:09:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 11:09:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 11:09:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 11:09:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11650 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 11:09:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11678 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12548	2017-01-15 11:09:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 11:09:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 11:09:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13568	2017-01-15 11:09:22		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xaa9e
Security	Audit Success	12292	2017-01-15 11:09:23		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12544	2017-01-15 11:09:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 11:09:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 11:09:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 11:09:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 11:09:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 11:09:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 11:09:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 11:09:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 11:09:23		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x5f4 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 11:09:23		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x5f4 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12292	2017-01-15 11:09:24		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2017-01-15 11:09:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2b207 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 11:09:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 11:09:24		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13824	2017-01-15 11:09:24		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2017-01-15 11:09:24		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13826	2017-01-15 11:09:24		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 11:09:24		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 11:09:25		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xe5c Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2017-01-15 11:09:25		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xe5c Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	12544	2017-01-15 11:09:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 11:09:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 11:09:34		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2017-01-15 11:09:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8235 Linked Logon ID: 0xa8300 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-8V8TQ92 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 11:09:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8300 Linked Logon ID: 0xa8235 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-8V8TQ92 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 11:09:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 11:09:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 11:09:34		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8235 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 11:09:34		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 11:09:34		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 11:09:34		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x7a8 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 11:09:34		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x7a8 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 11:09:34		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x7a8 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 11:09:34		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x7a8 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 11:09:34		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x7a8 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 11:09:34		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x7a8 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 11:09:34		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x7a8 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 11:09:34		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x7a8 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	12544	2017-01-15 11:09:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 11:09:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 11:09:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 11:09:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 11:09:35		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13568	2017-01-15 11:09:36		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x7a8 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xc5c4d
Security	Audit Success	13568	2017-01-15 11:09:36		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x7a8 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xc5c4d
Security	Audit Success	13826	2017-01-15 11:10:32		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 11:10:32		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13568	2017-01-15 11:11:39		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x7a8 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x2bae17
Security	Audit Success	13568	2017-01-15 11:11:39		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x7a8 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x2bae17
Security	Audit Success	12544	2017-01-15 11:11:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 11:11:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13568	2017-01-15 11:11:41		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x7a8 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x2d7c11
Security	Audit Success	13568	2017-01-15 11:11:41		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x7a8 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x2d7c11
Security	Audit Success	12290	2017-01-15 11:11:43		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 510a38ec-b74c-f087-969f-826bc0f2d9aa Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2017-01-15 11:11:43		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 510a38ec-b74c-f087-969f-826bc0f2d9aa Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12290	2017-01-15 11:11:44		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2017-01-15 11:11:44		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\WINDOWS\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_4189c412-eeaf-4ea6-82d0-0f5f64531f8a Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2017-01-15 11:11:44		Microsoft-Windows-Security-Auditing	5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
Security	Audit Success	13568	2017-01-15 11:11:53		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x7a8 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x3b45a4
Security	Audit Success	13568	2017-01-15 11:11:53		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x7a8 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x3b45a4
Security	Audit Success	13824	2017-01-15 11:11:57		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8300 User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x18ac Process Name: C:\Windows\System32\SettingSyncHost.exe
Security	Audit Success	13824	2017-01-15 11:11:57		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8300 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x18ac Process Name: C:\Windows\System32\SettingSyncHost.exe
Security	Audit Success	13824	2017-01-15 11:11:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8300 Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: Administrator Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-15 11:11:57		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8300 User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x18ac Process Name: C:\Windows\System32\SettingSyncHost.exe
Security	Audit Success	13824	2017-01-15 11:11:57		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8300 User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x18ac Process Name: C:\Windows\System32\SettingSyncHost.exe
Security	Audit Success	13824	2017-01-15 11:11:57		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8300 User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x18ac Process Name: C:\Windows\System32\SettingSyncHost.exe
Security	Audit Success	13824	2017-01-15 11:11:57		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8300 User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x18ac Process Name: C:\Windows\System32\SettingSyncHost.exe
Security	Audit Success	13824	2017-01-15 11:12:45		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8300 User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x2320 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Success	13824	2017-01-15 11:14:01		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8300 Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: Administrator Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-15 11:14:01		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8300 Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-15 11:14:01		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8300 Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: Guest Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-15 11:14:01		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8300 Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: Oscar Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-15 11:14:01		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8300 Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: postgres Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13826	2017-01-15 11:18:07		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-15 11:18:07		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2017-01-15 11:19:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 11:19:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13824	2017-01-15 11:20:40		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8300 User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x2678 Process Name: C:\Users\Draku\AppData\Local\CocCoc\Browser\Application\browser.exe
Security	Audit Success	12544	2017-01-15 11:22:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 11:22:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 11:22:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2a6c Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2017-01-15 11:22:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2a6c Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	12544	2017-01-15 11:23:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 11:23:34		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 11:23:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 11:23:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 11:26:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 11:26:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 11:26:06		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 11:26:06		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 11:26:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x99c Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 11:26:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x99c Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 11:26:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x99c Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 11:26:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x99c Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 11:26:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x99c Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 11:26:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x99c Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 11:26:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x99c Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 11:26:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x99c Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13568	2017-01-15 11:26:07		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x99c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x982e9e
Security	Audit Success	13568	2017-01-15 11:26:07		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x99c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x982e9e
Security	Audit Success	13568	2017-01-15 11:26:08		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x99c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x98db10
Security	Audit Success	13568	2017-01-15 11:26:08		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x99c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x98db10
Security	Audit Success	13568	2017-01-15 11:26:09		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x99c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x997d5f
Security	Audit Success	13568	2017-01-15 11:26:09		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x99c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x997d5f
Security	Audit Success	12544	2017-01-15 11:27:28		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 11:27:28		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13568	2017-01-15 11:27:47		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x99c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xb6ae76
Security	Audit Success	13568	2017-01-15 11:27:47		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x99c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xb6ae76
Security	Audit Success	12544	2017-01-15 11:43:08		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 11:43:08		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 12:09:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 12:09:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 12:12:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 12:12:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 12:12:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 12:12:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 12:12:48		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2610 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 12:12:48		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2610 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 12:12:48		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2610 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 12:12:48		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2610 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 12:12:48		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2610 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 12:12:48		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2610 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 12:12:48		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2610 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 12:12:48		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2610 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13568	2017-01-15 12:12:49		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x2610 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x13f3199
Security	Audit Success	13568	2017-01-15 12:12:49		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x2610 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x13f3199
Security	Audit Success	12544	2017-01-15 12:24:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 12:24:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 13:09:28		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 13:09:28		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 13:21:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 13:21:21		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 13:30:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 13:30:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 13:49:27		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 13:49:27		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 14:17:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 14:17:24		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 14:29:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 14:29:55		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 14:36:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 14:36:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 14:57:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 14:57:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 15:23:28		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 15:23:28		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 15:54:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 15:54:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 16:01:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 16:01:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 16:10:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 16:10:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 16:22:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 16:22:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 16:59:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 16:59:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 17:10:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 17:10:26		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 17:18:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 17:18:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 17:38:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 17:38:10		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 18:08:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 18:08:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 19:09:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 19:09:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 19:29:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 19:29:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 19:37:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 19:37:10		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 19:43:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 19:43:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 19:50:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 19:50:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 21:09:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 21:09:55		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-15 23:09:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 23:09:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12545	2017-01-15 23:36:50		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0xa8300 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12544	2017-01-15 23:36:51		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-2 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0xda8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2017-01-15 23:36:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x227a45c Linked Logon ID: 0x227a472 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xda8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 23:36:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x227a472 Linked Logon ID: 0x227a45c Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xda8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2017-01-15 23:36:51		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11678 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2017-01-15 23:36:51		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11650 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2017-01-15 23:36:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x227a45c Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 23:36:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x227a472 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12544	2017-01-15 23:36:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-15 23:36:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-15 23:36:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-15 23:36:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-15 23:36:54		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 23:36:54		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 23:36:54		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 23:36:54		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 23:36:54		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 23:36:54		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 23:36:54		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-15 23:36:54		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13824	2017-01-16 20:10:58		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1208 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2017-01-16 20:10:58		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1208 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13568	2017-01-16 20:10:59		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x229c08a
Security	Audit Success	13568	2017-01-16 20:10:59		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x229c08a
Security	Audit Success	12544	2017-01-16 20:11:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-16 20:11:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-16 20:11:00		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-16 20:11:00		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-16 20:11:10		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2017-01-16 20:11:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x22f85c5 Linked Logon ID: 0x22f85fd Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-8V8TQ92 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-16 20:11:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x22f85fd Linked Logon ID: 0x22f85c5 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-8V8TQ92 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-16 20:11:10		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x22f85c5 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2017-01-16 20:11:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-16 20:11:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13568	2017-01-16 20:11:11		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x22fca81
Security	Audit Success	13568	2017-01-16 20:11:11		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x22fca81
Security	Audit Success	13826	2017-01-16 20:11:11		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13568	2017-01-16 20:11:21		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x23712bb
Security	Audit Success	13568	2017-01-16 20:11:21		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x23712bb
Security	Audit Success	12544	2017-01-16 20:11:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-16 20:11:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13568	2017-01-16 20:11:27		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x23bebda
Security	Audit Success	13568	2017-01-16 20:11:27		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x23bebda
Security	Audit Success	13568	2017-01-16 20:11:28		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x23c11a0
Security	Audit Success	13568	2017-01-16 20:11:28		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1008 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x23c11a0
Security	Audit Success	13824	2017-01-16 20:12:10		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x22f85fd User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x231c Process Name: C:\Users\Draku\AppData\Local\CocCoc\Browser\Application\browser.exe
Security	Audit Success	13824	2017-01-16 20:14:01		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xd24 Process Name: C:\Windows\System32\CompatTelRunner.exe
Security	Audit Success	12544	2017-01-16 20:14:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-16 20:14:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13824	2017-01-16 20:16:16		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x22f85fd User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x160c Process Name: C:\Users\Draku\AppData\Local\CocCoc\Browser\Application\browser.exe
Security	Audit Success	12544	2017-01-16 20:40:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-16 20:40:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13824	2017-01-16 20:46:12		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x22f85fd Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: Administrator Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-16 20:46:12		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x22f85fd Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-16 20:46:12		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x22f85fd Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: Guest Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-16 20:46:12		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x22f85fd Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: Oscar Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-16 20:46:12		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x22f85fd Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: postgres Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	12544	2017-01-16 20:46:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-16 20:46:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13824	2017-01-16 20:49:15		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x22f85fd User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x27e8 Process Name: C:\Program Files\WinRAR\WinRAR.exe
Security	Audit Success	12544	2017-01-16 21:06:36		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-16 21:06:36		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13824	2017-01-16 21:07:42		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x22f85c5 User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x134c Process Name: C:\Program Files (x86)\R-Drive Image\R-DriveImage.exe
Security	Audit Success	12544	2017-01-16 21:07:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-16 21:07:55		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-16 21:08:08		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-16 21:08:08		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-16 21:08:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-16 21:08:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13824	2017-01-16 21:09:00		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x22f85c5 User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x2b40 Process Name: C:\Program Files (x86)\R-Drive Image\R-DriveImage.exe
Security	Audit Success	12544	2017-01-16 22:58:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-16 22:58:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	103	2017-01-16 23:18:30		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12545	2017-01-16 23:18:30		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x22f85fd This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	13312	2017-01-16 23:26:11		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x234 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13573	2017-01-16 23:26:11		Microsoft-Windows-Security-Auditing	4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
Security	Audit Success	13312	2017-01-16 23:26:12		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x250 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x234 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-16 23:26:13		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x284 New Process Name: ??????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x234 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-16 23:26:13		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x28c New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	12288	2017-01-16 23:26:15		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2017-01-16 23:26:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-16 23:26:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-16 23:26:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-16 23:26:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-16 23:26:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	13312	2017-01-16 23:26:15		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2f8 New Process Name: ??????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x234 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-16 23:26:15		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x300 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-16 23:26:15		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x308 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2f8 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-16 23:26:15		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x34c New Process Name: ????????????????-??6??0?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x300 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-16 23:26:15		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x354 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x300 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13568	2017-01-16 23:26:15		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa891
Security	Audit Success	12292	2017-01-16 23:26:16		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12544	2017-01-16 23:26:16		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2017-01-16 23:26:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11365 Linked Logon ID: 0x11382 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-16 23:26:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11382 Linked Logon ID: 0x11365 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-16 23:26:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-16 23:26:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-16 23:26:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-16 23:26:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-16 23:26:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-16 23:26:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11365 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-16 23:26:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11382 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12548	2017-01-16 23:26:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-16 23:26:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-16 23:26:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-16 23:26:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-16 23:26:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12292	2017-01-16 23:26:17		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2017-01-16 23:26:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-16 23:26:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x28312 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-16 23:26:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13824	2017-01-16 23:26:17		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x21c Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2017-01-16 23:26:17		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x21c Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13826	2017-01-16 23:26:17		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x61c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-16 23:26:17		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x61c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-16 23:26:17		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x41c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-16 23:26:17		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x41c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2017-01-16 23:26:19		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-16 23:26:19		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-16 23:26:23		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-2 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0xd10 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2017-01-16 23:26:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x608ba Linked Logon ID: 0x608de Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xd10 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-16 23:26:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x608de Linked Logon ID: 0x608ba Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xd10 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-16 23:26:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x608ba Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-16 23:26:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x608de Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	13824	2017-01-17 18:18:51		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xd58 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2017-01-17 18:18:51		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xd58 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	12544	2017-01-17 18:18:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-17 18:18:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12545	2017-01-17 18:18:53		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11382 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2017-01-17 18:18:53		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11365 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12544	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x41c Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x7ab64 Linked Logon ID: 0x7ac6b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x41c Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-8V8TQ92 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x7ac6b Linked Logon ID: 0x7ab64 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x41c Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-8V8TQ92 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x7ab64 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13568	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x4d0 Process Information: Process ID: 0xbb8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x500 Process Information: Process ID: 0xbb8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x510 Process Information: Process ID: 0xbb8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_macromed_flash_853cbcf10f17f618.cdf-ms Handle ID: 0x498 Process Information: Process ID: 0xbb8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x500 Process Information: Process ID: 0xbb8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_macromed_flash_5ff3bc7496f0271e.cdf-ms Handle ID: 0x510 Process Information: Process ID: 0xbb8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Macromed\Flash\activex.vch Handle ID: 0x498 Process Information: Process ID: 0xbb8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Macromed\Flash\Flash.ocx Handle ID: 0x500 Process Information: Process ID: 0xbb8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.dll Handle ID: 0x434 Process Information: Process ID: 0xbb8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe Handle ID: 0x510 Process Information: Process ID: 0xbb8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Macromed\Flash\activex.vch Handle ID: 0x4f0 Process Information: Process ID: 0xbb8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx Handle ID: 0x50c Process Information: Process ID: 0xbb8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil_ActiveX.dll Handle ID: 0x498 Process Information: Process ID: 0xbb8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil_ActiveX.exe Handle ID: 0x510 Process Information: Process ID: 0xbb8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13826	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x41c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xbbc Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xbbc Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xbbc Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xbbc Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xbbc Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-17 18:18:55		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xbbc Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	12544	2017-01-17 18:18:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-17 18:18:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-17 18:18:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-17 18:18:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-17 18:18:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xbbc Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-17 18:18:56		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xbbc Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-17 18:18:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x144c Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2017-01-17 18:18:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x144c Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2017-01-17 18:19:02		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x41c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-17 18:19:02		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x41c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13824	2017-01-17 18:19:12		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xd44 Process Name: C:\Windows\System32\CompatTelRunner.exe
Security	Audit Success	13824	2017-01-17 18:19:49		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x7ac6b User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1b70 Process Name: C:\Users\Draku\AppData\Local\CocCoc\Browser\Application\browser.exe
Security	Audit Success	12544	2017-01-17 18:20:28		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-17 18:20:28		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13824	2017-01-17 18:20:37		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x7ac6b User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1a64 Process Name: C:\Program Files\WinRAR\WinRAR.exe
Security	Audit Success	13824	2017-01-17 18:20:37		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x7ac6b Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: Administrator Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-17 18:20:37		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x7ac6b Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-17 18:20:37		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x7ac6b Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: Guest Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-17 18:20:37		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x7ac6b Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: Oscar Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	13824	2017-01-17 18:20:37		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x7ac6b Additional Information: Caller Workstation: DESKTOP-8V8TQ92 Target Account Name: postgres Target Account Domain: DESKTOP-8V8TQ92
Security	Audit Success	12290	2017-01-17 18:20:41		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2017-01-17 18:20:41		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\WINDOWS\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_4189c412-eeaf-4ea6-82d0-0f5f64531f8a Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2017-01-17 18:20:41		Microsoft-Windows-Security-Auditing	5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
Security	Audit Success	12544	2017-01-17 18:21:42		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-17 18:21:42		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-17 18:22:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-17 18:22:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-17 18:22:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-17 18:22:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-17 19:08:49		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-17 19:08:49		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1f30 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1f30 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1f30 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1f30 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1f30 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1f30 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1f30 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-17 22:27:50		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1f30 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-17 22:28:05		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x41c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-17 22:28:05		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x41c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2017-01-17 22:28:08		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-17 22:28:08		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12545	2017-01-17 22:28:09		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x7ac6b This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	103	2017-01-17 22:28:11		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	13312	2017-01-18 15:05:48		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x234 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13573	2017-01-18 15:05:48		Microsoft-Windows-Security-Auditing	4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
Security	Audit Success	13312	2017-01-18 15:05:49		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x250 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x234 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-18 15:05:49		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x284 New Process Name: ??????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x234 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-18 15:05:49		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x290 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-18 15:05:51		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2fc New Process Name: ??????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x234 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-18 15:05:51		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x304 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-18 15:05:51		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x30c New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2fc Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	12288	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3a4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x110fc Linked Logon ID: 0x1111d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3a4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1111d Linked Logon ID: 0x110fc Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3a4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x110fc Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1111d Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12548	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13312	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x350 New Process Name: ????????????????-??6??4?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x304 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x358 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x304 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13568	2017-01-18 15:05:52		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa73b
Security	Audit Success	12292	2017-01-18 15:05:53		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12544	2017-01-18 15:05:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 15:05:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 15:05:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 15:05:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x27be5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-18 15:05:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-18 15:05:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-18 15:05:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-18 15:05:53		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x61c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-18 15:05:53		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x61c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-18 15:05:53		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-18 15:05:53		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12292	2017-01-18 15:05:54		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2017-01-18 15:05:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-18 15:05:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13824	2017-01-18 15:05:54		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2017-01-18 15:05:54		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	12544	2017-01-18 15:06:12		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2017-01-18 15:06:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Linked Logon ID: 0x54585 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-8V8TQ92 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 15:06:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x54585 Linked Logon ID: 0x5454c Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-8V8TQ92 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-18 15:06:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2017-01-18 15:06:12		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2017-01-18 15:06:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 15:06:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-18 15:06:13		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-18 15:06:13		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-18 15:06:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1098 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2017-01-18 15:06:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1098 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2017-01-18 15:06:17		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2017-01-18 15:06:17		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12290	2017-01-18 15:06:58		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2017-01-18 15:06:58		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\WINDOWS\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_4189c412-eeaf-4ea6-82d0-0f5f64531f8a Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2017-01-18 15:06:58		Microsoft-Windows-Security-Auditing	5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
Security	Audit Success	13824	2017-01-18 15:08:37		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x54585 User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x163c Process Name: C:\Users\Draku\AppData\Local\CocCoc\Browser\Application\browser.exe
Security	Audit Success	12544	2017-01-18 15:08:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-18 15:08:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13824	2017-01-18 15:08:58		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1cdc Process Name: C:\Windows\System32\CompatTelRunner.exe
Security	Audit Success	12544	2017-01-18 15:08:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-18 15:08:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-18 15:17:33		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-18 15:17:33		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-18 15:20:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 15:20:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-18 15:20:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-18 15:20:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-18 15:20:03		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xbc4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 15:20:03		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xbc4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 15:20:03		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xbc4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 15:20:03		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xbc4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 15:20:03		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xbc4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 15:20:03		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xbc4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 15:20:03		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xbc4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 15:20:03		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xbc4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	12544	2017-01-18 15:33:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-18 15:33:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-18 16:47:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-18 16:47:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-18 16:47:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 16:47:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 16:47:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 16:47:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-18 16:47:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-18 16:47:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-18 16:47:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-18 16:47:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-18 16:47:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x154c Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 16:47:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x154c Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 16:47:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x154c Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 16:47:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x154c Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 16:47:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x154c Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 16:47:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x154c Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 16:47:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x154c Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 16:47:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x154c Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	12544	2017-01-18 16:59:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-18 16:59:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-18 17:14:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 17:14:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-18 17:14:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12548	2017-01-18 17:14:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13826	2017-01-18 17:14:17		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x18b4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 17:14:17		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x18b4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 17:14:17		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x18b4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 17:14:17		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x18b4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 17:14:17		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x18b4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 17:14:17		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x18b4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 17:14:17		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x18b4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2017-01-18 17:14:17		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x18b4 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	12544	2017-01-18 17:15:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-18 17:15:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	12544	2017-01-18 17:16:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-18 17:16:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13824	2017-01-18 17:16:50		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x54585 User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0x1f84 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Success	12544	2017-01-18 17:56:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8554fe Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: IOQFTSTKCCC7RO4 Source Network Address: 192.168.1.199 Source Port: 49162 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 17:56:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x85551f Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: IOQFTSTKCCC7RO4 Source Network Address: 192.168.1.199 Source Port: 49163 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2017-01-18 17:56:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x85553d Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: IOQFTSTKCCC7RO4 Source Network Address: 192.168.1.199 Source Port: 49164 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2017-01-18 17:56:06		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8554fe Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2017-01-18 17:56:06		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x85553d Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2017-01-18 17:56:17		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x85551f Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12544	2017-01-18 17:57:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-8V8TQ92$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2017-01-18 17:57:47		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-500 Account Name: Administrator Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-503 Account Name: DefaultAccount Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1002 Account Name: postgres Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-500 Account Name: Administrator Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-503 Account Name: DefaultAccount Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1002 Account Name: postgres Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-500 Account Name: Administrator Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-500 Account Name: Administrator Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-503 Account Name: DefaultAccount Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-503 Account Name: DefaultAccount Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1002 Account Name: postgres Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1002 Account Name: postgres Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-500 Account Name: Administrator Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-500 Account Name: Administrator Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-503 Account Name: DefaultAccount Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-503 Account Name: DefaultAccount Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1002 Account Name: postgres Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1002 Account Name: postgres Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-500 Account Name: Administrator Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-500 Account Name: Administrator Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-501 Account Name: Guest Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-503 Account Name: DefaultAccount Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-503 Account Name: DefaultAccount Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1001 Account Name: Oscar Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1002 Account Name: postgres Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1002 Account Name: postgres Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13824	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c User: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-579 Group Name: Access Control Assistance Operators Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-569 Group Name: Cryptographic Operators Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-578 Group Name: Hyper-V Administrators Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-556 Group Name: Network Configuration Operators Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-547 Group Name: Power Users Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-555 Group Name: Remote Desktop Users Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-552 Group Name: Replicator Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
Security	Audit Success	13826	2017-01-18 17:58:18		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-5413862-739192754-441069123-1003 Account Name: Draku Account Domain: DESKTOP-8V8TQ92 Logon ID: 0x5454c Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0xfcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
System	Error	None	2017-01-15 10:36:37	SYSTEM	Microsoft-Windows-Kernel-Boot	29: The system cannot write to the specified device.
System	Warning	None	2017-01-15 10:36:39	SYSTEM	Microsoft-Windows-Ntfs	98:
System	Error	None	2017-01-15 10:36:42	SYSTEM	Microsoft-Windows-Ntfs	98:
System	Warning	None	2017-01-15 10:36:42	SYSTEM	Microsoft-Windows-Ntfs	98:
System	Error	None	2017-01-15 10:36:52		EventLog	6008: The previous system shutdown at 4:21:57 PM on ?11/?24/?2016 was unexpected.
System	Warning	None	2017-01-15 10:36:52		Service Control Manager	7039: A service process other than the one launched by the Service Control Manager connected when starting the iThemes5 service. The Service Control Manager launched process 1632 and process 1668 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
System	Error	None	2017-01-15 10:36:53		Service Control Manager	7000: The Quoteex service failed to start due to the following error: %%2
System	Warning	None	2017-01-15 10:37:00	SYSTEM	Microsoft-Windows-Wininit	11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571 for more information.
System	Error	None	2017-01-15 10:37:07	NETWORK SERVICE	DCOM	10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
System	Error	None	2017-01-15 10:47:24		Service Control Manager	7006: The ScRegSetValueExW call failed for FailureActions with the following error: %%5
System	Warning	None	2017-01-15 10:50:11	SYSTEM	Microsoft-Windows-Ntfs	98:
System	Error	None	2017-01-15 10:50:21	SYSTEM	Microsoft-Windows-Ntfs	98:
System	Warning	None	2017-01-15 10:50:21	SYSTEM	Microsoft-Windows-Ntfs	98:
System	Warning	None	2017-01-15 10:50:30		Service Control Manager	7039: A service process other than the one launched by the Service Control Manager connected when starting the iThemes5 service. The Service Control Manager launched process 1752 and process 1788 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
System	Warning	212	2017-01-15 10:50:30	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_Kingston&Prod_DataTraveler_3.0&Rev_PMAP#D067E51599A7B03106085116&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.
System	Error	None	2017-01-15 10:50:31		Service Control Manager	7000: The Quoteex service failed to start due to the following error: %%2
System	Error	None	2017-01-15 10:50:37	NETWORK SERVICE	DCOM	10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
System	Warning	None	2017-01-15 10:50:39	SYSTEM	Microsoft-Windows-Wininit	11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571 for more information.
System	Error	None	2017-01-15 10:51:14		Service Control Manager	7034: The iThemes5 service terminated unexpectedly. It has done this 1 time(s).
System	Error	None	2017-01-15 10:57:22		EventLog	6008: The previous system shutdown at 10:50:30 AM on ?1/?15/?2017 was unexpected.
System	Warning	None	2017-01-15 11:09:08	SYSTEM	Microsoft-Windows-Ntfs	98:
System	Warning	None	2017-01-15 11:09:18	SYSTEM	Microsoft-Windows-Ntfs	98:
System	Error	None	2017-01-15 11:09:22		EventLog	6008: The previous system shutdown at 10:57:22 AM on ?1/?15/?2017 was unexpected.
System	Error	None	2017-01-15 11:09:22		Service Control Manager	7003: The Themes service depends on the following service: iThemes5. This service might not be installed.
System	Error	None	2017-01-15 11:09:23		BugCheck	1001: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000109 (0xa39fe95eb952482b, 0x0000000000000000, 0x0000000000000000, 0x0000000000000108). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 6b592149-346c-4f5d-bec2-20ea14a111e7.
System	Error	None	2017-01-15 11:09:23		Service Control Manager	7000: The Quoteex service failed to start due to the following error: %%2
System	Error	None	2017-01-15 11:09:25	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. The exact nature of the corruption is unknown. The file system structures need to be scanned online.
System	Warning	None	2017-01-15 11:09:31	SYSTEM	Microsoft-Windows-Wininit	11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571 for more information.
System	Error	None	2017-01-15 11:09:33	NETWORK SERVICE	DCOM	10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
System	Error	None	2017-01-15 11:09:34	SYSTEM	Ntfs	131: The file system structure on volume C: cannot be corrected. Please run the chkdsk utility on the volume C:.
System	Error	None	2017-01-15 11:09:34	SYSTEM	Ntfs	131: The file system structure on volume C: cannot be corrected. Please run the chkdsk utility on the volume C:.
System	Error	None	2017-01-15 11:09:34	SYSTEM	Ntfs	131: The file system structure on volume C: cannot be corrected. Please run the chkdsk utility on the volume C:.
System	Error	None	2017-01-15 11:09:34	SYSTEM	Ntfs	131: The file system structure on volume C: cannot be corrected. Please run the chkdsk utility on the volume C:.
System	Error	None	2017-01-15 11:09:34	SYSTEM	Ntfs	131: The file system structure on volume C: cannot be corrected. Please run the chkdsk utility on the volume C:.
System	Warning	None	2017-01-15 11:09:34	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Warning	None	2017-01-15 11:09:34	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Warning	None	2017-01-15 11:09:34	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Warning	None	2017-01-15 11:09:34	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Warning	None	2017-01-15 11:09:34	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Warning	None	2017-01-15 11:09:34	SYSTEM	Ntfs	132: Too many repair events have occurred in a short period of time. Temporarily suspending posting of further repair events.
System	Error	None	2017-01-15 11:09:36	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0xa000000009b12. The name of the file is "<unable to determine file name>".
System	Error	None	2017-01-15 11:09:36	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0xd000000009d8a. The name of the file is "<unable to determine file name>".
System	Error	None	2017-01-15 11:09:36	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0xe000000009d9f. The name of the file is "<unable to determine file name>".
System	Error	None	2017-01-15 11:09:36	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x9000000009da0. The name of the file is "<unable to determine file name>".
System	Error	None	2017-01-15 11:09:36	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1d000000009da2. The name of the file is "<unable to determine file name>".
System	Error	None	2017-01-15 11:11:36	SYSTEM	DCOM	10010: The server {B8FC52F5-CB03-4E10-8BCB-E3EC794C54A5} did not register with DCOM within the required timeout.
System	Warning	None	2017-01-15 11:11:38	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Error	None	2017-01-15 11:11:39	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x10000000134b4. The name of the file is "\Program Files\WindowsApps\Microsoft.WindowsMaps_4.1509.50911.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\MapsSmallTile.scale-100.png".
System	Warning	None	2017-01-15 11:11:40	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Error	None	2017-01-15 11:11:41	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x10000000134ca. The name of the file is "\Program Files\WindowsApps\Microsoft.WindowsMaps_4.1509.50911.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\MapsWideTile.scale-100.png".
System	Error	None	2017-01-15 11:11:42	Draku	DCOM	10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E} and APPID {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E} to the user DESKTOP-8V8TQ92\Draku SID (S-1-5-21-5413862-739192754-441069123-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.14393.447_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
System	Error	None	2017-01-15 11:18:54	Draku	DCOM	10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user DESKTOP-8V8TQ92\Draku SID (S-1-5-21-5413862-739192754-441069123-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.
System	Warning	None	2017-01-15 12:09:08		disk	52: The driver has detected that device \Device\Harddisk0\DR0 has predicted that it will fail. Immediately back up your data and replace your hard disk drive. A failure may be imminent.
System	Error	None	2017-01-15 12:12:48	SYSTEM	Ntfs	131: The file system structure on volume C: cannot be corrected. Please run the chkdsk utility on the volume C:.
System	Warning	None	2017-01-15 12:12:52	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Error	None	2017-01-15 13:16:54		bowser	8003: The master browser has received a server announcement from the computer IOQFTSTKCCC7RO4 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A2A24C2B-0EF7-4193-83E2-A87EE803825C}. The master browser is stopping or an election is being forced.
System	Error	None	2017-01-15 13:28:56		bowser	8003: The master browser has received a server announcement from the computer IOQFTSTKCCC7RO4 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A2A24C2B-0EF7-4193-83E2-A87EE803825C}. The master browser is stopping or an election is being forced.
System	Warning	1014	2017-01-15 13:33:53	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name arc.msn.com timed out after none of the configured DNS servers responded.
System	Error	None	2017-01-15 13:40:54		bowser	8003: The master browser has received a server announcement from the computer IOQFTSTKCCC7RO4 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A2A24C2B-0EF7-4193-83E2-A87EE803825C}. The master browser is stopping or an election is being forced.
System	Error	None	2017-01-15 22:22:59		bowser	8003: The master browser has received a server announcement from the computer IOQFTSTKCCC7RO4 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A2A24C2B-0EF7-4193-83E2-A87EE803825C}. The master browser is stopping or an election is being forced.
System	Warning	None	2017-01-16 20:10:59	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Error	None	2017-01-16 20:11:00	SYSTEM	Microsoft-Windows-Ntfs	98:
System	Warning	None	2017-01-16 20:11:00	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Warning	None	2017-01-16 20:11:02	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Warning	None	2017-01-16 20:11:04	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Warning	None	2017-01-16 20:11:04	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Warning	None	2017-01-16 20:11:04	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Warning	None	2017-01-16 20:11:04	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Warning	None	2017-01-16 20:11:04	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Warning	None	2017-01-16 20:11:04	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Warning	None	2017-01-16 20:11:04	SYSTEM	Ntfs	130: The file system structure on volume C: has now been repaired.
System	Warning	None	2017-01-16 20:11:04	SYSTEM	Ntfs	132: Too many repair events have occurred in a short period of time. Temporarily suspending posting of further repair events.
System	Error	None	2017-01-16 20:11:11	SYSTEM	Microsoft-Windows-Kernel-General	5: Access is denied.
System	Error	None	2017-01-16 20:11:22	SYSTEM	Microsoft-Windows-Ntfs	98:
System	Error	None	2017-01-16 20:11:23		volsnap	23: There was insufficient disk space on volume \\?\Volume{9f491023-0000-0000-0000-100000000000} to create the shadow copy of volume F:. Shadow copy storage creation failed.
System	Error	None	2017-01-16 20:11:23	SYSTEM	Microsoft-Windows-Ntfs	98:
System	Error	None	2017-01-16 20:11:27	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x3000000041cf6. The name of the file is "\Program Files\WindowsApps\Deleted\Microsoft.WindowsMaps_5.1609.2651.0_neutral_split.scale-100_8wekyb3d8bbweaf05a952-7fc1-42fd-93b5-7e5db3a2ea96\Assets\Images\Ratings". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
System	Error	None	2017-01-16 20:11:27	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x3000000041cf9. The name of the file is "\Program Files\WindowsApps\Deleted\Microsoft.WindowsMaps_5.1609.2651.0_neutral_split.scale-100_8wekyb3d8bbweaf05a952-7fc1-42fd-93b5-7e5db3a2ea96\Assets\SecondaryTiles\Car\LTR". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
System	Error	None	2017-01-16 20:11:27	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x3000000041cfc. The name of the file is "\Program Files\WindowsApps\Deleted\Microsoft.WindowsMaps_5.1609.2651.0_neutral_split.scale-100_8wekyb3d8bbweaf05a952-7fc1-42fd-93b5-7e5db3a2ea96\Assets\SecondaryTiles\Car\RTL". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
System	Error	None	2017-01-16 20:11:27	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x3000000041d01. The name of the file is "\Program Files\WindowsApps\Deleted\Microsoft.WindowsMaps_5.1609.2651.0_neutral_split.scale-100_8wekyb3d8bbweaf05a952-7fc1-42fd-93b5-7e5db3a2ea96\Assets\SecondaryTiles\Directions\Car\LTR". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
System	Error	None	2017-01-16 20:11:27	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x3000000041d04. The name of the file is "\Program Files\WindowsApps\Deleted\Microsoft.WindowsMaps_5.1609.2651.0_neutral_split.scale-100_8wekyb3d8bbweaf05a952-7fc1-42fd-93b5-7e5db3a2ea96\Assets\SecondaryTiles\Directions\Car\RTL". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
System	Error	None	2017-01-16 20:11:27	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x3000000041d08. The name of the file is "\Program Files\WindowsApps\Deleted\Microsoft.WindowsMaps_5.1609.2651.0_neutral_split.scale-100_8wekyb3d8bbweaf05a952-7fc1-42fd-93b5-7e5db3a2ea96\Assets\SecondaryTiles\Directions\Home\LTR". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
System	Error	None	2017-01-16 20:11:27	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x4000000041d0b. The name of the file is "\Program Files\WindowsApps\Deleted\Microsoft.WindowsMaps_5.1609.2651.0_neutral_split.scale-100_8wekyb3d8bbweaf05a952-7fc1-42fd-93b5-7e5db3a2ea96\Assets\SecondaryTiles\Directions\Home\RTL". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
System	Error	None	2017-01-16 20:11:27	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x3000000041d0f. The name of the file is "\Program Files\WindowsApps\Deleted\Microsoft.WindowsMaps_5.1609.2651.0_neutral_split.scale-100_8wekyb3d8bbweaf05a952-7fc1-42fd-93b5-7e5db3a2ea96\Assets\SecondaryTiles\Directions\Place\LTR". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
System	Error	None	2017-01-16 20:11:27	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x3000000041d12. The name of the file is "\Program Files\WindowsApps\Deleted\Microsoft.WindowsMaps_5.1609.2651.0_neutral_split.scale-100_8wekyb3d8bbweaf05a952-7fc1-42fd-93b5-7e5db3a2ea96\Assets\SecondaryTiles\Directions\Place\RTL". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
System	Error	None	2017-01-16 20:11:27	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x3000000041d16. The name of the file is "\Program Files\WindowsApps\Deleted\Microsoft.WindowsMaps_5.1609.2651.0_neutral_split.scale-100_8wekyb3d8bbweaf05a952-7fc1-42fd-93b5-7e5db3a2ea96\Assets\SecondaryTiles\Directions\Work\LTR". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
System	Error	None	2017-01-16 20:11:28	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x3000000041d19. The name of the file is "\Program Files\WindowsApps\Deleted\Microsoft.WindowsMaps_5.1609.2651.0_neutral_split.scale-100_8wekyb3d8bbweaf05a952-7fc1-42fd-93b5-7e5db3a2ea96\Assets\SecondaryTiles\Directions\Work\RTL". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
System	Error	None	2017-01-16 20:11:28	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x3000000041d1c. The name of the file is "\Program Files\WindowsApps\Deleted\Microsoft.WindowsMaps_5.1609.2651.0_neutral_split.scale-100_8wekyb3d8bbweaf05a952-7fc1-42fd-93b5-7e5db3a2ea96\Assets\SecondaryTiles\Home". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
System	Error	None	2017-01-16 20:11:28	SYSTEM	Ntfs	55: A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x3000000041d1f. The name of the file is "\Program Files\WindowsApps\Deleted\Microsoft.WindowsMaps_5.1609.2651.0_neutral_split.scale-100_8wekyb3d8bbweaf05a952-7fc1-42fd-93b5-7e5db3a2ea96\Assets\SecondaryTiles\Place". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
System	Error	None	2017-01-16 20:21:06		bowser	8003: The master browser has received a server announcement from the computer IOQFTSTKCCC7RO4 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A2A24C2B-0EF7-4193-83E2-A87EE803825C}. The master browser is stopping or an election is being forced.
System	Error	None	2017-01-16 23:26:16		Service Control Manager	7003: The Themes service depends on the following service: iThemes5. This service might not be installed.
System	Warning	212	2017-01-16 23:26:16	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_Kingston&Prod_DataTraveler_3.0&Rev_PMAP#D067E51599A7B03106085116&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.
System	Error	None	2017-01-16 23:26:17		Service Control Manager	7000: The Quoteex service failed to start due to the following error: %%2
System	Error	None	2017-01-16 23:26:19	NETWORK SERVICE	DCOM	10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
System	Warning	None	2017-01-16 23:26:25	SYSTEM	Microsoft-Windows-Wininit	11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571 for more information.
System	Warning	None	2017-01-17 18:18:52		disk	52: The driver has detected that device \Device\Harddisk0\DR0 has predicted that it will fail. Immediately back up your data and replace your hard disk drive. A failure may be imminent.
System	Error	None	2017-01-17 18:18:58	NETWORK SERVICE	DCOM	10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
System	Error	1	2017-01-17 18:21:15	SYSTEM	Microsoft-Windows-WindowsUpdateClient	20: Installation Failure: Windows failed to install the following update with error 0x800b0100: Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB3213986).
System	Error	None	2017-01-17 18:26:42		bowser	8003: The master browser has received a server announcement from the computer IOQFTSTKCCC7RO4 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A2A24C2B-0EF7-4193-83E2-A87EE803825C}. The master browser is stopping or an election is being forced.
System	Error	None	2017-01-17 20:02:52		NetBT	4321: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.81. The computer with the IP address 192.168.1.199 did not allow the name to be claimed by this computer.
System	Error	None	2017-01-17 20:15:16		bowser	8003: The master browser has received a server announcement from the computer IOQFTSTKCCC7RO4 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A2A24C2B-0EF7-4193-83E2-A87EE803825C}. The master browser is stopping or an election is being forced.
System	Error	None	2017-01-17 21:27:25		bowser	8003: The master browser has received a server announcement from the computer IOQFTSTKCCC7RO4 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A2A24C2B-0EF7-4193-83E2-A87EE803825C}. The master browser is stopping or an election is being forced.
System	Error	None	2017-01-18 15:05:52		Service Control Manager	7003: The Themes service depends on the following service: iThemes5. This service might not be installed.
System	Warning	212	2017-01-18 15:05:52	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_Kingston&Prod_DataTraveler_3.0&Rev_PMAP#D067E51599A7B03106085116&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.
System	Error	None	2017-01-18 15:05:53		Service Control Manager	7000: The Quoteex service failed to start due to the following error: %%2
System	Error	None	2017-01-18 15:05:54	NETWORK SERVICE	DCOM	10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
System	Warning	None	2017-01-18 15:06:02	SYSTEM	Microsoft-Windows-Wininit	11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571 for more information.
System	Error	1	2017-01-18 15:20:10	SYSTEM	Microsoft-Windows-WindowsUpdateClient	20: Installation Failure: Windows failed to install the following update with error 0x800b0100: Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB3213986).
System	Warning	None	2017-01-18 16:05:54		disk	52: The driver has detected that device \Device\Harddisk0\DR0 has predicted that it will fail. Immediately back up your data and replace your hard disk drive. A failure may be imminent.
System	Warning	1014	2017-01-18 16:42:55	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name www.youtube.com timed out after none of the configured DNS servers responded.
System	Error	None	2017-01-18 16:49:43		volsnap	36: The shadow copies of volume D: were aborted because the shadow copy storage could not grow due to a user imposed limit.
System	Warning	1014	2017-01-18 17:16:43	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name www.googleapis.com timed out after none of the configured DNS servers responded.

Database Software


Database Drivers:
	Borland Database Engine	-
	Borland InterBase Client	-
	Easysoft ODBC-InterBase 6	-
	Easysoft ODBC-InterBase 7	-
	Firebird Client	-
	Jet Engine	4.00.9765.0
	MDAC	10.0.14393.0 (rs1_release.160715-1616)
	ODBC	10.0.14393.0 (rs1_release.160715-1616)
	MySQL Connector/ODBC	-
	Oracle Client	-
	PsqlODBC	-
	Sybase ASE ODBC	-

Database Servers:
	Borland InterBase Server	-
	Firebird Server	-
	Microsoft SQL Server	-
	Microsoft SQL Server Compact Edition	-
	Microsoft SQL Server Express Edition	-
	MySQL Server	-
	Oracle Server	-
	PostgreSQL Server	-
	Sybase SQL Server	-

ODBC Drivers


Driver Description	File Name	Version	File Extensions Supported
Driver da Microsoft para arquivos texto (.txt; .csv)	odbcjt32.dll	10.0.14393.0 (rs1_release.160715-1616)	.,.asc,.csv,.tab,.txt,.csv
Driver do Microsoft Access (*.mdb)	odbcjt32.dll	10.0.14393.0 (rs1_release.160715-1616)	*.mdb
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
Driver do Microsoft Excel(*.xls)	odbcjt32.dll	10.0.14393.0 (rs1_release.160715-1616)	*.xls
Driver do Microsoft Paradox (*.db )	odbcjt32.dll	10.0.14393.0 (rs1_release.160715-1616)	*.db
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
Microsoft Access Driver (*.mdb)	odbcjt32.dll	10.0.14393.0 (rs1_release.160715-1616)	*.mdb
Microsoft Access Driver (.mdb, .accdb)	aceodbc.dll	12.0.4518.1014	.mdb,.accdb
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
Microsoft Access Text Driver (.txt, .csv)	aceodbc.dll	12.0.4518.1014	.txt, .csv
Microsoft Access-Treiber (*.mdb)	odbcjt32.dll	10.0.14393.0 (rs1_release.160715-1616)	*.mdb
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
Microsoft dBase-Treiber (*.dbf)	odbcjt32.dll	10.0.14393.0 (rs1_release.160715-1616)	.dbf,.ndx,*.mdx
Microsoft Excel Driver (*.xls)	odbcjt32.dll	10.0.14393.0 (rs1_release.160715-1616)	*.xls
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
Microsoft Excel-Treiber (*.xls)	odbcjt32.dll	10.0.14393.0 (rs1_release.160715-1616)	*.xls
Microsoft ODBC for Oracle	msorcl32.dll	10.0.14393.0 (rs1_release.160715-1616)
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
Microsoft Paradox-Treiber (*.db )	odbcjt32.dll	10.0.14393.0 (rs1_release.160715-1616)	*.db
Microsoft Text Driver (.txt; .csv)	odbcjt32.dll	10.0.14393.0 (rs1_release.160715-1616)	.,.asc,.csv,.tab,.txt,.csv
[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]	[ TRIAL VERSION ]
SQL Server	sqlsrv32.dll	10.0.14393.0 (rs1_release.160715-1616)

Memory Read


	CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS
111548 MB/s	20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1
76951 MB/s	16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1
67934 MB/s	32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1
51953 MB/s	6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2
45654 MB/s	6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2
43968 MB/s	6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2
38162 MB/s	8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1
30174 MB/s	4x Core i7-6700K HT	4000 MHz	Gigabyte GA-Z170X-UD3	Z170 Int.	Dual DDR4-2133	14-14-14-35 CR2
26519 MB/s	8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2
26454 MB/s	6x FX-6100	3300 MHz	Asus Sabertooth 990FX	AMD990FX	Dual DDR3-1866	9-10-9-27 CR2
26425 MB/s	8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2
23862 MB/s	4x Core i7-5775C HT	3300 MHz	Gigabyte GA-Z97MX-Gaming 5	Z97 Int.	Dual DDR3-1600	11-11-11-28 CR1
23664 MB/s	4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2
23232 MB/s	4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1
23225 MB/s	4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2
21635 MB/s	8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1
21411 MB/s	4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2
21214 MB/s	4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2
21120 MB/s	4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1
20959 MB/s	4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2
20410 MB/s	6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1
19998 MB/s	12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1
19595 MB/s	4x Core i7-2600 HT	3600 MHz	[ TRIAL VERSION ]	Z77 Ext.	Dual DDR3-1333	9-9-9-24 CR1
19188 MB/s	4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1
18858 MB/s	8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1
17455 MB/s	4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1
16600 MB/s	4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1
14639 MB/s	6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2
13474 MB/s	4x Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1
12984 MB/s	8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1
11518 MB/s	4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1
11089 MB/s	2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1
10701 MB/s	4x Celeron N3150	1600 MHz	ASRock N3150B-ITX	Braswell Int.	Dual DDR3-1600	11-11-11-28 CR2
10107 MB/s	4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2
9476 MB/s	2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1
9034 MB/s	4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2
8742 MB/s	4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2
8643 MB/s	4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2
8092 MB/s	2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11
7984 MB/s	P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15
7694 MB/s	2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2
7543 MB/s	8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15
7536 MB/s	2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2
6985 MB/s	2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15
6549 MB/s	4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15
6421 MB/s	Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
6212 MB/s	2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2
6012 MB/s	Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2
5886 MB/s	2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
5862 MB/s	2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1
5344 MB/s	Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15
4558 MB/s	2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7
3969 MB/s	Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11 CR2
3909 MB/s	Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1
3672 MB/s	8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12
3623 MB/s	Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12
3365 MB/s	Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2
3322 MB/s	4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15
2919 MB/s	Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2

Memory Write


	CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS
93866 MB/s	20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1
76511 MB/s	16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1
57663 MB/s	32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1
52279 MB/s	6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2
46548 MB/s	6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2
45532 MB/s	6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2
32887 MB/s	4x Core i7-6700K HT	4000 MHz	Gigabyte GA-Z170X-UD3	Z170 Int.	Dual DDR4-2133	14-14-14-35 CR2
27371 MB/s	8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1
23828 MB/s	4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2
23717 MB/s	4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1
23622 MB/s	4x Core i7-5775C HT	3300 MHz	Gigabyte GA-Z97MX-Gaming 5	Z97 Int.	Dual DDR3-1600	11-11-11-28 CR1
23615 MB/s	4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2
20578 MB/s	4x Core i7-2600 HT	3700 MHz	[ TRIAL VERSION ]	Z77 Ext.	Dual DDR3-1333	9-9-9-24 CR1
19549 MB/s	4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1
17677 MB/s	8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2
17317 MB/s	8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2
16901 MB/s	4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1
16889 MB/s	6x FX-6100	3300 MHz	Asus Sabertooth 990FX	AMD990FX	Dual DDR3-1866	9-10-9-27 CR2
16680 MB/s	6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1
14780 MB/s	4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1
14683 MB/s	12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1
13197 MB/s	4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1
12775 MB/s	8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1
12332 MB/s	8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1
12032 MB/s	4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2
10219 MB/s	4x Celeron N3150	1600 MHz	ASRock N3150B-ITX	Braswell Int.	Dual DDR3-1600	11-11-11-28 CR2
10132 MB/s	4x Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1
9989 MB/s	4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2
9949 MB/s	2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1
9741 MB/s	4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2
8868 MB/s	2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1
8742 MB/s	8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1
7917 MB/s	Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
7738 MB/s	4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1
7114 MB/s	4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2
7090 MB/s	6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2
7084 MB/s	4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2
6719 MB/s	8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15
5754 MB/s	2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2
5654 MB/s	2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11
5639 MB/s	P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15
5508 MB/s	4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2
5464 MB/s	2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15
4868 MB/s	2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2
4830 MB/s	4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15
4715 MB/s	2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
4702 MB/s	4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2
4260 MB/s	2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2
4219 MB/s	2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7
4095 MB/s	Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2
4054 MB/s	2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1
3804 MB/s	Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1
3588 MB/s	Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15
3157 MB/s	Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2
2831 MB/s	Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12
2797 MB/s	Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11 CR2
2474 MB/s	4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15
2345 MB/s	8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12
2335 MB/s	Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2

Memory Copy


	CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS
104455 MB/s	20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1
68802 MB/s	32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1
66844 MB/s	16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1
49929 MB/s	6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2
47593 MB/s	6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2
42376 MB/s	6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2
34871 MB/s	8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1
31220 MB/s	4x Core i7-6700K HT	4000 MHz	Gigabyte GA-Z170X-UD3	Z170 Int.	Dual DDR4-2133	14-14-14-35 CR2
25025 MB/s	4x Core i7-5775C HT	3300 MHz	Gigabyte GA-Z97MX-Gaming 5	Z97 Int.	Dual DDR3-1600	11-11-11-28 CR1
24586 MB/s	6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1
23675 MB/s	8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2
22848 MB/s	8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2
22734 MB/s	6x FX-6100	3300 MHz	Asus Sabertooth 990FX	AMD990FX	Dual DDR3-1866	9-10-9-27 CR2
22724 MB/s	4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2
21525 MB/s	4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1
21457 MB/s	4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1
21249 MB/s	4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2
19581 MB/s	4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2
19153 MB/s	4x Core i7-2600 HT	3500 MHz	[ TRIAL VERSION ]	Z77 Ext.	Dual DDR3-1333	9-9-9-24 CR1
18021 MB/s	4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2
17620 MB/s	4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1
17534 MB/s	4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2
17354 MB/s	8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1
17000 MB/s	12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1
16721 MB/s	8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1
15482 MB/s	4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1
14003 MB/s	2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1
13992 MB/s	4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1
12429 MB/s	6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2
12151 MB/s	8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1
11359 MB/s	4x Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1
11336 MB/s	4x Celeron N3150	1600 MHz	ASRock N3150B-ITX	Braswell Int.	Dual DDR3-1600	11-11-11-28 CR2
9664 MB/s	4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2
9454 MB/s	4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1
8965 MB/s	2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1
8208 MB/s	8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15
7804 MB/s	4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2
7709 MB/s	4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2
7409 MB/s	4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2
6800 MB/s	2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2
6272 MB/s	2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11
6130 MB/s	P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15
5916 MB/s	Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
5540 MB/s	2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15
5412 MB/s	2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2
5304 MB/s	4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15
4877 MB/s	2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2
4860 MB/s	2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
4777 MB/s	2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1
4565 MB/s	Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2
4214 MB/s	2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7
4196 MB/s	Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15
3678 MB/s	Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1
3319 MB/s	Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2
3128 MB/s	Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11 CR2
3054 MB/s	Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12
3006 MB/s	4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15
2984 MB/s	8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12
2578 MB/s	Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2

Memory Latency


	CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS
55.2 ns	Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1
57.4 ns	Core i7-3770K	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2
58.0 ns	Xeon E3-1245 v3	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1
58.2 ns	Core i7-4770	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2
59.7 ns	A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2
60.4 ns	Core i7-6700K	4000 MHz	Gigabyte GA-Z170X-UD3	Z170 Int.	Dual DDR4-2133	14-14-14-35 CR2
61.3 ns	FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2
61.5 ns	A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2
61.7 ns	FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2
61.9 ns	Core i7-4930K	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2
64.1 ns	Core i7-5775C	3300 MHz	Gigabyte GA-Z97MX-Gaming 5	Z97 Int.	Dual DDR3-1600	11-11-11-28 CR1
64.2 ns	FX-6100	3300 MHz	Asus Sabertooth 990FX	AMD990FX	Dual DDR3-1866	9-10-9-27 CR2
66.3 ns	Core i7-2600	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1
67.1 ns	Core i7-990X Extreme	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1
67.5 ns	Core i7-3960X Extreme	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2
69.7 ns	Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1
70.3 ns	Xeon X5550	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1
70.7 ns	Core i7-965 Extreme	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1
71.4 ns	Core i7-2600	3700 MHz	[ TRIAL VERSION ]	Z77 Ext.	Dual DDR3-1333	9-9-9-24 CR1
72.0 ns	Core i7-5820K	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2
72.5 ns	Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2
74.1 ns	Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2
74.3 ns	Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2
76.0 ns	A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1
77.0 ns	Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2
77.5 ns	Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2
78.4 ns	Pentium EE 955	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11
79.5 ns	Xeon E5-2670	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1
79.9 ns	Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2
81.3 ns	Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15
82.5 ns	A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2
82.6 ns	P4EE	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15
84.6 ns	Xeon E5-2660 v3	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1
87.6 ns	Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1
88.1 ns	Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1
89.6 ns	Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
91.2 ns	Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2
92.8 ns	Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1
93.0 ns	Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1
99.4 ns	Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1
100.1 ns	Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15
100.3 ns	Core i5-650	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1
101.3 ns	Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15
103.9 ns	Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2
105.5 ns	Atom 230	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12
108.4 ns	Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1
109.7 ns	E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1
113.3 ns	Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15
114.5 ns	Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15
119.9 ns	Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
123.5 ns	Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1
124.8 ns	Xeon	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7
126.8 ns	Celeron N3150	1600 MHz	ASRock N3150B-ITX	Braswell Int.	Dual DDR3-1600	11-11-11-28 CR2
127.7 ns	Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12
128.5 ns	Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2
129.5 ns	Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2
138.5 ns	Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2
153.7 ns	Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11 CR2
159.5 ns	Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1

CPU Queen


	CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS
146300	20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1
100852	16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1
62646	6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2
62300	6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2
59955	6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2
56869	6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1
53516	32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1
53505	8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1
48774	4x Core i7-6700K HT	4000 MHz	Gigabyte GA-Z170X-UD3	Z170 Int.	Dual DDR4-2133	14-14-14-35 CR2
47278	4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2
46736	4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2
45958	4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1
45870	4x Core i7-5775C HT	3300 MHz	Gigabyte GA-Z97MX-Gaming 5	Z97 Int.	Dual DDR3-1600	11-11-11-28 CR1
43886	4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1
43724	4x Core i7-2600 HT	3700 MHz	[ TRIAL VERSION ]	Z77 Ext.	Dual DDR3-1333	9-9-9-24 CR1
42517	12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1
41726	8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15
37604	4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1
36110	8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2
33997	8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1
32345	6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2
31735	8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2
30788	8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1
26990	8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12
25526	4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2
22176	4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1
22008	4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15
21991	8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1
21908	4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2
21669	4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2
21431	2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1
21427	6x FX-6100	3300 MHz	Asus Sabertooth 990FX	AMD990FX	Dual DDR3-1866	9-10-9-27 CR2
21222	4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1
20155	4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2
19545	4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2
19196	4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15
18012	4x Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1
16081	4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2
15549	4x Celeron N3150	1600 MHz	ASRock N3150B-ITX	Braswell Int.	Dual DDR3-1600	11-11-11-28 CR2
14771	4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2
12585	4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1
12148	2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2
11236	2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1
9610	2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15
7464	2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11
7312	2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7
7309	2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2
5923	2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
5437	Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
5163	2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1
4086	2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2
4022	P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15
3854	Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1
3793	Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12
3514	Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2
3301	Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15
2812	Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2
2591	Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2
1838	Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11 CR2

CPU PhotoWorxx


	CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS
61883 MPixel/s	20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1
38616 MPixel/s	16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1
35397 MPixel/s	32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1
26590 MPixel/s	6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2
23535 MPixel/s	6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2
22807 MPixel/s	6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2
20439 MPixel/s	8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1
20178 MPixel/s	4x Core i7-6700K HT	4000 MHz	Gigabyte GA-Z170X-UD3	Z170 Int.	Dual DDR4-2133	14-14-14-35 CR2
15347 MPixel/s	4x Core i7-5775C HT	3300 MHz	Gigabyte GA-Z97MX-Gaming 5	Z97 Int.	Dual DDR3-1600	11-11-11-28 CR1
14182 MPixel/s	4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2
14059 MPixel/s	4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1
13988 MPixel/s	4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2
12968 MPixel/s	6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1
12440 MPixel/s	8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2
12351 MPixel/s	4x Core i7-2600 HT	3500 MHz	[ TRIAL VERSION ]	Z77 Ext.	Dual DDR3-1333	9-9-9-24 CR1
12338 MPixel/s	8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2
11919 MPixel/s	6x FX-6100	3300 MHz	Asus Sabertooth 990FX	AMD990FX	Dual DDR3-1866	9-10-9-27 CR2
11786 MPixel/s	4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1
11407 MPixel/s	12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1
11100 MPixel/s	4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1
10680 MPixel/s	8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1
9564 MPixel/s	4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2
9064 MPixel/s	4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2
8898 MPixel/s	4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2
8852 MPixel/s	8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1
8530 MPixel/s	4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1
8064 MPixel/s	4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1
6980 MPixel/s	6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2
6871 MPixel/s	2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1
6123 MPixel/s	8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1
5627 MPixel/s	4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2
5271 MPixel/s	4x Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1
4810 MPixel/s	4x Celeron N3150	1600 MHz	ASRock N3150B-ITX	Braswell Int.	Dual DDR3-1600	11-11-11-28 CR2
4727 MPixel/s	8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15
4214 MPixel/s	4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2
4180 MPixel/s	4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2
3817 MPixel/s	4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2
3715 MPixel/s	4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1
3461 MPixel/s	2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2
3043 MPixel/s	2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15
2928 MPixel/s	2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11
2835 MPixel/s	2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1
2791 MPixel/s	4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15
2537 MPixel/s	Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
2370 MPixel/s	2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2
2146 MPixel/s	P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15
1902 MPixel/s	8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12
1897 MPixel/s	2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1
1873 MPixel/s	2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2
1863 MPixel/s	4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15
1854 MPixel/s	Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15
1821 MPixel/s	2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
1672 MPixel/s	2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7
1265 MPixel/s	Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2
1219 MPixel/s	Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2
1094 MPixel/s	Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12
1074 MPixel/s	Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1
879 MPixel/s	Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11 CR2
827 MPixel/s	Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2

CPU ZLib


	CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS
1246.6 MB/s	20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1
987.4 MB/s	16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1
670.9 MB/s	32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1
458.2 MB/s	6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2
437.5 MB/s	6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2
436.1 MB/s	6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2
366.3 MB/s	12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1
361.2 MB/s	6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1
357.6 MB/s	8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1
357.3 MB/s	4x Core i7-6700K HT	4000 MHz	Gigabyte GA-Z170X-UD3	Z170 Int.	Dual DDR4-2133	14-14-14-35 CR2
344.4 MB/s	8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2
325.1 MB/s	4x Core i7-5775C HT	3300 MHz	Gigabyte GA-Z97MX-Gaming 5	Z97 Int.	Dual DDR3-1600	11-11-11-28 CR1
315.9 MB/s	4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2
309.3 MB/s	4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1
305.8 MB/s	4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2
292.8 MB/s	4x Core i7-2600 HT	3600 MHz	[ TRIAL VERSION ]	Z77 Ext.	Dual DDR3-1333	9-9-9-24 CR1
286.2 MB/s	4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1
282.1 MB/s	8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15
275.1 MB/s	8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2
257.3 MB/s	6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2
244.3 MB/s	8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1
221.1 MB/s	4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1
210.1 MB/s	8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1
189.4 MB/s	8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12
185.8 MB/s	6x FX-6100	3300 MHz	Asus Sabertooth 990FX	AMD990FX	Dual DDR3-1866	9-10-9-27 CR2
183.8 MB/s	4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2
175.2 MB/s	4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2
174.6 MB/s	8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1
167.5 MB/s	4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2
154.8 MB/s	4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2
153.2 MB/s	4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2
152.3 MB/s	4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1
136.2 MB/s	4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15
117.8 MB/s	4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15
112.6 MB/s	4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2
108.2 MB/s	4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1
105.9 MB/s	2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1
97.5 MB/s	4x Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1
94.0 MB/s	4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2
84.2 MB/s	4x Celeron N3150	1600 MHz	ASRock N3150B-ITX	Braswell Int.	Dual DDR3-1600	11-11-11-28 CR2
82.8 MB/s	4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1
75.0 MB/s	2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2
73.7 MB/s	2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1
60.4 MB/s	2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11
57.5 MB/s	2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15
57.3 MB/s	2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7
47.1 MB/s	2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2
41.5 MB/s	2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2
33.4 MB/s	Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
32.3 MB/s	P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15
32.3 MB/s	2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1
31.6 MB/s	2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
24.3 MB/s	Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1
22.9 MB/s	Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2
20.3 MB/s	Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15
18.6 MB/s	Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12
17.3 MB/s	Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11 CR2
16.3 MB/s	Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2
15.5 MB/s	Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2

CPU AES


	CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS
65831 MB/s	20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1
46878 MB/s	16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1
38013 MB/s	32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1
23202 MB/s	6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2
21100 MB/s	6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2
21094 MB/s	6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2
18236 MB/s	4x Core i7-6700K HT	4000 MHz	Gigabyte GA-Z170X-UD3	Z170 Int.	Dual DDR4-2133	14-14-14-35 CR2
17323 MB/s	8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2
16794 MB/s	4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2
16364 MB/s	4x Core i7-5775C HT	3300 MHz	Gigabyte GA-Z97MX-Gaming 5	Z97 Int.	Dual DDR3-1600	11-11-11-28 CR1
16321 MB/s	4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1
15416 MB/s	8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2
14452 MB/s	4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2
13675 MB/s	4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1
13643 MB/s	4x Core i7-2600 HT	3500 MHz	[ TRIAL VERSION ]	Z77 Ext.	Dual DDR3-1333	9-9-9-24 CR1
12241 MB/s	6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1
10360 MB/s	6x FX-6100	3300 MHz	Asus Sabertooth 990FX	AMD990FX	Dual DDR3-1866	9-10-9-27 CR2
9143 MB/s	4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2
8528 MB/s	4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2
8435 MB/s	4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2
6544 MB/s	4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2
4052 MB/s	8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1
3780 MB/s	2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1
2908 MB/s	Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
1929 MB/s	12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1
1617 MB/s	4x Celeron N3150	1600 MHz	ASRock N3150B-ITX	Braswell Int.	Dual DDR3-1600	11-11-11-28 CR2
1452 MB/s	Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2
1332 MB/s	6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2
1286 MB/s	8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1
1235 MB/s	8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15
1152 MB/s	8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1
913 MB/s	8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1
802 MB/s	4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2
791 MB/s	8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12
789 MB/s	4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1
717 MB/s	4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1
663 MB/s	4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2
587 MB/s	4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2
566 MB/s	4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15
524 MB/s	4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1
494 MB/s	4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15
473 MB/s	4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1
421 MB/s	2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1
387 MB/s	4x Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1
312 MB/s	2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2
277 MB/s	2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11
273 MB/s	2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2
269 MB/s	2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7
249 MB/s	2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15
242 MB/s	2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2
153 MB/s	2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1
148 MB/s	P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15
144 MB/s	Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1
131 MB/s	Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2
109 MB/s	Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11 CR2
105 MB/s	Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2
99 MB/s	2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
85 MB/s	Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15
44 MB/s	Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12

CPU Hash


	CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS
14785 MB/s	20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1
9046 MB/s	32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1
8720 MB/s	16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1
5231 MB/s	6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2
4784 MB/s	12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1
4587 MB/s	4x Core i7-6700K HT	4000 MHz	Gigabyte GA-Z170X-UD3	Z170 Int.	Dual DDR4-2133	14-14-14-35 CR2
4368 MB/s	6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2
4103 MB/s	8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2
3924 MB/s	6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2
3911 MB/s	4x Core i7-5775C HT	3300 MHz	Gigabyte GA-Z97MX-Gaming 5	Z97 Int.	Dual DDR3-1600	11-11-11-28 CR1
3790 MB/s	4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2
3682 MB/s	4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1
3670 MB/s	8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2
3605 MB/s	8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15
3304 MB/s	6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2
3188 MB/s	8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1
3136 MB/s	6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1
3095 MB/s	8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1
2992 MB/s	4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2
2620 MB/s	4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2
2544 MB/s	4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1
2541 MB/s	4x Core i7-2600 HT	3500 MHz	[ TRIAL VERSION ]	Z77 Ext.	Dual DDR3-1333	9-9-9-24 CR1
2460 MB/s	6x FX-6100	3300 MHz	Asus Sabertooth 990FX	AMD990FX	Dual DDR3-1866	9-10-9-27 CR2
2345 MB/s	8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12
2243 MB/s	8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1
2165 MB/s	4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2
1989 MB/s	4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2
1988 MB/s	4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2
1965 MB/s	8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1
1943 MB/s	4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2
1924 MB/s	4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1
1914 MB/s	4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1
1680 MB/s	4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15
1656 MB/s	4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1
1464 MB/s	4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15
1441 MB/s	4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2
1101 MB/s	4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1
999 MB/s	4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2
980 MB/s	2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1
976 MB/s	Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
969 MB/s	2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1
925 MB/s	2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2
912 MB/s	4x Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1
829 MB/s	2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11
809 MB/s	2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7
787 MB/s	4x Celeron N3150	1600 MHz	ASRock N3150B-ITX	Braswell Int.	Dual DDR3-1600	11-11-11-28 CR2
730 MB/s	2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15
638 MB/s	2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2
549 MB/s	2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2
493 MB/s	Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2
443 MB/s	P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15
351 MB/s	2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
335 MB/s	Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1
325 MB/s	2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1
306 MB/s	Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2
251 MB/s	Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15
246 MB/s	Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11 CR2
245 MB/s	Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2
162 MB/s	Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12

FPU VP8


	CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS
7521	4x Core i7-6700K HT	4000 MHz	Gigabyte GA-Z170X-UD3	Z170 Int.	Dual DDR4-2133	14-14-14-35 CR2
6604	20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1
6551	6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2
6436	6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2
6360	4x Core i7-5775C HT	3300 MHz	Gigabyte GA-Z97MX-Gaming 5	Z97 Int.	Dual DDR3-1600	11-11-11-28 CR1
6351	4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2
6280	4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1
6215	6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2
6128	4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2
5864	16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1
5653	4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1
5497	4x Core i7-2600 HT	3600 MHz	[ TRIAL VERSION ]	Z77 Ext.	Dual DDR3-1333	9-9-9-24 CR1
5435	6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1
5044	8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15
4730	4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1
4721	8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2
4523	6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2
4513	8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1
3990	4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1
3902	12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1
3889	4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2
3838	8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2
3741	4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2
3665	8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1
3447	4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2
3344	6x FX-6100	3300 MHz	Asus Sabertooth 990FX	AMD990FX	Dual DDR3-1866	9-10-9-27 CR2
3275	4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2
3275	4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2
3233	2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1
3192	8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1
3161	4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1
3139	32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1
2693	4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15
2497	8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12
2475	8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1
2394	4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2
2348	4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2
2314	4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15
2015	4x Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1
1854	4x Celeron N3150	1600 MHz	ASRock N3150B-ITX	Braswell Int.	Dual DDR3-1600	11-11-11-28 CR2
1814	2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1
1793	2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2
1760	2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15
1693	4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1
1351	2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2
1160	2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11
1135	2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7
1125	Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
1055	2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2
952	P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15
837	2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1
805	Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2
783	2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
685	Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15
663	Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2
617	Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1
581	Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11 CR2
508	Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12
490	Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2

FPU Julia


	CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS
111155	20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1
62494	16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1
40351	6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2
34006	4x Core i7-6700K HT	4000 MHz	Gigabyte GA-Z170X-UD3	Z170 Int.	Dual DDR4-2133	14-14-14-35 CR2
30205	32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1
28484	6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2
26896	6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2
26854	4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2
26835	4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1
24776	4x Core i7-5775C HT	3300 MHz	Gigabyte GA-Z97MX-Gaming 5	Z97 Int.	Dual DDR3-1600	11-11-11-28 CR1
19518	4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2
18483	4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1
18447	4x Core i7-2600 HT	3800 MHz	[ TRIAL VERSION ]	Z77 Ext.	Dual DDR3-1333	9-9-9-24 CR1
18309	12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1
17996	6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1
17672	8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1
15295	8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15
13502	8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2
12636	6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2
12207	8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1
11909	8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2
11059	4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1
8959	8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12
8747	8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1
8686	8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1
8202	4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2
8070	4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1
7960	6x FX-6100	3300 MHz	Asus Sabertooth 990FX	AMD990FX	Dual DDR3-1866	9-10-9-27 CR2
7606	4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2
7434	4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1
7008	4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2
6466	4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2
6408	4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15
6224	4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2
5589	4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15
5579	4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2
5551	2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1
5236	4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2
4058	4x Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1
3533	2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2
3496	4x Celeron N3150	1600 MHz	ASRock N3150B-ITX	Braswell Int.	Dual DDR3-1600	11-11-11-28 CR2
3080	2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15
2442	2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11
2392	2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7
2308	4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1
2053	2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1
1988	2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2
1865	Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
1338	2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2
1307	P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15
1118	2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
959	Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15
914	2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1
893	Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11 CR2
796	Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2
702	Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1
641	Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2
589	Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12
513	Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2

FPU Mandel


	CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS
54582	20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1
32982	16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1
21651	6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2
18304	4x Core i7-6700K HT	4000 MHz	Gigabyte GA-Z170X-UD3	Z170 Int.	Dual DDR4-2133	14-14-14-35 CR2
15406	32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1
15095	6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2
14431	4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2
14418	4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1
14257	6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2
12509	4x Core i7-5775C HT	3300 MHz	Gigabyte GA-Z97MX-Gaming 5	Z97 Int.	Dual DDR3-1600	11-11-11-28 CR1
10343	4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2
9788	4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1
9784	4x Core i7-2600 HT	3700 MHz	[ TRIAL VERSION ]	Z77 Ext.	Dual DDR3-1333	9-9-9-24 CR1
9319	12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1
8672	6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1
8613	8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1
8068	8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15
6910	8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2
6434	6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2
6212	8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1
6085	8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2
5363	4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1
4625	8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12
4419	8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1
4335	4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2
4180	4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1
4072	6x FX-6100	3300 MHz	Asus Sabertooth 990FX	AMD990FX	Dual DDR3-1866	9-10-9-27 CR2
3973	4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1
3874	4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2
3455	4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2
3314	4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15
3156	4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2
3119	4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2
2982	8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1
2889	4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15
2840	4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2
2675	2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1
2336	4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2
1823	2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2
1626	2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15
1482	2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11
1449	2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7
1383	4x Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1
1192	4x Celeron N3150	1600 MHz	ASRock N3150B-ITX	Braswell Int.	Dual DDR3-1600	11-11-11-28 CR2
1182	4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1
1061	2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2
1051	2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1
856	Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
795	P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15
685	2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2
494	Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15
476	Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11 CR2
427	2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1
407	Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2
401	2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
360	Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1
328	Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2
263	Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2
193	Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12

FPU SinJulia


	CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS
18481	20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1
16035	16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1
7473	6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1
7275	6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2
7214	6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2
6993	8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1
6821	32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1
6513	6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2
4984	4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2
4825	4x Core i7-6700K HT	4000 MHz	Gigabyte GA-Z170X-UD3	Z170 Int.	Dual DDR4-2133	14-14-14-35 CR2
4720	4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2
4677	4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1
4676	4x Core i7-2600 HT	3800 MHz	[ TRIAL VERSION ]	Z77 Ext.	Dual DDR3-1333	9-9-9-24 CR1
4658	12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1
4624	4x Core i7-5775C HT	3300 MHz	Gigabyte GA-Z97MX-Gaming 5	Z97 Int.	Dual DDR3-1600	11-11-11-28 CR1
4588	4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1
4561	4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1
4138	8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15
3213	6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2
3100	8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1
2832	8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2
2644	8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2
2590	8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12
2305	2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1
2266	4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1
2222	4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2
2211	8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1
2042	8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1
1934	4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2
1872	4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1
1856	4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15
1740	6x FX-6100	3300 MHz	Asus Sabertooth 990FX	AMD990FX	Dual DDR3-1866	9-10-9-27 CR2
1618	4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15
1483	4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2
1479	4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2
1421	4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2
1376	4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2
1260	4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2
1178	4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1
1049	2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1
1021	2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2
959	2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11
948	4x Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1
942	2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7
834	2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15
812	4x Celeron N3150	1600 MHz	ASRock N3150B-ITX	Braswell Int.	Dual DDR3-1600	11-11-11-28 CR2
683	2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2
516	P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15
506	2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1
452	2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2
359	Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1
327	Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2
285	Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
277	Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15
262	2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
262	Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2
205	Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12
203	Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11 CR2
132	Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2

FP32 Ray-Trace


	CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS
18436 KRay/s	20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1
11357 KRay/s	16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1
7300 KRay/s	6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2
7269 KRay/s	4x Core i7-6700K HT	4000 MHz	Gigabyte GA-Z170X-UD3	Z170 Int.	Dual DDR4-2133	14-14-14-35 CR2
5991 KRay/s	32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1
5198 KRay/s	6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2
4853 KRay/s	4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2
4852 KRay/s	6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2
4847 KRay/s	4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1
4803 KRay/s	4x Core i7-5775C HT	3300 MHz	Gigabyte GA-Z97MX-Gaming 5	Z97 Int.	Dual DDR3-1600	11-11-11-28 CR1
3562 KRay/s	4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2
3361 KRay/s	4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1
3357 KRay/s	4x Core i7-2600 HT	3500 MHz	[ TRIAL VERSION ]	Z77 Ext.	Dual DDR3-1333	9-9-9-24 CR1
2868 KRay/s	12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1
2654 KRay/s	6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1
2580 KRay/s	8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2
2558 KRay/s	8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1
2553 KRay/s	8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2
2187 KRay/s	8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15
1982 KRay/s	6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2
1911 KRay/s	8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1
1645 KRay/s	6x FX-6100	3300 MHz	Asus Sabertooth 990FX	AMD990FX	Dual DDR3-1866	9-10-9-27 CR2
1616 KRay/s	4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1
1377 KRay/s	4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2
1362 KRay/s	4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2
1316 KRay/s	8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12
1230 KRay/s	4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2
1215 KRay/s	8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1
1212 KRay/s	8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1
1179 KRay/s	4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2
1161 KRay/s	4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2
1130 KRay/s	4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1
1105 KRay/s	4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1
977 KRay/s	4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15
851 KRay/s	4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15
801 KRay/s	2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1
788 KRay/s	4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2
771 KRay/s	4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2
573 KRay/s	4x Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1
526 KRay/s	2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2
524 KRay/s	4x Celeron N3150	1600 MHz	ASRock N3150B-ITX	Braswell Int.	Dual DDR3-1600	11-11-11-28 CR2
452 KRay/s	2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15
371 KRay/s	2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11
355 KRay/s	2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7
319 KRay/s	4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1
299 KRay/s	2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1
272 KRay/s	2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2
268 KRay/s	Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
203 KRay/s	P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15
195 KRay/s	2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2
165 KRay/s	2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
144 KRay/s	Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15
130 KRay/s	2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1
123 KRay/s	Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11 CR2
117 KRay/s	Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2
105 KRay/s	Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1
95 KRay/s	Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12
92 KRay/s	Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2
70 KRay/s	Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2

FP64 Ray-Trace


	CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS
9946 KRay/s	20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1
5974 KRay/s	16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1
4067 KRay/s	6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2
4026 KRay/s	4x Core i7-6700K HT	4000 MHz	Gigabyte GA-Z170X-UD3	Z170 Int.	Dual DDR4-2133	14-14-14-35 CR2
3252 KRay/s	32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1
2804 KRay/s	6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2
2706 KRay/s	4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2
2704 KRay/s	4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1
2636 KRay/s	6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2
2627 KRay/s	4x Core i7-5775C HT	3300 MHz	Gigabyte GA-Z97MX-Gaming 5	Z97 Int.	Dual DDR3-1600	11-11-11-28 CR1
1916 KRay/s	4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2
1816 KRay/s	4x Core i7-2600 HT	3800 MHz	[ TRIAL VERSION ]	Z77 Ext.	Dual DDR3-1333	9-9-9-24 CR1
1815 KRay/s	4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1
1560 KRay/s	12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1
1457 KRay/s	6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1
1393 KRay/s	8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2
1378 KRay/s	8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1
1312 KRay/s	8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2
1157 KRay/s	8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15
1040 KRay/s	8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1
1038 KRay/s	6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2
893 KRay/s	4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1
874 KRay/s	6x FX-6100	3300 MHz	Asus Sabertooth 990FX	AMD990FX	Dual DDR3-1866	9-10-9-27 CR2
736 KRay/s	4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2
715 KRay/s	8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12
712 KRay/s	4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2
670 KRay/s	8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1
667 KRay/s	4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2
626 KRay/s	4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2
624 KRay/s	4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1
623 KRay/s	4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1
615 KRay/s	4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2
535 KRay/s	4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15
466 KRay/s	4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15
459 KRay/s	8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1
452 KRay/s	4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2
443 KRay/s	2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1
433 KRay/s	4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2
288 KRay/s	2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2
236 KRay/s	2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15
211 KRay/s	4x Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1
205 KRay/s	2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11
198 KRay/s	2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7
193 KRay/s	4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1
185 KRay/s	4x Celeron N3150	1600 MHz	ASRock N3150B-ITX	Braswell Int.	Dual DDR3-1600	11-11-11-28 CR2
176 KRay/s	2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1
138 KRay/s	2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2
120 KRay/s	Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
112 KRay/s	2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2
109 KRay/s	P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15
80 KRay/s	2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1
73 KRay/s	Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15
62 KRay/s	Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11 CR2
59 KRay/s	Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1
56 KRay/s	Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2
54 KRay/s	Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2
46 KRay/s	2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2
43 KRay/s	Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2
28 KRay/s	Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12

Debug - PCI


		B00 D00 F00:	Intel Sandy Bridge-DT - Host Bridge/DRAM Controller

		Offset 000:	86 80 00 01 06 00 90 20 09 00 00 06 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 58 14 00 50
		Offset 030:	00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	01 90 D1 FE 00 00 00 00 01 00 D1 FE 00 00 00 00
		Offset 050:	03 00 00 00 09 00 00 00 00 00 00 00 01 00 80 DF
		Offset 060:	05 00 00 F8 00 00 00 00 01 80 D1 FE 00 00 00 00
		Offset 070:	00 00 00 FF 01 00 00 00 00 0C 00 FF 7F 00 00 00
		Offset 080:	10 11 11 00 00 00 11 00 1A 00 00 00 00 00 00 00
		Offset 090:	01 00 00 FF 01 00 00 00 01 00 F0 1E 02 00 00 00
		Offset 0A0:	01 00 00 00 02 00 00 00 01 00 00 1F 02 00 00 00
		Offset 0B0:	01 00 00 E0 01 00 00 E0 01 00 80 DF 01 00 00 E0
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	09 00 0C 01 9E A0 00 E2 90 00 00 36 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 B8 0F 06 00 00 00 00 00

		B00 D01 F00:	Intel Sandy Bridge - PCI Express Controller

		Offset 000:	86 80 01 01 07 04 10 00 09 00 04 06 10 00 81 00
		Offset 010:	00 00 00 00 00 00 00 00 00 01 01 00 E0 E0 00 20
		Offset 020:	E0 F7 E0 F7 01 E0 F1 EF 00 00 00 00 00 00 00 00
		Offset 030:	00 00 00 00 88 00 00 00 00 00 00 00 0B 01 18 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0A
		Offset 080:	01 90 03 C8 08 00 00 00 0D 80 00 00 58 14 00 50
		Offset 090:	05 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	10 00 42 01 00 80 00 00 00 00 00 00 02 2D 21 02
		Offset 0B0:	40 00 01 D1 80 25 0C 00 00 00 40 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 01 00 00 00 00 00 00 00 10 00

		B00 D14 F00:	Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1]

		Offset 000:	86 80 31 1E 06 04 90 02 04 30 03 0C 00 00 00 00
		Offset 010:	04 00 F0 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 58 14 07 50
		Offset 030:	00 00 00 00 70 00 00 00 00 00 00 00 00 01 00 00
		Offset 040:	FD 07 0E 80 39 C2 03 80 00 00 00 00 00 00 00 00
		Offset 050:	17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	30 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	01 80 C2 C1 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 00 87 00 D8 01 E0 FE 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	8F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	03 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	0F 00 00 00 0F 00 00 00 0F 00 00 00 0F 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 04 08 00 00 00 00

		B00 D16 F00:	Intel Panther Point PCH - Host Embedded Controller Interface 1 (HECI1) [C-1]

		Offset 000:	86 80 3A 1E 06 04 10 00 04 00 80 07 00 00 80 00
		Offset 010:	04 A0 F1 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 58 14 3A 1C
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 00 01 00 00
		Offset 040:	55 02 00 1E 10 00 01 80 06 01 00 60 F0 1F 00 10
		Offset 050:	01 8C 03 C8 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 05 00 81 00
		Offset 090:	F8 01 E0 FE 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 C0
		Offset 0C0:	6D 08 C5 89 D6 68 5C 98 B4 25 77 81 1C 6D E9 6C
		Offset 0D0:	AE 8B 96 2F B5 7E D7 63 92 9A 9B BD 04 FD 0F 92
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B00 D1A F00:	Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1]

		Offset 000:	86 80 2D 1E 06 00 90 02 04 20 03 0C 00 00 00 00
		Offset 010:	00 80 F1 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 58 14 06 50
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 10 01 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	01 58 C2 C9 00 00 00 00 0A 98 A0 20 00 00 00 00
		Offset 060:	20 20 81 07 00 00 00 00 01 00 00 01 00 20 00 00
		Offset 070:	00 00 DF 3F 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 80 00 11 88 0C 93 30 0D 00 24 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 13 00 06 03 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 AA FF 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 04 00 7E DF
		Offset 0F0:	00 00 00 00 88 85 80 00 87 0F 04 08 08 17 5B 20

		B00 D1B F00:	Intel Panther Point PCH - High Definition Audio Controller [C-1]

		Offset 000:	86 80 20 1E 06 00 10 00 04 00 03 04 10 00 00 00
		Offset 010:	04 00 F1 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 58 14 02 A0
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 16 01 00 00
		Offset 040:	01 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	01 60 42 C8 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	05 70 80 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	10 00 91 00 00 00 00 10 00 08 10 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 04 02 01 00 24 00 40 00 0C A3 82 10 00 33 02
		Offset 0D0:	00 0C A3 02 10 00 33 02 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 04 08 00 00 00 00

		B00 D1C F00:	Intel Panther Point PCH - PCI Express Port 1

		Offset 000:	86 80 10 1E 04 04 10 00 C4 00 04 06 10 00 81 00
		Offset 010:	00 00 00 00 00 00 00 00 00 02 02 00 F0 00 00 20
		Offset 020:	F0 FF 00 00 F1 FF 01 00 00 00 00 00 00 00 00 00
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 0B 01 00 00
		Offset 040:	10 80 42 01 00 80 00 00 00 00 10 00 12 40 12 01
		Offset 050:	00 00 01 18 00 B2 04 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	0D A0 00 00 58 14 01 50 00 00 00 00 00 00 00 00
		Offset 0A0:	01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 01 02 0B 00 00 00 80 11 81 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 04 08 00 00 00 00

		B00 D1C F02:	Intel Panther Point PCH - PCI Express Port 3

		Offset 000:	86 80 14 1E 07 04 10 00 C4 00 04 06 10 00 81 00
		Offset 010:	00 00 00 00 00 00 00 00 00 03 03 00 D0 D0 00 00
		Offset 020:	D0 F7 D0 F7 F1 FF 01 00 00 00 00 00 00 00 00 00
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 0B 03 00 00
		Offset 040:	10 80 42 01 00 80 00 00 00 00 10 00 12 40 12 03
		Offset 050:	00 00 11 70 00 B2 14 00 00 00 40 00 00 00 00 00
		Offset 060:	00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	0D A0 00 00 58 14 01 50 00 00 00 00 00 00 00 00
		Offset 0A0:	01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 01 02 0B 00 00 00 80 11 81 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 04 08 00 00 00 00

		B00 D1C F03:	Intel 82801EB I/O Controller Hub 5 (ICH5)

		Offset 000:	86 80 4E 24 07 04 10 00 C4 01 04 06 10 00 81 00
		Offset 010:	00 00 00 00 00 00 00 00 00 04 05 00 F0 00 00 20
		Offset 020:	F0 FF 00 00 F1 FF 01 00 00 00 00 00 00 00 00 00
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 05 04 00 00
		Offset 040:	10 80 42 01 00 80 00 00 00 00 10 00 12 40 12 04
		Offset 050:	00 00 11 70 00 B2 1C 00 00 00 40 00 00 00 00 00
		Offset 060:	00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	0D A0 00 00 58 14 01 50 00 00 00 00 00 00 00 00
		Offset 0A0:	01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 01 02 0B 00 00 00 80 11 81 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 04 08 00 00 00 00

		B00 D1D F00:	Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1]

		Offset 000:	86 80 26 1E 06 00 90 02 04 20 03 0C 00 00 00 00
		Offset 010:	00 70 F1 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 58 14 06 50
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 17 01 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	01 58 C2 C9 00 00 00 00 0A 98 A0 20 00 00 00 00
		Offset 060:	20 20 01 06 00 00 00 00 01 00 00 01 00 20 00 00
		Offset 070:	00 00 DF 3F 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 80 00 11 88 0C 93 30 0D 00 24 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 13 00 06 03 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 AA FF 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 71 22 80 51 41 00 28 03 04 D0 29 DF
		Offset 0F0:	00 00 00 00 88 85 80 00 87 0F 04 08 08 17 5B 20

		B00 D1F F00:	Intel Z77 Chipset - LPC Interface Controller [C-1]

		Offset 000:	86 80 44 1E 07 00 10 02 04 00 01 06 00 00 80 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 58 14 01 50
		Offset 030:	00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	01 04 00 00 80 00 00 00 01 05 00 00 10 00 00 00
		Offset 050:	F8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	8B 8A 8B 85 D0 00 00 00 80 80 83 8A F8 F0 00 00
		Offset 070:	78 F0 78 F0 78 F0 78 F0 78 F0 78 F0 78 F0 78 F0
		Offset 080:	00 00 00 14 01 0A 3C 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 0F 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	08 0E 80 00 58 38 06 00 00 47 00 00 00 00 01 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	33 22 11 00 67 45 00 00 CF FF 00 00 08 00 00 00
		Offset 0E0:	09 00 0C 10 00 00 00 00 B3 02 64 04 00 00 00 00
		Offset 0F0:	01 C0 D1 FE 00 00 00 00 87 0F 04 08 00 00 00 00

		B00 D1F F02:	Intel Panther Point PCH - SATA AHCI Controller [C-1]

		Offset 000:	86 80 02 1E 07 04 B0 02 04 01 06 01 00 00 00 00
		Offset 010:	71 F0 00 00 61 F0 00 00 51 F0 00 00 41 F0 00 00
		Offset 020:	21 F0 00 00 00 60 F1 F7 00 00 00 00 58 14 05 B0
		Offset 030:	00 00 00 00 80 00 00 00 00 00 00 00 00 02 00 00
		Offset 040:	00 80 00 80 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	01 A8 03 40 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 70 01 00 18 01 E0 FE 00 00 00 00 00 00 00 00
		Offset 090:	60 1D 22 A2 83 01 00 1D 08 42 5C 01 00 00 00 00
		Offset 0A0:	E0 00 00 00 00 00 39 00 12 B0 10 00 48 00 00 00
		Offset 0B0:	13 00 06 03 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 04 08 00 00 00 00

		B00 D1F F03:	Intel Panther Point PCH - SMBus Controller [C-1]

		Offset 000:	86 80 22 1E 03 00 80 02 04 00 05 0C 00 00 00 00
		Offset 010:	04 50 F1 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	01 F0 00 00 00 00 00 00 00 00 00 00 58 14 01 50
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 0B 03 00 00
		Offset 040:	01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	03 04 04 00 00 00 08 08 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 04 08 00 00 00 00

		B00 D1F F06:	Intel Panther Point PCH - Thermal Management Controller [C-1]

		Offset 000:	86 80 24 1E 00 00 10 00 04 00 80 11 00 00 00 00
		Offset 010:	04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 58 14 00 50
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 0B 03 00 00
		Offset 040:	05 00 00 F0 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	01 00 23 00 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 04 08 00 00 00 00

		B01 D00 F00:	MSI R7750 (MS-V279) Video Adapter

		Offset 000:	02 10 3F 68 07 04 10 00 00 00 00 03 10 00 80 00
		Offset 010:	0C 00 00 E0 00 00 00 00 04 00 E0 F7 00 00 00 00
		Offset 020:	01 E0 00 00 00 00 00 00 00 00 00 00 62 14 92 27
		Offset 030:	00 00 00 00 48 00 00 00 00 00 00 00 00 01 00 00
		Offset 040:	00 00 00 00 00 00 00 00 09 50 08 00 62 14 92 27
		Offset 050:	01 58 03 76 00 00 00 00 10 A0 12 00 A1 8F 2C 01
		Offset 060:	00 29 09 00 03 0D 40 00 40 00 01 11 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 0E 00 00 00 03 00 01 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	05 00 81 00 98 01 E0 FE 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B01 D00 F01:	AMD Cape Verde/Pitcairn/Curacao/Heathrow/Chelsea/Venus - High Definition Audio Controller

		Offset 000:	02 10 B0 AA 06 00 10 00 00 00 03 04 10 00 80 00
		Offset 010:	04 00 E6 F7 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 62 14 B0 AA
		Offset 030:	00 00 00 00 48 00 00 00 00 00 00 00 11 02 00 00
		Offset 040:	00 00 00 00 00 00 00 00 09 50 08 00 62 14 B0 AA
		Offset 050:	01 58 03 06 00 00 00 00 10 A0 12 00 A1 8F 2C 01
		Offset 060:	00 29 09 00 03 0D 40 00 40 00 01 11 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 0E 00 00 00 00 00 01 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	05 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B03 D00 F00:	Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller

		Offset 000:	69 19 91 10 07 00 10 00 10 00 00 02 10 00 00 00
		Offset 010:	04 00 D0 F7 00 00 00 00 01 D0 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 58 14 00 E0
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 12 01 00 00
		Offset 040:	01 58 C3 F9 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 10 C0 01 00 C5 FF 90 05
		Offset 060:	00 20 10 00 11 FC 07 00 00 00 11 10 03 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 69 19 91 10 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	05 D8 88 01 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 11 00 0F 00 00 20 00 00
		Offset 0E0:	00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B04 D00 F00:	Intel 82801CA I/O Controller Hub 3-S (ICH3-S) [B-0]

		Offset 000:	86 80 4E 24 07 04 10 00 41 01 04 06 10 00 01 00
		Offset 010:	00 00 00 00 00 00 00 00 04 05 05 20 F1 01 20 22
		Offset 020:	F0 FF 00 00 F1 FF 01 00 00 00 00 00 00 00 00 00
		Offset 030:	00 00 00 00 90 00 00 00 00 00 00 00 05 01 00 02
		Offset 040:	08 10 00 00 08 86 0E 00 00 00 00 00 FF 00 00 00
		Offset 050:	72 AB B9 6D 00 00 00 00 20 C9 8E 00 00 00 00 00
		Offset 060:	00 00 00 00 AA 0D 00 00 00 44 00 00 00 00 00 80
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	01 A0 42 FE 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	0D 00 00 00 58 14 92 88 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	59 00 FE 3F 5F E2 FE AF 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 1F 00 00 00 00 00 00 00 00 00 00

		PCI-8086-0100:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 4000:	99 79 18 00 55 54 19 0A 20 22 02 0A 90 56 00 00
		Offset 4010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4020:	05 00 10 00 20 20 22 22 00 11 0E 00 00 00 00 00

		PCI-8086-0100:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 4200:	00 00 46 03 20 03 00 03 20 03 00 03 00 04 06 03
		Offset 4210:	44 02 00 00 42 02 00 00 42 02 00 00 40 02 00 00
		Offset 4220:	06 F0 01 00 01 F2 01 00 05 F1 01 00 02 F0 01 00
		Offset 4230:	04 20 28 00 64 10 28 08 64 10 28 04 01 0C 28 00
		Offset 4240:	00 00 00 00 E3 07 04 00 E3 07 04 00 00 00 00 00
		Offset 4250:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4260:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4270:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4280:	00 00 00 00 00 00 0C 00 00 00 00 00 44 00 00 00
		Offset 4290:	80 40 00 00 0F 98 00 00 50 14 6B 5A 90 82 00 00
		Offset 42A0:	0C 10 00 00 00 72 F9 41 00 00 00 00 01 00 00 00

		PCI-8086-0100:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 4400:	99 79 18 00 55 54 19 0A 20 22 02 0A 90 56 00 00
		Offset 4410:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4420:	05 00 10 00 20 20 23 23 00 11 0E 00 00 00 00 00

		PCI-8086-0100:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 4600:	00 00 46 03 20 03 00 03 20 03 00 03 00 04 06 03
		Offset 4610:	44 02 00 00 42 02 00 00 42 02 00 00 40 02 00 00
		Offset 4620:	06 F0 01 00 01 F2 01 00 05 F1 01 00 02 F0 01 00
		Offset 4630:	04 20 28 00 64 10 28 08 64 10 28 04 01 0C 28 00
		Offset 4640:	00 00 00 00 E3 07 04 00 E3 07 04 00 00 00 00 00
		Offset 4650:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4660:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4670:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4680:	00 00 00 00 00 00 0C 00 00 00 00 00 44 00 00 00
		Offset 4690:	80 40 00 00 0F 98 00 00 50 14 6B 5A 90 82 00 00
		Offset 46A0:	0C 10 00 00 00 72 F9 41 00 00 00 00 01 00 00 00

		PCI-8086-0100:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 4800:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4810:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-0100:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 4A80:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4A90:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-0100:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 5000:	24 00 00 00 10 00 63 00 10 00 63 00 00 00 60 00
		Offset 5010:	00 00 00 00 00 00 20 10 00 00 00 00 00 00 00 00

		PCI-8086-0100:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 5880:	07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 5890:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 5900:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 5910:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 5920:	00 00 00 00 10 00 00 00 E2 7D 8F 27 E0 9F 8C 04
		Offset 5930:	F8 02 E0 01 00 00 00 00 03 10 0A 00 3E 09 60 EF
		Offset 5940:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 5950:	00 00 00 00 00 00 04 00 00 22 01 70 00 10 00 00
		Offset 5960:	00 00 00 00 AD DE 8E FD F8 CD 8E FD A1 0E 72 E5
		Offset 5970:	00 00 00 00 00 00 00 00 46 00 00 00 46 00 00 00
		Offset 5980:	3B 00 00 00 04 8F 31 E6 00 00 00 00 00 00 00 00
		Offset 5990:	FF 00 00 00 FF 00 00 00 1B 11 11 00 00 12 62 00
		Offset 59A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 59B0:	60 09 00 00 94 14 14 18 60 09 00 00 94 14 14 18
		Offset 59C0:	00 00 27 88 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-0100:	Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h

		Offset 5E00:	05 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00
		Offset 5E10:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-1E24:	Intel 5/6/7-series PCH TBARB @ F0000000h

		Offset 00:	01 BA 00 F7 2B 3A 00 00 81 04 01 00 00 00 C0 00
		Offset 10:	00 00 80 18 87 DE 8C 80 00 00 00 10 00 00 00 00
		Offset 20:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 30:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 40:	00 02 00 FF 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 50:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 60:	00 00 00 00 00 00 00 00 00 00 00 00 20 1B 16 05
		Offset 70:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 80:	00 00 00 04 78 78 00 FF 00 00 00 00 00 00 00 00
		Offset 90:	BD 70 E8 97 00 00 00 00 00 00 00 00 00 00 00 00
		Offset A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset C0:	00 00 00 00 00 00 00 FF 00 00 00 00 00 00 00 00
		Offset D0:	00 00 00 00 00 00 00 00 00 00 00 00

Debug - Video BIOS


		C000:0000	U...].........................IBM+.............. 761295520......
		C000:0040	U...............05/28/12 21:53..0....D...S.........`$O...Rb.....
		C000:0080	.(...............>x...X@(....~. .........@H..0WX...............
		C000:00C0	........................113-C4450100-X00.VERDE.PCI_EXPRESS.GDDR5
		C000:0100	..113-MSITV279MS.160 .C44501 MOCHA VERDE PRO 1G GDDR5 64MX32
		C000:0140	... ...(C) 1988-2010, Advanced Micro Devices, I
		C000:0180	nc..ATOMBIOSBK-AMD VER015.021.000.000.000777.C44501.H04 .772599
		C000:01C0	.228221 . .ATI_C44501\config.h....$...ATOM..]...5.....
		C000:0200	....b..'....:...PCIR..?h................AMD ATOMBIOS.X..=.......
		C000:0240	.%..r8.=.<......C....V.....0.MP. .^..fPfQfRfSfUfVfW..........b6.
		C000:0280	.32........f...................]...0.EP. u..I...f....Xf.......3.
		C000:02C0	.f.......fP.....5..fXt.. f...........6f_f^f]f[fZfYfX.........>o.
		C000:0300	.u...m.....e...f....e.....@.....B.............\|.jn..~.....}r....
		C000:0340	.....h.......m.....h..h..h...PMID..pT...................5f......
		C000:0380	...\5.a.u..:&..u..G.....Ou...O...2W.....Z5..35.8.u..%......G5..
		C000:03C0	5.%.u...Ou...O....W.....*5...fPfQfRfSfUfVfW..<.u,......`..".....

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.