--------[ AIDA64 Extreme ]---------------------------------------------------------------------------------------------- Version AIDA64 v5.20.3400 Benchmark Module 4.1.633-x32 Homepage http://www.aida64.com/ Report Type Report Wizard [ TRIAL VERSION ] Computer ALEX-PC Generator ALEX Operating System Microsoft Windows 7 Ultimate 6.1.7601.18741 (Win7 RTM) Date 2015-04-10 Time 20:22 --------[ Summary ]----------------------------------------------------------------------------------------------------- Computer: Computer Type ACPI x86-based PC Operating System Microsoft Windows 7 Ultimate OS Service Pack [ TRIAL VERSION ] Internet Explorer 11.0.9600.17691 DirectX DirectX 11.1 Computer Name ALEX-PC User Name ALEX Logon Domain [ TRIAL VERSION ] Date / Time 2015-04-10 / 20:22 Motherboard: CPU Type DualCore Intel Core 2 Duo E4400, 2000 MHz (10 x 200) Motherboard Name Asus P5L 1394 (3 PCI, 2 PCI-E x1, 1 PCI-E x16, 4 DDR2 DIMM, Audio, Gigabit LAN, IEEE-1394) Motherboard Chipset Intel Lakeport i945P System Memory [ TRIAL VERSION ] DIMM2: Nanya M2Y1GH64TU8HD6B-AC [ TRIAL VERSION ] DIMM3: Nanya M2Y1GH64TU8HD6B-AC [ TRIAL VERSION ] DIMM4: Nanya M2Y1GH64TU8HD6B-AC [ TRIAL VERSION ] BIOS Type AMI (11/29/06) Communication Port Communications Port (COM1) Communication Port ECP Printer Port (LPT1) Display: Video Adapter NVIDIA GeForce 210 (1 GB) Video Adapter NVIDIA GeForce 210 (1 GB) 3D Accelerator nVIDIA GeForce 210 Monitor LG L1718S [17" LCD] (165041367) Multimedia: Audio Adapter nVIDIA HDMI/DP @ nVIDIA GT218 - High Definition Audio Controller Audio Adapter nVIDIA HDMI/DP @ nVIDIA GT218 - High Definition Audio Controller Audio Adapter nVIDIA HDMI/DP @ nVIDIA GT218 - High Definition Audio Controller Audio Adapter nVIDIA HDMI/DP @ nVIDIA GT218 - High Definition Audio Controller Audio Adapter Realtek ALC883 @ Intel 82801GB ICH7 - High Definition Audio Controller [A-1] Storage: IDE Controller Intel(R) 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF IDE Controller Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0 IDE Controller Standard Dual Channel PCI IDE Controller Floppy Drive Floppy disk drive Disk Drive Verbatim STORE N GO USB Device (7 GB, USB) Disk Drive WDC WD10EZEX-21M2NA0 ATA Device (1000 GB, 7200 RPM, SATA-III) Optical Drive DTSOFT Virtual CdRom Device Optical Drive HL-DT-ST DVD-RAM GH22NP20 ATA Device (DVD+R9:16x, DVD-R9:12x, DVD+RW:22x/8x, DVD-RW:22x/6x, DVD-RAM:12x, DVD-ROM:16x, CD:48x/32x/48x DVD+RW/DVD-RW/DVD-RAM) SMART Hard Disks Status OK Partitions: C: (NTFS) [ TRIAL VERSION ] D: (NTFS) 872.9 GB (700.5 GB free) Total Size [ TRIAL VERSION ] Input: Keyboard HID Keyboard Device Mouse HID-compliant mouse Network: Primary IP Address [ TRIAL VERSION ] Primary MAC Address 7A-79-19-94-6D-E2 Network Adapter Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller (192. [ TRIAL VERSION ]) Network Adapter Hamachi Network Interface (25.1 [ TRIAL VERSION ]) Network Adapter VirtualBox Host-Only Ethernet Adapter (192. [ TRIAL VERSION ]) Peripherals: Printer Canon MP190 series Printer Printer Fax Printer Microsoft XPS Document Writer Printer Send To OneNote 2010 FireWire Controller VIA VT6308 Fire IIM IEEE1394 Host Controller (PHY: VIA VT6307) USB1 Controller Intel 82801GB ICH7 - USB Universal Host Controller [A-1] USB1 Controller Intel 82801GB ICH7 - USB Universal Host Controller [A-1] USB1 Controller Intel 82801GB ICH7 - USB Universal Host Controller [A-1] USB1 Controller Intel 82801GB ICH7 - USB Universal Host Controller [A-1] USB2 Controller Intel 82801GB ICH7 - Enhanced USB2 Controller [A-1] USB Device USB Composite Device USB Device USB Input Device USB Device USB Input Device USB Device USB Input Device USB Device USB Mass Storage Device Battery Microsoft Composite Battery DMI: DMI BIOS Vendor American Megatrends Inc. DMI BIOS Version 0305 DMI System Manufacturer stem manufacturer DMI System Product System Product Name DMI System Version System Version DMI System Serial Number [ TRIAL VERSION ] DMI System UUID [ TRIAL VERSION ] DMI Motherboard Manufacturer ASUSTeK Computer INC. DMI Motherboard Product P5L1394 DMI Motherboard Version Rev 1.xx DMI Motherboard Serial Number [ TRIAL VERSION ] DMI Chassis Manufacturer Chassis Manufacture DMI Chassis Version Chassis Version DMI Chassis Serial Number [ TRIAL VERSION ] DMI Chassis Asset Tag [ TRIAL VERSION ] DMI Chassis Type Desktop Case DMI Total / Free Memory Sockets 4 / 1 --------[ Computer Name ]----------------------------------------------------------------------------------------------- Computer Comment Logical NetBIOS Name Logical ALEX-PC DNS Host Name Logical ALEX-PC DNS Domain Name Logical Fully Qualified DNS Name Logical ALEX-PC NetBIOS Name Physical ALEX-PC DNS Host Name Physical ALEX-PC DNS Domain Name Physical Fully Qualified DNS Name Physical ALEX-PC --------[ DMI ]--------------------------------------------------------------------------------------------------------- [ BIOS ] BIOS Properties: Vendor American Megatrends Inc. Version 0305 Release Date 11/29/2006 Size 512 KB System BIOS Version 8.10 Boot Devices Floppy Disk, Hard Disk, CD-ROM, ATAPI ZIP, LS-120 Capabilities Flash BIOS, Shadow BIOS, Selectable Boot, EDD, BBS Supported Standards DMI, APM, ACPI, ESCD, PnP Expansion Capabilities ISA, PCI, USB Virtual Machine No BIOS Manufacturer: Company Name American Megatrends Inc. Product Information http://www.ami.com/amibios BIOS Upgrades http://www.aida64.com/bios-updates [ System ] System Properties: Manufacturer stem manufacturer Product System Product Name Version System Version Serial Number [ TRIAL VERSION ] Family J2A2 Universal Unique ID [ TRIAL VERSION ] Wake-Up Type PCI PME# [ Motherboard ] Motherboard Properties: Manufacturer ASUSTeK Computer INC. Product P5L1394 Version Rev 1.xx Serial Number [ TRIAL VERSION ] Asset Tag [ TRIAL VERSION ] Asset Tag [ TRIAL VERSION ] Asset Tag [ TRIAL VERSION ] Motherboard Manufacturer: Company Name ASUSTeK Computer Inc. Product Information http://www.asus.com/Motherboards BIOS Download http://support.asus.com/download/download.aspx?SLanguage=en-us Driver Update http://www.aida64.com/driver-updates BIOS Upgrades http://www.aida64.com/bios-updates [ Chassis ] Chassis Properties: Manufacturer Chassis Manufacture Version Chassis Version Serial Number [ TRIAL VERSION ] Asset Tag [ TRIAL VERSION ] Chassis Type Desktop Case Chassis Lock Present Boot-Up State Safe Power Supply State Safe Thermal State Safe Security Status None [ Memory Controller ] Memory Controller Properties: Error Detection Method 64-bit ECC Error Correction None Supported Memory Interleave 1-Way Current Memory Interleave 1-Way Supported Memory Speeds 70ns, 60ns, 50ns Supported Memory Types DIMM, SDRAM Supported Memory Voltages 3.3V Maximum Memory Module Size 1024 MB Memory Slots 4 [ Processors / Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz ] Processor Properties: Manufacturer Intel Version Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz Serial Number To Be Filled By O.E.M. Asset Tag To Be Filled By O.E.M. Part Number To Be Filled By O.E.M. External Clock 200 MHz Maximum Clock 3800 MHz Current Clock 2000 MHz Type Central Processor Voltage 1.3 V Status Enabled Socket Designation Socket 775 CPU Manufacturer: Company Name Intel Corporation Product Information http://ark.intel.com/search.aspx?q=Intel Core 2 Duo E4400 Driver Update http://www.aida64.com/driver-updates [ Caches / L1-Cache ] Cache Properties: Type Internal Status Enabled Operational Mode Varies with Memory Address Associativity 8-way Set-Associative Maximum Size 32 KB Installed Size 32 KB Supported SRAM Type Pipeline Burst Current SRAM Type Pipeline Burst Error Correction Single-bit ECC Socket Designation L1-Cache [ Caches / L2-Cache ] Cache Properties: Type Internal Status Enabled Operational Mode Varies with Memory Address Associativity 8-way Set-Associative Maximum Size 2048 KB Installed Size 2048 KB Supported SRAM Type Pipeline Burst Current SRAM Type Pipeline Burst Error Correction Single-bit ECC Socket Designation L2-Cache [ Caches / L3-Cache ] Cache Properties: Type Internal Status Disabled Maximum Size 0 KB Installed Size 0 KB Socket Designation L3-Cache [ Memory Arrays / System Memory ] Memory Array Properties: Location Motherboard Memory Array Function System Memory Error Correction None Max. Memory Capacity 4 GB Memory Devices 4 [ Memory Modules / DIMM0 ] Memory Module Properties: Socket Designation DIMM0 Type DIMM, SDRAM Installed Size Not Installed Enabled Size Not Installed [ Memory Modules / DIMM1 ] Memory Module Properties: Socket Designation DIMM1 Type DIMM, SDRAM Speed 30 ns Installed Size 1024 MB Enabled Size 1024 MB [ Memory Modules / DIMM2 ] Memory Module Properties: Socket Designation DIMM2 Type DIMM, SDRAM Speed 30 ns Installed Size 1024 MB Enabled Size 1024 MB [ Memory Modules / DIMM3 ] Memory Module Properties: Socket Designation DIMM3 Type DIMM, SDRAM Speed 30 ns Installed Size 1024 MB Enabled Size 1024 MB [ Memory Devices / DIMM0 ] Memory Device Properties: Form Factor DIMM Device Locator DIMM0 Bank Locator BANK0 Manufacturer Manufacturer0 Serial Number SerNum0 Asset Tag AssetTagNum0 Part Number PartNum0 [ Memory Devices / DIMM1 ] Memory Device Properties: Form Factor DIMM Type SDRAM Type Detail Synchronous Size 1 GB Total Width 64-bit Data Width 64-bit Device Locator DIMM1 Bank Locator BANK1 Manufacturer Manufacturer1 Serial Number SerNum1 Asset Tag AssetTagNum1 Part Number PartNum1 [ Memory Devices / DIMM2 ] Memory Device Properties: Form Factor DIMM Type SDRAM Type Detail Synchronous Size 1 GB Total Width 64-bit Data Width 64-bit Device Locator DIMM2 Bank Locator BANK2 Manufacturer Manufacturer2 Serial Number SerNum2 Asset Tag AssetTagNum2 Part Number PartNum2 [ Memory Devices / DIMM3 ] Memory Device Properties: Form Factor DIMM Type SDRAM Type Detail Synchronous Size 1 GB Total Width 64-bit Data Width 64-bit Device Locator DIMM3 Bank Locator BANK3 Manufacturer Manufacturer3 Serial Number SerNum3 Asset Tag AssetTagNum3 Part Number PartNum3 [ System Slots / PCIEX16 ] System Slot Properties: Slot Designation PCIEX16 Type PCI-X Usage In Use Data Bus Width 32-bit Length Short [ System Slots / PCI_1 ] System Slot Properties: Slot Designation PCI_1 Type PCI Usage Empty Data Bus Width 32-bit Length Short [ System Slots / PCI_2 ] System Slot Properties: Slot Designation PCI_2 Type PCI Usage Empty Data Bus Width 32-bit Length Short [ System Slots / PCI_3 ] System Slot Properties: Slot Designation PCI_3 Type PCI Usage Empty Data Bus Width 32-bit Length Short [ System Slots / PCIEX1_1 ] System Slot Properties: Slot Designation PCIEX1_1 Type PCI-X Usage Empty Data Bus Width 32-bit Length Short [ System Slots / PCIEX1_2 ] System Slot Properties: Slot Designation PCIEX1_2 Type PCI-X Usage Empty Data Bus Width 32-bit Length Short [ Port Connectors / PS/2 Mouse ] Port Connector Properties: Port Type Mouse Port Internal Reference Designator J1A1 Internal Connector Type None External Reference Designator PS/2 Mouse External Connector Type PS/2 [ Port Connectors / PS/2 Keyboard ] Port Connector Properties: Port Type Keyboard Port Internal Reference Designator J1A1 Internal Connector Type None External Reference Designator PS/2 Keyboard External Connector Type PS/2 [ Port Connectors / USB1 ] Port Connector Properties: Port Type USB Internal Reference Designator J2A2 Internal Connector Type None External Reference Designator USB1 External Connector Type USB [ Port Connectors / USB2 ] Port Connector Properties: Port Type USB Internal Reference Designator J2A2 Internal Connector Type None External Reference Designator USB2 External Connector Type USB [ Port Connectors / USB3 ] Port Connector Properties: Port Type USB Internal Reference Designator J2A2 Internal Connector Type None External Reference Designator USB3 External Connector Type USB [ Port Connectors / USB4 ] Port Connector Properties: Port Type USB Internal Reference Designator J2A2 Internal Connector Type None External Reference Designator USB4 External Connector Type USB [ Port Connectors / USB5 ] Port Connector Properties: Port Type USB Internal Reference Designator J2A2 Internal Connector Type None External Reference Designator USB5 External Connector Type USB [ Port Connectors / USB6 ] Port Connector Properties: Port Type USB Internal Reference Designator J2A2 Internal Connector Type None External Reference Designator USB6 External Connector Type USB [ Port Connectors / USB7 ] Port Connector Properties: Port Type USB Internal Reference Designator J2A2 Internal Connector Type None External Reference Designator USB7 External Connector Type USB [ Port Connectors / USB8 ] Port Connector Properties: Port Type USB Internal Reference Designator J2A2 Internal Connector Type None External Reference Designator USB8 External Connector Type USB [ Port Connectors / LPT 1 ] Port Connector Properties: Port Type Parallel Port ECP/EPP Internal Reference Designator J4A1 Internal Connector Type None External Reference Designator LPT 1 External Connector Type DB-25 pin male [ Port Connectors / COM 1 ] Port Connector Properties: Port Type Serial Port 16550A Compatible Internal Reference Designator J2A1 Internal Connector Type None External Reference Designator COM 1 External Connector Type DB-9 pin male [ Port Connectors / FireWire 1 ] Port Connector Properties: Port Type FireWire (IEEE P1394) Internal Reference Designator FireWire 1 Internal Connector Type None External Reference Designator FireWire 1 External Connector Type 1394 [ Port Connectors / FireWire 2 ] Port Connector Properties: Port Type FireWire (IEEE P1394) Internal Reference Designator FireWire 2 Internal Connector Type None External Reference Designator FireWire 2 External Connector Type 1394 [ Port Connectors / Audio Line Out1 ] Port Connector Properties: Port Type Audio Port Internal Reference Designator J6A1 Internal Connector Type None External Reference Designator Audio Line Out1 External Connector Type Mini-jack (headphones) [ Port Connectors / Audio Line Out2 ] Port Connector Properties: Port Type Audio Port Internal Reference Designator J6A1 Internal Connector Type None External Reference Designator Audio Line Out2 External Connector Type Mini-jack (headphones) [ Port Connectors / Audio Line Out3 ] Port Connector Properties: Port Type Audio Port Internal Reference Designator J6A1 Internal Connector Type None External Reference Designator Audio Line Out3 External Connector Type Mini-jack (headphones) [ Port Connectors / SPDIF_OUT ] Port Connector Properties: Port Type Audio Port Internal Reference Designator J6A1 Internal Connector Type None External Reference Designator SPDIF_OUT External Connector Type On-Board Sound Input from CD-ROM [ Port Connectors / SPDIF_OUT1 ] Port Connector Properties: Port Type Audio Port Internal Reference Designator J6A1 Internal Connector Type None External Reference Designator SPDIF_OUT1 External Connector Type On-Board Sound Input from CD-ROM [ Port Connectors / GbE LAN 1 ] Port Connector Properties: Port Type Network Port Internal Reference Designator J5A1 Internal Connector Type None External Reference Designator GbE LAN 1 External Connector Type RJ-45 [ Port Connectors / SB_IDE ] Port Connector Properties: Internal Reference Designator SB_IDE Internal Connector Type On-Board IDE External Connector Type None [ Port Connectors / SB_SATA1 ] Port Connector Properties: Internal Reference Designator SB_SATA1 Internal Connector Type On-Board IDE External Connector Type None [ Port Connectors / SB_SATA2 ] Port Connector Properties: Internal Reference Designator SB_SATA2 Internal Connector Type On-Board IDE External Connector Type None [ Port Connectors / SB_SATA3 ] Port Connector Properties: Internal Reference Designator SB_SATA3 Internal Connector Type On-Board IDE External Connector Type None [ Port Connectors / SB_SATA4 ] Port Connector Properties: Internal Reference Designator SB_SATA4 Internal Connector Type On-Board IDE External Connector Type None [ Port Connectors / CD ] Port Connector Properties: Port Type Audio Port Internal Reference Designator CD Internal Connector Type On-Board Sound Input from CD-ROM External Connector Type None [ Port Connectors / FP_AUDIO ] Port Connector Properties: Port Type Audio Port Internal Reference Designator FP_AUDIO Internal Connector Type On-Board Sound Input from CD-ROM External Connector Type None [ Port Connectors / FLOPPY ] Port Connector Properties: Internal Reference Designator FLOPPY Internal Connector Type On-Board Floppy External Connector Type None [ Port Connectors / CHA_FAN ] Port Connector Properties: Internal Reference Designator CHA_FAN External Connector Type None [ Port Connectors / CPU_FAN ] Port Connector Properties: Internal Reference Designator CPU_FAN External Connector Type None [ On-Board Devices / Onboard Ethernet ] On-Board Device Properties: Description Onboard Ethernet Type Ethernet Status Enabled [ Miscellaneous ] Miscellaneous: OEM String 0018F31A3D45 OEM String To Be Filled By O.E.M. OEM String To Be Filled By O.E.M. OEM String To Be Filled By O.E.M. System Configuration Option To Be Filled By O.E.M. --------[ Overclock ]--------------------------------------------------------------------------------------------------- CPU Properties: CPU Type DualCore Intel Core 2 Duo E4400 CPU Alias Conroe-2M CPU Stepping L2 Engineering Sample No CPUID CPU Name Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz CPUID Revision 000006F2h CPU VID 1.1875 V CPU Speed: CPU Clock 2006.2 MHz (original: [ TRIAL VERSION ] MHz) CPU Multiplier 10x CPU FSB 200.6 MHz (original: 200 MHz) Memory Bus 334.4 MHz DRAM:FSB Ratio 10:6 CPU Cache: L1 Code Cache 32 KB per core L1 Data Cache [ TRIAL VERSION ] L2 Cache 2 MB (On-Die, ECC, ASC, Full-Speed) Motherboard Properties: Motherboard ID 63-0305-000010-00101111-112906-945P$A0603000_BIOS DATE: 11/29/06 11:15:27 VER: 08.00.10 Motherboard Name Asus P5L 1394 (3 PCI, 2 PCI-E x1, 1 PCI-E x16, 4 DDR2 DIMM, Audio, Gigabit LAN, IEEE-1394) Chipset Properties: Motherboard Chipset Intel Lakeport i945P Memory Timings 5-5-5-15 (CL-RCD-RP-RAS) DIMM2: Nanya M2Y1GH64TU8HD6B-AC [ TRIAL VERSION ] DIMM3: Nanya M2Y1GH64TU8HD6B-AC [ TRIAL VERSION ] DIMM4: Nanya M2Y1GH64TU8HD6B-AC [ TRIAL VERSION ] BIOS Properties: System BIOS Date 11/29/06 Video BIOS Date 05/11/11 DMI BIOS Version 0305 Graphics Processor Properties: Video Adapter nVIDIA GeForce 210 GPU Code Name GT218 (PCI Express 2.0 x16 10DE / 0A65, Rev B1) GPU Clock (Geometric Domain) 589 MHz (original: [ TRIAL VERSION ] MHz) GPU Clock (Shader Domain) 1401 MHz (original: [ TRIAL VERSION ] MHz) Memory Clock 499 MHz (original: 500 MHz) --------[ Power Management ]-------------------------------------------------------------------------------------------- Power Management Properties: Current Power Source AC Line Battery Status No Battery Full Battery Lifetime Unknown Remaining Battery Lifetime Unknown --------[ Portable Computer ]------------------------------------------------------------------------------------------- Centrino (Carmel) Platform Compliancy: CPU: Intel Pentium M (Banias/Dothan) No (Intel Core 2 Duo E4400) Chipset: Intel i855GM/PM No (Intel Lakeport i945P) WLAN: Intel PRO/Wireless No System: Centrino Compliant No Centrino (Sonoma) Platform Compliancy: CPU: Intel Pentium M (Dothan) No (Intel Core 2 Duo E4400) Chipset: Intel i915GM/PM No (Intel Lakeport i945P) WLAN: Intel PRO/Wireless 2200/2915 No System: Centrino Compliant No Centrino (Napa) Platform Compliancy: CPU: Intel Core (Yonah) / Core 2 (Merom) No (Intel Core 2 Duo E4400) Chipset: Intel i945GM/PM No (Intel Lakeport i945P) WLAN: Intel PRO/Wireless 3945/3965 No System: Centrino Compliant No Centrino (Santa Rosa) Platform Compliancy: CPU: Intel Core 2 (Merom/Penryn) No (Intel Core 2 Duo E4400) Chipset: Intel GM965/PM965 No (Intel Lakeport i945P) WLAN: Intel Wireless WiFi Link 4965 No System: Centrino Compliant No Centrino 2 (Montevina) Platform Compliancy: CPU: Intel Core 2 (Penryn) No (Intel Core 2 Duo E4400) Chipset: Mobile Intel 4 Series No (Intel Lakeport i945P) WLAN: Intel WiFi Link 5000 Series No System: Centrino 2 Compliant No Centrino (Calpella) Platform Compliancy: CPU: Intel Core i3/i5/i7 (Arrandale/Clarksfield) No (Intel Core 2 Duo E4400) Chipset: Mobile Intel 5 Series No (Intel Lakeport i945P) WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-NNo System: Centrino Compliant No Centrino (Huron River) Platform Compliancy: CPU: Intel Core i3/i5/i7 (Sandy Bridge-MB) No (Intel Core 2 Duo E4400) Chipset: Mobile Intel 6 Series No (Intel Lakeport i945P) WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-NNo System: Centrino Compliant No Centrino (Chief River) Platform Compliancy: CPU: Intel Core i3/i5/i7 (Ivy Bridge-MB) No (Intel Core 2 Duo E4400) Chipset: Mobile Intel 7 Series No (Intel Lakeport i945P) WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-NNo System: Centrino Compliant No Centrino (Shark Bay-MB) Platform Compliancy: CPU: Intel Core i3/i5/i7 (Haswell-MB) No (Intel Core 2 Duo E4400) Chipset: Mobile Intel 8/9 Series No (Intel Lakeport i945P) WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-NNo System: Centrino Compliant No --------[ Sensor ]------------------------------------------------------------------------------------------------------ Sensor Properties: Sensor Type Winbond W83627DHG (ISA 290h) GPU Sensor Type Diode (NV-Diode) Motherboard Name Asus P5B-VM / P5L 1394 / P5L-VM 1394 / P5L-VM GB Chassis Intrusion Detected No Temperatures: Motherboard 38 °C (100 °F) CPU 50 °C (122 °F) CPU #1 / Core #1 67 °C (153 °F) CPU #1 / Core #2 67 °C (153 °F) GPU Diode 58 °C (136 °F) WDC WD10EZEX-21M2NA0 [ TRIAL VERSION ] Cooling Fans: CPU 2235 RPM Voltage Values: CPU Core 1.296 V +3.3 V 3.168 V +5 V 4.787 V +12 V [ TRIAL VERSION ] +5 V Standby 4.800 V GPU Core 0.950 V Debug Info F FF 97 FF / FF FF Debug Info T 38 50 15 / 255 Debug Info V A2 E6 C7 C6 B9 BB B5 (03) Debug Info I C1 A023 --------[ CPU ]--------------------------------------------------------------------------------------------------------- CPU Properties: CPU Type DualCore Intel Core 2 Duo E4400, 2000 MHz (10 x 200) CPU Alias Conroe-2M CPU Stepping L2 Instruction Set x86, x86-64, MMX, SSE, SSE2, SSE3, SSSE3 Original Clock [ TRIAL VERSION ] Min / Max CPU Multiplier 6x / 10x Engineering Sample No L1 Code Cache 32 KB per core L1 Data Cache [ TRIAL VERSION ] L2 Cache 2 MB (On-Die, ECC, ASC, Full-Speed) CPU Physical Info: Package Type 775 Contact FC-LGA6 Package Size 37.5 mm x 37.5 mm Transistors [ TRIAL VERSION ] million Process Technology 8M, 65 nm, CMOS, Cu, Low-K Inter-Layer, 2nd Gen Strained Si Die Size [ TRIAL VERSION ] mm2 Core Voltage 1.325 V I/O Voltage 1.325 V Typical Power 65 W @ 2.00 GHz Maximum Power 99.4 W @ 2.00 GHz CPU Manufacturer: Company Name Intel Corporation Product Information http://ark.intel.com/search.aspx?q=Intel Core 2 Duo E4400 Driver Update http://www.aida64.com/driver-updates Multi CPU: Motherboard ID INTEL 1394 CPU #1 Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz, 2006 MHz CPU #2 Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz, 2006 MHz CPU Utilization: CPU #1 / Core #1 25% CPU #1 / Core #2 0% --------[ CPUID ]------------------------------------------------------------------------------------------------------- CPUID Properties: CPUID Manufacturer GenuineIntel CPUID CPU Name Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz CPUID Revision 000006F2h IA Brand ID 00h (Unknown) Platform ID 38h / MC 01h (LGA775) Microcode Update Revision 5Ah HTT / CMP Units 0 / 2 Tjmax Temperature 100 °C (212 °F) Instruction Set: 64-bit x86 Extension (AMD64, Intel64) Supported AMD 3DNow! Not Supported AMD 3DNow! Professional Not Supported AMD 3DNowPrefetch Not Supported AMD Enhanced 3DNow! Not Supported AMD Extended MMX Not Supported AMD FMA4 Not Supported AMD MisAligned SSE Not Supported AMD SSE4A Not Supported AMD XOP Not Supported Cyrix Extended MMX Not Supported Enhanced REP MOVSB/STOSB Not Supported Float-16 Conversion Instructions Not Supported IA-64 Not Supported IA AES Extensions Not Supported IA AVX Not Supported IA AVX2 Not Supported IA AVX-512 (AVX512F) Not Supported IA AVX-512 52-bit Integer Instructions (AVX512IFMA52)Not Supported IA AVX-512 Byte and Word Instructions (AVX512BW) Not Supported IA AVX-512 Conflict Detection Instructions (AVX512CD)Not Supported IA AVX-512 Doubleword and Quadword Instructions (AVX512DQ)Not Supported IA AVX-512 Exponential and Reciprocal Instructions (AVX512ER)Not Supported IA AVX-512 Prefetch Instructions (AVX512PF) Not Supported IA AVX-512 Vector Bit Manipulation Instructions (AVX512VBMI)Not Supported IA AVX-512 Vector Length Extensions (AVX512VL) Not Supported IA BMI1 Not Supported IA BMI2 Not Supported IA FMA Not Supported IA MMX Supported IA SHA Extensions Not Supported IA SSE Supported IA SSE2 Supported IA SSE3 Supported IA Supplemental SSE3 Supported IA SSE4.1 Not Supported IA SSE4.2 Not Supported VIA Alternate Instruction Set Not Supported ADCX / ADOX Instruction Not Supported CLFLUSH Instruction Supported CLFLUSHOPT Instruction Not Supported CLWB Instruction Not Supported CMPXCHG8B Instruction Supported CMPXCHG16B Instruction Supported Conditional Move Instruction Supported INVPCID Instruction Not Supported LAHF / SAHF Instruction Supported LZCNT Instruction Not Supported MONITOR / MWAIT Instruction Supported MONITORX / MWAITX Instruction Not Supported MOVBE Instruction Not Supported PCLMULQDQ Instruction Not Supported PCOMMIT Instruction Not Supported POPCNT Instruction Not Supported PREFETCHWT1 Instruction Not Supported RDFSBASE / RDGSBASE / WRFSBASE / WRGSBASE InstructionNot Supported RDRAND Instruction Not Supported RDSEED Instruction Not Supported RDTSCP Instruction Not Supported SKINIT / STGI Instruction Not Supported SYSCALL / SYSRET Instruction Not Supported SYSENTER / SYSEXIT Instruction Supported Trailing Bit Manipulation Instructions Not Supported VIA FEMMS Instruction Not Supported Security Features: Advanced Cryptography Engine (ACE) Not Supported Advanced Cryptography Engine 2 (ACE2) Not Supported Data Execution Prevention (DEP, NX, EDB) Not Supported Hardware Random Number Generator (RNG) Not Supported Hardware Random Number Generator 2 (RNG2) Not Supported Memory Protection Extensions (MPX) Not Supported PadLock Hash Engine (PHE) Not Supported PadLock Hash Engine 2 (PHE2) Not Supported PadLock Montgomery Multiplier (PMM) Not Supported PadLock Montgomery Multiplier 2 (PMM2) Not Supported Processor Serial Number (PSN) Not Supported Safer Mode Extensions (SMX) Not Supported Software Guard Extensions (SGX) Not Supported Supervisor Mode Access Prevention (SMAP) Not Supported Supervisor Mode Execution Protection (SMEP) Not Supported Power Management Features: Application Power Management (APM) Not Supported Automatic Clock Control Supported Core C6 State (CC6) Not Supported Digital Thermometer Supported Dynamic FSB Frequency Switching Not Supported Enhanced Halt State (C1E) Supported, Enabled Enhanced SpeedStep Technology (EIST, ESS) Supported, Enabled Frequency ID Control Not Supported Hardware P-State Control Not Supported Hardware Thermal Control (HTC) Not Supported LongRun Not Supported LongRun Table Interface Not Supported Overstress Not Supported Package C6 State (PC6) Not Supported Parallax Not Supported PowerSaver 1.0 Not Supported PowerSaver 2.0 Not Supported PowerSaver 3.0 Not Supported Processor Duty Cycle Control Supported Software Thermal Control Not Supported Temperature Sensing Diode Not Supported Thermal Monitor 1 Supported Thermal Monitor 2 Supported Thermal Monitor 3 Not Supported Thermal Monitoring Not Supported Thermal Trip Not Supported Voltage ID Control Not Supported Virtualization Features: Extended Page Table (EPT) Not Supported Hypervisor Not Present INVEPT Instruction Not Supported INVVPID Instruction Not Supported Nested Paging (NPT, RVI) Not Supported Secure Virtual Machine (SVM, Pacifica) Not Supported Virtual Machine Extensions (VMX, Vanderpool) Not Supported Virtual Processor ID (VPID) Not Supported CPUID Features: 1 GB Page Size Not Supported 36-bit Page Size Extension Supported 64-bit DS Area Supported Adaptive Overclocking Not Supported Address Region Registers (ARR) Not Supported Configurable TDP (cTDP) Not Supported Core Performance Boost (CPB) Not Supported Core Performance Counters Not Supported CPL Qualified Debug Store Supported Data Breakpoint Extension Not Supported Debug Trace Store Supported Debugging Extension Supported Deprecated FPU CS and FPU DS Not Supported Direct Cache Access Not Supported Dynamic Acceleration Technology (IDA) Not Supported Dynamic Configurable TDP (DcTDP) Not Supported Extended APIC Register Space Not Supported Fast Save & Restore Supported Hardware Lock Elision (HLE) Not Supported Hybrid Boost Not Supported Hyper-Threading Technology (HTT) Not Supported Instruction Based Sampling Not Supported Invariant Time Stamp Counter Supported L1 Context ID Not Supported L2I Performance Counters Not Supported Lightweight Profiling Not Supported Local APIC On Chip Supported Machine Check Architecture (MCA) Supported Machine Check Exception (MCE) Supported Memory Configuration Registers (MCR) Not Supported Memory Type Range Registers (MTRR) Supported Model Specific Registers (MSR) Supported NB Performance Counters Not Supported Page Attribute Table (PAT) Supported Page Global Extension Supported Page Size Extension (PSE) Supported Pending Break Event (PBE) Supported Performance Time Stamp Counter (PTSC) Not Supported Physical Address Extension (PAE) Supported Platform Quality of Service Enforcement (PQE) Not Supported Platform Quality of Service Monitoring (PQM) Not Supported Process Context Identifiers (PCID) Not Supported Processor Feedback Interface Not Supported Processor Trace (PT) Not Supported Restricted Transactional Memory (RTM) Not Supported Self-Snoop Supported Time Stamp Counter (TSC) Supported Turbo Boost Not Supported Virtual Mode Extension Supported Watchdog Timer Not Supported x2APIC Not Supported XGETBV / XSETBV OS Enabled Not Supported XSAVE / XRSTOR / XSETBV / XGETBV Extended States Not Supported XSAVEOPT Not Supported CPUID Registers (CPU #1): CPUID 00000000 0000000A-756E6547-6C65746E-49656E69 [GenuineIntel] CPUID 00000001 000006F2-00020800-0000E39D-BFEBFBFF CPUID 00000002 05B0B101-005657F0-00000000-2CB4307D CPUID 00000003 00000000-00000000-00000000-00000000 CPUID 00000004 04000121-01C0003F-0000003F-00000001 [SL 00] CPUID 00000004 04000122-01C0003F-0000003F-00000001 [SL 01] CPUID 00000004 04004143-01C0003F-00000FFF-00000001 [SL 02] CPUID 00000005 00000040-00000040-00000003-00000020 CPUID 00000006 00000001-00000002-00000001-00000000 CPUID 00000007 00000000-00000000-00000000-00000000 CPUID 00000008 00000400-00000000-00000000-00000000 CPUID 00000009 00000000-00000000-00000000-00000000 CPUID 0000000A 07280202-00000000-00000000-00000000 CPUID 80000000 80000008-00000000-00000000-00000000 CPUID 80000001 00000000-00000000-00000001-20000000 CPUID 80000002 65746E49-2952286C-726F4320-4D542865 [Intel(R) Core(TM] CPUID 80000003 43203229-20205550-20202020-20202020 [)2 CPU ] CPUID 80000004 30303434-20402020-30302E32-007A4847 [4400 @ 2.00GHz] CPUID 80000005 00000000-00000000-00000000-00000000 CPUID 80000006 00000000-00000000-08006040-00000000 CPUID 80000007 00000000-00000000-00000000-00000000 CPUID 80000008 00003024-00000000-00000000-00000000 CPUID Registers (CPU #2): CPUID 00000000 0000000A-756E6547-6C65746E-49656E69 [GenuineIntel] CPUID 00000001 000006F2-01020800-0000E39D-BFEBFBFF CPUID 00000002 05B0B101-005657F0-00000000-2CB4307D CPUID 00000003 00000000-00000000-00000000-00000000 CPUID 00000004 04000121-01C0003F-0000003F-00000001 [SL 00] CPUID 00000004 04000122-01C0003F-0000003F-00000001 [SL 01] CPUID 00000004 04004143-01C0003F-00000FFF-00000001 [SL 02] CPUID 00000005 00000040-00000040-00000003-00000020 CPUID 00000006 00000001-00000002-00000001-00000000 CPUID 00000007 00000000-00000000-00000000-00000000 CPUID 00000008 00000400-00000000-00000000-00000000 CPUID 00000009 00000000-00000000-00000000-00000000 CPUID 0000000A 07280202-00000000-00000000-00000000 CPUID 80000000 80000008-00000000-00000000-00000000 CPUID 80000001 00000000-00000000-00000001-20000000 CPUID 80000002 65746E49-2952286C-726F4320-4D542865 [Intel(R) Core(TM] CPUID 80000003 43203229-20205550-20202020-20202020 [)2 CPU ] CPUID 80000004 30303434-20402020-30302E32-007A4847 [4400 @ 2.00GHz] CPUID 80000005 00000000-00000000-00000000-00000000 CPUID 80000006 00000000-00000000-08006040-00000000 CPUID 80000007 00000000-00000000-00000000-00000000 CPUID 80000008 00003024-00000000-00000000-00000000 MSR Registers: MSR 00000017 0000-0000-8A04-8A28 [PlatID = 0] MSR 0000001B 0000-0000-FEE0-0900 MSR 0000002A 0000-0000-4288-0000 MSR 0000008B 0000-005A-0000-0000 MSR 000000CD 0000-0000-0000-0802 MSR 000000CE 001D-0A28-7F7F-0718 MSR 000000E7 0000-0000-0021-A8FE MSR 000000E7 0000-0000-0062-69A2 [S200] MSR 000000E7 0000-0000-0167-AABA [S200] MSR 000000E8 0000-0000-0000-7AA6 MSR 000000E8 0000-0000-0000-9CC6 [S200] MSR 000000E8 0000-0000-0014-783A [S200] MSR 000000EE A800-0000-C17D-4700 MSR 0000011E 0000-0000-BE70-2107 MSR 00000198 0A28-0A28-0600-061D MSR 00000198 0A28-0A28-0600-061D [S200] MSR 00000198 0A28-0A28-0600-061D [S200] MSR 00000199 0000-0000-0000-061D MSR 0000019A 0000-0000-0000-0002 MSR 0000019B 0000-0000-0000-0000 MSR 0000019C 0000-0000-8827-0000 MSR 0000019C 0000-0000-8827-0000 [S200] MSR 0000019C 0000-0000-8828-0000 [S200] MSR 0000019D 0000-0000-0000-061D MSR 000001A0 0000-0044-6297-2489 --------[ Motherboard ]------------------------------------------------------------------------------------------------- Motherboard Properties: Motherboard ID 63-0305-000010-00101111-112906-945P$A0603000_BIOS DATE: 11/29/06 11:15:27 VER: 08.00.10 Motherboard Name Asus P5L 1394 Front Side Bus Properties: Bus Type Intel AGTL+ Bus Width 64-bit Real Clock 200 MHz (QDR) Effective Clock 800 MHz Bandwidth 6400 MB/s Memory Bus Properties: Bus Type Dual DDR2 SDRAM Bus Width 128-bit DRAM:FSB Ratio 10:6 Real Clock 333 MHz (DDR) Effective Clock 667 MHz Bandwidth [ TRIAL VERSION ] MB/s Chipset Bus Properties: Bus Type Intel Direct Media Interface Motherboard Physical Info: CPU Sockets/Slots 1 LGA775 Expansion Slots [ TRIAL VERSION ] RAM Slots 4 DDR2 DIMM Integrated Devices Audio, Gigabit LAN, IEEE-1394 Form Factor ATX Motherboard Size 190 mm x 300 mm Motherboard Chipset i945P Extra Features [ TRIAL VERSION ] Motherboard Manufacturer: Company Name ASUSTeK Computer Inc. Product Information http://www.asus.com/Motherboards BIOS Download http://support.asus.com/download/download.aspx?SLanguage=en-us Driver Update http://www.aida64.com/driver-updates BIOS Upgrades http://www.aida64.com/bios-updates --------[ Memory ]------------------------------------------------------------------------------------------------------ Physical Memory: Total [ TRIAL VERSION ] Used [ TRIAL VERSION ] Free 1744 MB Utilization [ TRIAL VERSION ] Swap Space: Total 6139 MB Used 1656 MB Free 4483 MB Utilization 27 % Virtual Memory: Total 9210 MB Used 2983 MB Free 6227 MB Utilization 32 % Paging File: Paging File C:\pagefile.sys Current Size 3071 MB Current / Peak Usage 152 MB / 205 MB Utilization 5 % Physical Address Extension (PAE): Supported by Operating System Yes Supported by CPU Yes Active No --------[ SPD ]--------------------------------------------------------------------------------------------------------- [ DIMM2: [ TRIAL VERSION ] ] Memory Module Properties: Module Name [ TRIAL VERSION ] Serial Number F6123752h (1379341046) Manufacture Date Week 9 / 2010 Module Size 1 GB (2 ranks, 4 banks) Module Type [ TRIAL VERSION ] Memory Type DDR2 SDRAM Memory Speed DDR2-800 (400 MHz) Module Width 64 bit Module Voltage SSTL 1.8 Error Detection Method None Refresh Rate Reduced (7.8 us), Self-Refresh Memory Timings: @ 400 MHz 5-5-5-18 (CL-RCD-RP-RAS) / 23-42-3-6-3-3 (RC-RFC-RRD-WR-WTR-RTP) @ 266 MHz 4-4-4-12 (CL-RCD-RP-RAS) / 16-28-2-4-2-2 (RC-RFC-RRD-WR-WTR-RTP) @ 200 MHz 3-3-3-9 (CL-RCD-RP-RAS) / 12-21-2-3-2-2 (RC-RFC-RRD-WR-WTR-RTP) Memory Module Features: Analysis Probe Not Present FET Switch External Disabled Weak Driver Supported Memory Module Manufacturer: Company Name Nanya Technology Corp. Product Information http://www.nanya.com/index.aspx [ DIMM3: [ TRIAL VERSION ] ] Memory Module Properties: Module Name [ TRIAL VERSION ] Serial Number C0403A24h (607797440) Manufacture Date Week 35 / 2008 Module Size 1 GB (2 ranks, 4 banks) Module Type [ TRIAL VERSION ] Memory Type DDR2 SDRAM Memory Speed DDR2-800 (400 MHz) Module Width 64 bit Module Voltage SSTL 1.8 Error Detection Method None Refresh Rate Reduced (7.8 us), Self-Refresh Memory Timings: @ 400 MHz 5-5-5-18 (CL-RCD-RP-RAS) / 23-51-3-6-3-3 (RC-RFC-RRD-WR-WTR-RTP) @ 266 MHz 4-4-4-12 (CL-RCD-RP-RAS) / 16-34-2-4-2-2 (RC-RFC-RRD-WR-WTR-RTP) @ 200 MHz 3-3-3-9 (CL-RCD-RP-RAS) / 12-26-2-3-2-2 (RC-RFC-RRD-WR-WTR-RTP) Memory Module Features: Analysis Probe Not Present FET Switch External Disabled Weak Driver Supported Memory Module Manufacturer: Company Name Nanya Technology Corp. Product Information http://www.nanya.com/index.aspx [ DIMM4: [ TRIAL VERSION ] ] Memory Module Properties: Module Name [ TRIAL VERSION ] Serial Number 531B3D13h (322771795) Manufacture Date Week 35 / 2008 Module Size 1 GB (2 ranks, 4 banks) Module Type [ TRIAL VERSION ] Memory Type DDR2 SDRAM Memory Speed DDR2-800 (400 MHz) Module Width 64 bit Module Voltage SSTL 1.8 Error Detection Method None Refresh Rate Reduced (7.8 us), Self-Refresh Memory Timings: @ 400 MHz 5-5-5-18 (CL-RCD-RP-RAS) / 23-51-3-6-3-3 (RC-RFC-RRD-WR-WTR-RTP) @ 266 MHz 4-4-4-12 (CL-RCD-RP-RAS) / 16-34-2-4-2-2 (RC-RFC-RRD-WR-WTR-RTP) @ 200 MHz 3-3-3-9 (CL-RCD-RP-RAS) / 12-26-2-3-2-2 (RC-RFC-RRD-WR-WTR-RTP) Memory Module Features: Analysis Probe Not Present FET Switch External Disabled Weak Driver Supported Memory Module Manufacturer: Company Name Nanya Technology Corp. Product Information http://www.nanya.com/index.aspx --------[ Chipset ]----------------------------------------------------------------------------------------------------- [ North Bridge: Intel Lakeport i945P ] North Bridge Properties: North Bridge Intel Lakeport i945P Supported FSB Speeds FSB533, FSB800, FSB1066 Supported Memory Types DDR2-400, DDR2-533, DDR2-667 SDRAM Maximum Memory Amount 4 GB Revision / Stepping 02 / A2 Package Type 1202 Pin FC-BGA Package Size 34 mm x 34 mm Core Voltage 1.5 V TDP 15.2 W In-Order Queue Depth 12 Memory Controller: Type Dual Channel (128-bit) Active Mode Dual Channel (128-bit) Memory Timings: CAS Latency (CL) 5T RAS To CAS Delay (tRCD) 5T RAS Precharge (tRP) 5T RAS Active Time (tRAS) 15T Row Refresh Cycle Time (tRFC) 35T Write Recovery Time (tWR) 5T Read To Read Delay (tRTR) 6T Read To Write Delay (tRTW) 9T Write To Read Delay (tWTR) 3T, Same Rank: 11T, Different Rank: 5T Write To Write Delay (tWTW) 6T Read To Precharge Delay (tRTP) 3T Write To Precharge Delay (tWTP) 13T Precharge To Precharge Delay (tPTP) 1T Read Delay (tRD) 7T Write CAS Latency (tWCL) 4T Refresh Period (tREF) 3.9 us DRAM Idle Timer 16T Burst Length (BL) 8 Error Correction: ECC Not Supported ChipKill ECC Not Supported RAID Not Supported ECC Scrubbing Not Supported Memory Slots: DRAM Slot #1 1 GB (DDR2-800 DDR2 SDRAM) DRAM Slot #2 1 GB (DDR2-800 DDR2 SDRAM) DRAM Slot #3 1 GB (DDR2-800 DDR2 SDRAM) PCI Express Controller: PCI-E 1.0 x16 port #2 In Use @ x16 (nVIDIA GeForce 210 Video Adapter, nVIDIA GT218 - High Definition Audio Controller) Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ South Bridge: [ TRIAL VERSION ] ] South Bridge Properties: South Bridge [ TRIAL VERSION ] Revision / Stepping E1 / A1 Package Type 652 Pin mBGA Package Size 31 mm x 31 mm Process Technology 130 nm Core Voltage 1.05 V TDP 3.3 W High Definition Audio: Codec Name Realtek ALC883 Codec ID 10EC0883h / 1043C603h Codec Revision 1000h Codec Type Audio PCI Express Controller: PCI-E 1.0 x1 port #1 Empty PCI-E 1.0 x1 port #3 In Use @ x1 (Attansic L1 Gigabit Ethernet Adapter) PCI-E 1.0 x1 port #4 In Use @ x1 (JMicron JMB360 SATA-II AHCI Controller) Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates --------[ BIOS ]-------------------------------------------------------------------------------------------------------- BIOS Properties: BIOS Type AMI BIOS Version 0305 System BIOS Date 11/29/06 Video BIOS Date 05/11/11 BIOS Settings (ATK): BIOS Manufacturer: Company Name American Megatrends Inc. Product Information http://www.ami.com/amibios BIOS Upgrades http://www.aida64.com/bios-updates --------[ ACPI ]-------------------------------------------------------------------------------------------------------- [ APIC: Multiple APIC Description Table ] ACPI Table Properties: ACPI Signature APIC Table Description Multiple APIC Description Table Memory Address BFFA0390h Table Length 128 bytes OEM ID A_M_I_ OEM Table ID OEMAPIC OEM Revision 11000629h Creator ID MSFT Creator Revision 00000097h Local APIC Address FEE00000h Processor Local APIC: ACPI Processor ID 01h APIC ID 00h Status Enabled Processor Local APIC: ACPI Processor ID 02h APIC ID 01h Status Enabled Processor Local APIC: ACPI Processor ID 03h APIC ID 82h Status Disabled Processor Local APIC: ACPI Processor ID 04h APIC ID 83h Status Disabled I/O APIC: I/O APIC ID 02h I/O APIC Address FEC00000h Global System Interrupt Base 00000000h Interrupt Source Override: Bus ISA Source IRQ0 Global System Interrupt 00000002h Polarity Conforms to the specifications of the bus Trigger Mode Conforms to the specifications of the bus Interrupt Source Override: Bus ISA Source IRQ9 Global System Interrupt 00000009h Polarity Active High Trigger Mode Level-Triggered Interrupt Source Override: Bus ISA Source IRQ0 Global System Interrupt 00000002h Polarity Conforms to the specifications of the bus Trigger Mode Conforms to the specifications of the bus Interrupt Source Override: Bus ISA Source IRQ9 Global System Interrupt 00000009h Polarity Active High Trigger Mode Level-Triggered [ DSDT: Differentiated System Description Table ] ACPI Table Properties: ACPI Signature DSDT Table Description Differentiated System Description Table Memory Address BFFA0590h Table Length 22909 bytes OEM ID A0603 OEM Table ID A0603000 OEM Revision 00000000h Creator ID INTL Creator Revision 20060113h nVIDIA SLI: SLI Certification Not Present PCI 0-0-0-0 (Direct I/O) 8086-2770 (Intel i945G/GC/GZ/P/PL) PCI 0-0-0-0 (HAL) 8086-2770 (Intel i945G/GC/GZ/P/PL) Lucid Virtu: Virtu Certification Not Present [ FACP: Fixed ACPI Description Table ] ACPI Table Properties: ACPI Signature FACP Table Description Fixed ACPI Description Table Memory Address BFFA0200h Table Length 129 bytes OEM ID A_M_I_ OEM Table ID OEMFACP OEM Revision 11000629h Creator ID MSFT Creator Revision 00000097h FACS Address BFFAE000h DSDT Address BFFA0590h SMI Command Port 000000B2h PM Timer 00000808h [ FACS: Firmware ACPI Control Structure ] ACPI Table Properties: ACPI Signature FACS Table Description Firmware ACPI Control Structure Memory Address BFFAE000h Table Length 64 bytes Hardware Signature 00000000h Waking Vector 00000000h Global Lock 00000000h [ HPET: IA-PC High Precision Event Timer Table ] ACPI Table Properties: ACPI Signature HPET Table Description IA-PC High Precision Event Timer Table Memory Address BFFA5F10h Table Length 56 bytes OEM ID A_M_I_ OEM Table ID OEMHPET OEM Revision 11000629h Creator ID MSFT Creator Revision 00000097h HPET Address 00000000-FED00000h Vendor ID 8086h Revision ID 01h Number of Timers 3 Counter Size 64-bit Minimum Clock Ticks 14318 Page Protection No Guarantee OEM Attribute 0h LegacyReplacement IRQ Routing Supported [ MCFG: Memory Mapped Configuration Space Base Address Description Table ] ACPI Table Properties: ACPI Signature MCFG Table Description Memory Mapped Configuration Space Base Address Description Table Memory Address BFFA5F50h Table Length 60 bytes OEM ID A_M_I_ OEM Table ID OEMMCFG OEM Revision 11000629h Creator ID MSFT Creator Revision 00000097h Config Space Address 00000000-F0000000h PCI Segment 0000h Start Bus Number 00h End Bus Number FFh [ OEMB: OEM Specific Information Table ] ACPI Table Properties: ACPI Signature OEMB Table Description OEM Specific Information Table Memory Address BFFAE040h Table Length 107 bytes OEM ID A_M_I_ OEM Table ID AMI_OEM OEM Revision 11000629h Creator ID MSFT Creator Revision 00000097h [ RSD PTR: Root System Description Pointer ] ACPI Table Properties: ACPI Signature RSD PTR Table Description Root System Description Pointer Memory Address 000FB110h Table Length 20 bytes OEM ID ACPIAM RSDP Revision 0 (ACPI 1.0) RSDT Address BFFA0000h [ RSDT: Root System Description Table ] ACPI Table Properties: ACPI Signature RSDT Table Description Root System Description Table Memory Address BFFA0000h Table Length 68 bytes OEM ID DELL OEM Table ID QA09 OEM Revision 11000629h Creator ID MSFT Creator Revision 00000097h RSDT Entry #0 BFFA0200h (FACP) RSDT Entry #1 BFFA0390h (APIC) RSDT Entry #2 BFFA6278h (SLIC) RSDT Entry #3 BFFAE040h (OEMB) RSDT Entry #4 BFFA5F10h (HPET) RSDT Entry #5 BFFA5F50h (MCFG) RSDT Entry #6 BFFAE0B0h (SSDT) RSDT Entry #7 BFFAE2C0h (SSDT) [ SLIC: Software Licensing Description Table ] ACPI Table Properties: ACPI Signature SLIC Table Description Software Licensing Description Table Memory Address BFFA6278h Table Length 374 bytes OEM ID DELL OEM Table ID QA09 OEM Revision 42302E31h Creator ID NVDA Creator Revision 0100000Eh SLIC Version v2.1 OEM Public Key: Key Type 06h Version 02h Algorithm 00002400h Magic RSA1 Bit Length 1024 Exponent 65537 SLIC Marker: Version 00020001h OEM ID DELL OEM Table ID QA09 Windows Flag WINDOWS [ SSDT: Secondary System Description Table ] ACPI Table Properties: ACPI Signature SSDT Table Description Secondary System Description Table Memory Address BFFAE0B0h Table Length 520 bytes OEM ID AMI OEM Table ID CPU1PM OEM Revision 00000001h Creator ID INTL Creator Revision 20060113h [ SSDT: Secondary System Description Table ] ACPI Table Properties: ACPI Signature SSDT Table Description Secondary System Description Table Memory Address BFFAE2C0h Table Length 314 bytes OEM ID AMI OEM Table ID CPU2PM OEM Revision 00000001h Creator ID INTL Creator Revision 20060113h --------[ Operating System ]-------------------------------------------------------------------------------------------- Operating System Properties: OS Name Microsoft Windows 7 Ultimate OS Language English (United States) OS Installer Language English (United States) OS Kernel Type Multiprocessor Free (32-bit) OS Version 6.1.7601.18741 (Win7 RTM) OS Service Pack [ TRIAL VERSION ] OS Installation Date 23.12.2014 OS Root C:\Windows License Information: Registered Owner ALEX Registered Organization Product ID 00426-OEM-8992662-00400 Product Key 342DG- [ TRIAL VERSION ] Product Activation (WPA) Not Required Current Session: Computer Name ALEX-PC User Name ALEX Logon Domain [ TRIAL VERSION ] UpTime 2569 sec (0 days, 0 hours, 42 min, 49 sec) Components Version: Common Controls 6.16 Internet Explorer Updates [ TRIAL VERSION ] Windows Mail 6.1.7600.16385 (win7_rtm.090713-1255) Windows Media Player 12.0.7600.16385 (win7_rtm.090713-1255) Windows Messenger - MSN Messenger - Internet Information Services (IIS) [ TRIAL VERSION ] .NET Framework 4.0.30319.34209 built by: FX452RTMGDR Novell Client - DirectX DirectX 11.1 OpenGL 6.1.7600.16385 (win7_rtm.090713-1255) ASPI - Operating System Features: Debug Version No DBCS Version No Domain Controller No Security Present No Network Present Yes Remote Session No Safe Mode No Slow Processor No Terminal Services Yes --------[ Processes ]--------------------------------------------------------------------------------------------------- aida64.exe D:\Programe\AIDA64 Extreme\aida64.exe 32-bit 53896 KB 47624 KB chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe 32-bit 126 MB 117 MB chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe 32-bit 126 MB 93 MB chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe 32-bit 89924 KB 74480 KB chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe 32-bit 57648 KB 48484 KB chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe 32-bit 30464 KB 26508 KB chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe 32-bit 29284 KB 26408 KB chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe 32-bit 27188 KB 26832 KB chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe 32-bit 32912 KB 35136 KB chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe 32-bit 26352 KB 26320 KB chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe 32-bit 8832 KB 12000 KB Dwm.exe C:\Windows\system32\Dwm.exe 32-bit 26552 KB 27560 KB Explorer.EXE C:\Windows\Explorer.EXE 32-bit 51984 KB 36068 KB jusched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe 32-bit 11500 KB 2996 KB msseces.exe C:\Program Files\Microsoft Security Client\msseces.exe 32-bit 9416 KB 4516 KB mywifi.exe D:\Programe\Who Is On My Wifi\mywifi.exe 32-bit 33724 KB 27752 KB NvBackend.exe C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe 32-bit 4380 KB 1588 KB nvtray.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 32-bit 7924 KB 3136 KB StikyNot.exe C:\Windows\System32\StikyNot.exe 32-bit 8424 KB 3676 KB taskhost.exe C:\Windows\system32\taskhost.exe 32-bit 10188 KB 10460 KB uTorrent.exe D:\utorrent\uTorrent.exe 32-bit 49348 KB 43324 KB vVX1000.exe C:\Windows\vVX1000.exe 32-bit 4164 KB 1244 KB --------[ System Drivers ]---------------------------------------------------------------------------------------------- 1394ohci 1394 OHCI Compliant Host Controller 1394ohci.sys 6.1.7601.17514 Kernel Driver Running ACPI Microsoft ACPI Driver ACPI.sys 6.1.7601.17514 Kernel Driver Running AcpiPmi ACPI Power Meter Driver acpipmi.sys 6.1.7601.17514 Kernel Driver Stopped adp94xx adp94xx adp94xx.sys 1.6.6.4 Kernel Driver Stopped adpahci adpahci adpahci.sys 1.6.6.1 Kernel Driver Stopped adpu320 adpu320 adpu320.sys 7.2.0.0 Kernel Driver Stopped AFD Ancillary Function Driver for Winsock afd.sys 6.1.7601.18489 Kernel Driver Running agp440 Intel AGP Bus Filter agp440.sys 6.1.7600.16385 Kernel Driver Stopped aic78xx aic78xx djsvs.sys 6.0.0.0 Kernel Driver Stopped AIDA64Driver FinalWire AIDA64 Kernel Driver kerneld.x32 Kernel Driver Running aliide aliide aliide.sys 1.2.0.0 Kernel Driver Stopped amdagp AMD AGP Bus Filter Driver amdagp.sys 6.1.7600.16385 Kernel Driver Stopped amdide amdide amdide.sys 6.1.7600.16385 Kernel Driver Stopped AmdK8 AMD K8 Processor Driver amdk8.sys 6.1.7600.16385 Kernel Driver Stopped AmdPPM AMD Processor Driver amdppm.sys 6.1.7600.16385 Kernel Driver Stopped amdsata amdsata amdsata.sys 1.1.2.5 Kernel Driver Stopped amdsbs amdsbs amdsbs.sys 3.6.1540.127 Kernel Driver Stopped amdxata amdxata amdxata.sys 1.1.2.5 Kernel Driver Running AppID AppID Driver appid.sys 6.1.7601.18741 Kernel Driver Stopped arc arc arc.sys 5.2.0.10384 Kernel Driver Stopped arcsas arcsas arcsas.sys 5.2.0.16119 Kernel Driver Stopped AsyncMac RAS Asynchronous Media Driver asyncmac.sys 6.1.7600.16385 Kernel Driver Stopped atapi IDE Channel atapi.sys 6.1.7600.16385 Kernel Driver Running AtcL001 NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller l160x86.sys 2.4.7.4 Kernel Driver Running b06bdrv Broadcom NetXtreme II VBD bxvbdx.sys 4.8.2.0 Kernel Driver Stopped b57nd60x Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 b57nd60x.sys 10.100.4.0 Kernel Driver Stopped Beep Beep Kernel Driver Running blbdrive blbdrive blbdrive.sys 6.1.7600.16385 Kernel Driver Running bowser Browser Support Driver bowser.sys 6.1.7601.17565 File System Driver Running BrFiltLo Brother USB Mass-Storage Lower Filter Driver BrFiltLo.sys 1.10.0.2 Kernel Driver Stopped BrFiltUp Brother USB Mass-Storage Upper Filter Driver BrFiltUp.sys 1.4.0.1 Kernel Driver Stopped Brserid Brother MFC Serial Port Interface Driver (WDM) Brserid.sys 1.0.1.6 Kernel Driver Stopped BrSerWdm Brother WDM Serial driver BrSerWdm.sys 1.0.0.20 Kernel Driver Stopped BrUsbMdm Brother MFC USB Fax Only Modem BrUsbMdm.sys 1.0.0.12 Kernel Driver Stopped BrUsbSer Brother MFC USB Serial WDM Driver BrUsbSer.sys 1.0.1.3 Kernel Driver Stopped BTHMODEM Bluetooth Serial Communications Driver bthmodem.sys 6.1.7600.16385 Kernel Driver Stopped cdfs CD/DVD File System Reader cdfs.sys 6.1.7600.16385 File System Driver Stopped cdrom CD-ROM Driver cdrom.sys 6.1.7601.17514 Kernel Driver Running circlass Consumer IR Devices circlass.sys 6.1.7600.16385 Kernel Driver Stopped CLFS Common Log (CLFS) CLFS.sys 6.1.7600.16385 Kernel Driver Running CmBatt Microsoft ACPI Control Method Battery Driver CmBatt.sys 6.1.7600.16385 Kernel Driver Stopped cmdide cmdide cmdide.sys 2.0.7.0 Kernel Driver Stopped CNG CNG cng.sys 6.1.7601.18739 Kernel Driver Running Compbatt Microsoft Composite Battery Driver compbatt.sys 6.1.7600.16385 Kernel Driver Running CompositeBus Composite Bus Enumerator Driver CompositeBus.sys 6.1.7601.17514 Kernel Driver Running crcdisk Crcdisk Filter Driver crcdisk.sys 6.1.7600.16385 Kernel Driver Stopped CSC Offline Files Driver csc.sys 6.1.7601.17514 Kernel Driver Running DfsC DFS Namespace Client Driver dfsc.sys 6.1.7601.17514 File System Driver Running dg_ssudbus SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) ssudbus.sys 2.11.7.0 Kernel Driver Stopped discache System Attribute Cache discache.sys 6.1.7600.16385 Kernel Driver Running Disk Disk Driver disk.sys 6.1.7600.16385 Kernel Driver Running drmkaud Microsoft Trusted Audio Drivers drmkaud.sys 6.1.7600.16385 Kernel Driver Stopped dtsoftbus01 DAEMON Tools Virtual Bus Driver dtsoftbus01.sys 4.49.1.352 Kernel Driver Running DXGKrnl LDDM Graphics Subsystem dxgkrnl.sys 6.1.7601.18510 Kernel Driver Running E1G60 Intel(R) PRO/1000 NDIS 6 Adapter Driver E1G60I32.sys 8.4.1.0 Kernel Driver Stopped ebdrv Broadcom NetXtreme II 10 GigE VBD evbdx.sys 4.8.13.0 Kernel Driver Stopped elxstor elxstor elxstor.sys 5.2.10.211 Kernel Driver Stopped ErrDev Microsoft Hardware Error Device Driver errdev.sys 6.1.7600.16385 Kernel Driver Stopped exfat exFAT File System Driver File System Driver Stopped fastfat FAT12/16/32 File System Driver File System Driver Running fdc Floppy Disk Controller Driver fdc.sys 6.1.7600.16385 Kernel Driver Running FileInfo File Information FS MiniFilter fileinfo.sys 6.1.7600.16385 File System Driver Running Filetrace Filetrace filetrace.sys 6.1.7600.16385 File System Driver Stopped flpydisk Floppy Disk Driver flpydisk.sys 6.1.7600.16385 Kernel Driver Running FltMgr FltMgr fltmgr.sys 6.1.7600.16385 File System Driver Running FsDepends File System Dependency Minifilter FsDepends.sys 6.1.7600.16385 File System Driver Stopped fssfltr fssfltr fssfltr.sys 15.4.3555.308 Kernel Driver Stopped fvevol Bitlocker Drive Encryption Filter Driver fvevol.sys 6.1.7601.18062 Kernel Driver Running gagp30kx Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms gagp30kx.sys 6.1.7600.16385 Kernel Driver Stopped hamachi Hamachi Network Interface hamachi.sys 7.0.1.1 Kernel Driver Running hcw85cir Hauppauge Consumer Infrared Receiver hcw85cir.sys 1.31.27127.0 Kernel Driver Stopped HdAudAddService Microsoft 1.1 UAA Function Driver for High Definition Audio Service HdAudio.sys 6.1.7601.17514 Kernel Driver Running HDAudBus Microsoft UAA Bus Driver for High Definition Audio HDAudBus.sys 6.1.7601.17514 Kernel Driver Running HidBatt HID UPS Battery Driver HidBatt.sys 6.1.7600.16385 Kernel Driver Stopped HidBth Microsoft Bluetooth HID Miniport hidbth.sys 6.1.7600.16385 Kernel Driver Stopped HidIr Microsoft Infrared HID Driver hidir.sys 6.1.7600.16385 Kernel Driver Stopped HidUsb Microsoft HID Class Driver hidusb.sys 6.1.7601.17514 Kernel Driver Running HpSAMD HpSAMD HpSAMD.sys 6.12.4.32 Kernel Driver Stopped HTTP HTTP HTTP.sys 6.1.7601.17514 Kernel Driver Running hwpolicy Hardware Policy Driver hwpolicy.sys 6.1.7601.17514 Kernel Driver Running i8042prt i8042 Keyboard and PS/2 Mouse Port Driver i8042prt.sys 6.1.7600.16385 Kernel Driver Stopped iaStorV Intel RAID Controller Windows 7 iaStorV.sys 8.6.2.1014 Kernel Driver Stopped iirsp iirsp iirsp.sys 5.4.22.0 Kernel Driver Stopped intelide intelide intelide.sys 6.1.7600.16385 Kernel Driver Running intelppm Intel Processor Driver intelppm.sys 6.1.7600.16385 Kernel Driver Running IpFilterDriver IP Traffic Filter Driver ipfltdrv.sys 6.1.7600.16385 Kernel Driver Stopped IPMIDRV IPMIDRV IPMIDrv.sys 6.1.7601.17514 Kernel Driver Stopped IPNAT IP Network Address Translator ipnat.sys 6.1.7600.16385 Kernel Driver Stopped IRENUM IR Bus Enumerator irenum.sys 6.1.7600.16385 Kernel Driver Stopped isapnp isapnp isapnp.sys 6.1.7600.16385 Kernel Driver Stopped iScsiPrt iScsiPort Driver msiscsi.sys 6.1.7601.18386 Kernel Driver Stopped kbdclass Keyboard Class Driver kbdclass.sys 6.1.7600.16385 Kernel Driver Running kbdhid Keyboard HID Driver kbdhid.sys 6.1.7601.17514 Kernel Driver Running KSecDD KSecDD ksecdd.sys 6.1.7601.18779 Kernel Driver Running KSecPkg KSecPkg ksecpkg.sys 6.1.7601.18779 Kernel Driver Running lltdio Link-Layer Topology Discovery Mapper I/O Driver lltdio.sys 6.1.7600.16385 Kernel Driver Running LSI_FC LSI_FC lsi_fc.sys 1.28.3.52 Kernel Driver Stopped LSI_SAS LSI_SAS lsi_sas.sys 1.28.3.52 Kernel Driver Stopped LSI_SAS2 LSI_SAS2 lsi_sas2.sys 2.0.2.71 Kernel Driver Stopped LSI_SCSI LSI_SCSI lsi_scsi.sys 1.28.3.67 Kernel Driver Stopped luafv UAC File Virtualization luafv.sys 6.1.7600.16385 File System Driver Running megasas megasas megasas.sys 4.5.1.32 Kernel Driver Stopped MegaSR MegaSR MegaSR.sys 13.5.409.2009 Kernel Driver Stopped Modem Modem modem.sys 6.1.7600.16385 Kernel Driver Stopped monitor Microsoft Monitor Class Function Driver Service monitor.sys 6.1.7600.16385 Kernel Driver Running mouclass Mouse Class Driver mouclass.sys 6.1.7600.16385 Kernel Driver Running mouhid Mouse HID Driver mouhid.sys 6.1.7600.16385 Kernel Driver Running mountmgr Mount Point Manager mountmgr.sys 6.1.7601.18741 Kernel Driver Running MpFilter Microsoft Malware Protection Driver MpFilter.sys 4.7.200.0 File System Driver Running mpio Microsoft Multi-Path Bus Driver mpio.sys 6.1.7601.17514 Kernel Driver Stopped mpsdrv Windows Firewall Authorization Driver mpsdrv.sys 6.1.7600.16385 Kernel Driver Running MRxDAV WebDav Client Redirector Driver mrxdav.sys 6.1.7601.18706 File System Driver Stopped mrxsmb SMB MiniRedirector Wrapper and Engine mrxsmb.sys 6.1.7601.17605 File System Driver Running mrxsmb10 SMB 1.x MiniRedirector mrxsmb10.sys 6.1.7601.17647 File System Driver Running mrxsmb20 SMB 2.0 MiniRedirector mrxsmb20.sys 6.1.7601.17605 File System Driver Running msahci msahci msahci.sys 6.1.7601.17514 Kernel Driver Stopped msdsm Microsoft Multi-Path Device Specific Module msdsm.sys 6.1.7601.17514 Kernel Driver Stopped Msfs Msfs File System Driver Running mshidkmdf Pass-through HID to KMDF Filter Driver mshidkmdf.sys 6.1.7600.16385 Kernel Driver Stopped msisadrv msisadrv msisadrv.sys 6.1.7600.16385 Kernel Driver Running MSKSSRV Microsoft Streaming Service Proxy MSKSSRV.sys 6.1.7600.16385 Kernel Driver Stopped MSPCLOCK Microsoft Streaming Clock Proxy MSPCLOCK.sys 6.1.7600.16385 Kernel Driver Stopped MSPQM Microsoft Streaming Quality Manager Proxy MSPQM.sys 6.1.7600.16385 Kernel Driver Stopped MsRPC MsRPC Kernel Driver Stopped mssmbios Microsoft System Management BIOS Driver mssmbios.sys 6.1.7600.16385 Kernel Driver Running MSTEE Microsoft Streaming Tee/Sink-to-Sink Converter MSTEE.sys 6.1.7600.16385 Kernel Driver Stopped MTConfig Microsoft Input Configuration Driver MTConfig.sys 6.1.7600.16385 Kernel Driver Stopped MTsensor ATK0110 ACPI UTILITY ASACPI.sys 1043.2.15.37 Kernel Driver Running Mup Mup mup.sys 6.1.7600.16385 File System Driver Running NativeWifiP NativeWiFi Filter nwifi.sys 6.1.7600.16385 Kernel Driver Stopped NDIS NDIS System Driver ndis.sys 6.1.7601.17939 Kernel Driver Running NdisCap NDIS Capture LightWeight Filter ndiscap.sys 6.1.7600.16385 Kernel Driver Stopped NdisTapi Remote Access NDIS TAPI Driver ndistapi.sys 6.1.7600.16385 Kernel Driver Running Ndisuio NDIS Usermode I/O Protocol ndisuio.sys 6.1.7601.17514 Kernel Driver Stopped NdisWan Remote Access NDIS WAN Driver ndiswan.sys 6.1.7601.17514 Kernel Driver Running NDProxy NDIS Proxy Kernel Driver Running NetBIOS NetBIOS Interface netbios.sys 6.1.7600.16385 File System Driver Running NetBT NetBT netbt.sys 6.1.7601.17514 Kernel Driver Running nfrd960 nfrd960 nfrd960.sys 7.10.0.0 Kernel Driver Stopped NisDrv Microsoft Network Inspection System NisDrvWFP.sys 4.7.200.0 Kernel Driver Running Npfs Npfs File System Driver Running nsiproxy NSI proxy service driver. nsiproxy.sys 6.1.7600.16385 Kernel Driver Running Ntfs Ntfs File System Driver Running Null Null Kernel Driver Running nv_agp NVIDIA nForce AGP Bus Filter nv_agp.sys 6.1.7600.16385 Kernel Driver Stopped NVHDA Service for NVIDIA High Definition Audio Driver nvhda32v.sys 1.3.30.1 Kernel Driver Running nvlddmkm nvlddmkm nvlddmkm.sys 9.18.13.4144 Kernel Driver Running nvraid nvraid nvraid.sys 10.6.0.18 Kernel Driver Stopped nvstor nvstor nvstor.sys 10.6.0.18 Kernel Driver Stopped ohci1394 1394 OHCI Compliant Host Controller (Legacy) ohci1394.sys 6.1.7600.16385 Kernel Driver Stopped Parport Parallel port driver parport.sys 6.1.7600.16385 Kernel Driver Running partmgr Partition Manager partmgr.sys 6.1.7601.17796 Kernel Driver Running Parvdm Parvdm parvdm.sys 6.1.7600.16385 Kernel Driver Running pci PCI Bus Driver pci.sys 6.1.7601.17514 Kernel Driver Running pciide pciide pciide.sys 6.1.7600.16385 Kernel Driver Running pcmcia pcmcia pcmcia.sys 6.1.7600.16385 Kernel Driver Stopped pcw Performance Counters for Windows Driver pcw.sys 6.1.7600.16385 Kernel Driver Running PEAUTH PEAUTH peauth.sys 6.1.7601.18741 Kernel Driver Running PptpMiniport WAN Miniport (PPTP) raspptp.sys 6.1.7600.16385 Kernel Driver Running Processor Processor Driver processr.sys 6.1.7600.16385 Kernel Driver Stopped Psched QoS Packet Scheduler pacer.sys 6.1.7600.16385 Kernel Driver Running ql2300 ql2300 ql2300.sys 9.1.8.6 Kernel Driver Stopped ql40xx ql40xx ql40xx.sys 2.1.3.20 Kernel Driver Stopped QWAVEdrv QWAVE driver qwavedrv.sys 6.1.7600.16385 Kernel Driver Stopped RasAcd Remote Access Auto Connection Driver rasacd.sys 6.1.7600.16385 Kernel Driver Stopped RasAgileVpn WAN Miniport (IKEv2) AgileVpn.sys 6.1.7600.16385 Kernel Driver Running Rasl2tp WAN Miniport (L2TP) rasl2tp.sys 6.1.7600.16385 Kernel Driver Running RasPppoe Remote Access PPPOE Driver raspppoe.sys 6.1.7600.16385 Kernel Driver Running RasSstp WAN Miniport (SSTP) rassstp.sys 6.1.7600.16385 Kernel Driver Running rdbss Redirected Buffering Sub Sysytem rdbss.sys 6.1.7601.17514 File System Driver Running rdpbus Remote Desktop Device Redirector Bus Driver rdpbus.sys 6.1.7600.16385 Kernel Driver Running RDPCDD RDPCDD RDPCDD.sys 6.1.7601.17514 Kernel Driver Running RDPDR Terminal Server Device Redirector Driver rdpdr.sys 6.1.7601.17514 Kernel Driver Stopped RDPENCDD RDP Encoder Mirror Driver rdpencdd.sys 6.1.7600.16385 Kernel Driver Running RDPREFMP Reflector Display Driver used to gain access to graphics data rdprefmp.sys 6.1.7600.16385 Kernel Driver Running RdpVideoMiniport Remote Desktop Video Miniport Driver rdpvideominiport.sys 6.2.9200.16398 Kernel Driver Stopped RDPWD RDP Winstation Driver Kernel Driver Stopped rdyboost ReadyBoost rdyboost.sys 6.1.7601.17514 Kernel Driver Running rspndr Link-Layer Topology Discovery Responder rspndr.sys 6.1.7600.16385 Kernel Driver Running s3cap s3cap vms3cap.sys 6.1.7601.17514 Kernel Driver Stopped sbp2port SBP-2 Transport/Protocol Bus Driver sbp2port.sys 6.1.7601.17514 Kernel Driver Stopped scfilter Smart card PnP Class Filter Driver scfilter.sys 6.1.7601.17514 Kernel Driver Stopped secdrv Security Driver Kernel Driver Running Serenum Serenum Filter Driver serenum.sys 6.1.7600.16385 Kernel Driver Running Serial Serial port driver serial.sys 6.1.7600.16385 Kernel Driver Running sermouse Serial Mouse Driver sermouse.sys 6.1.7600.16385 Kernel Driver Stopped sfdrv01 StarForce Protection Environment Driver (version 1.x) sfdrv01.sys 1.49.0.0 Kernel Driver Running sfdrv01a StarForce Protection Environment Driver (version 1.x.a) sfdrv01a.sys 1.49.0.0 Kernel Driver Running sffdisk SFF Storage Class Driver sffdisk.sys 6.1.7600.16385 Kernel Driver Stopped sffp_mmc SFF Storage Protocol Driver for MMC sffp_mmc.sys 6.1.7600.16385 Kernel Driver Stopped sffp_sd SFF Storage Protocol Driver for SDBus sffp_sd.sys 6.1.7601.17514 Kernel Driver Stopped sfhlp02 StarForce Protection Helper Driver (version 2.x) sfhlp02.sys 2.8.0.0 Kernel Driver Running sfloppy High-Capacity Floppy Disk Drive sfloppy.sys 6.1.7600.16385 Kernel Driver Stopped sfsync04 StarForce Protection Synchronization Driver (version 4.x) sfsync04.sys 4.21.0.0 Kernel Driver Running sisagp SIS AGP Bus Filter sisagp.sys 6.1.7600.16385 Kernel Driver Stopped SiSRaid2 SiSRaid2 SiSRaid2.sys 5.1.1039.2600 Kernel Driver Stopped SiSRaid4 SiSRaid4 sisraid4.sys 5.1.1039.3600 Kernel Driver Stopped Smb Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session) smb.sys 6.1.7600.16385 Kernel Driver Stopped spldr Security Processor Loader Driver Kernel Driver Running srv Server SMB 1.xxx Driver srv.sys 6.1.7601.17608 File System Driver Running srv2 Server SMB 2.xxx Driver srv2.sys 6.1.7601.17608 File System Driver Running srvnet srvnet srvnet.sys 6.1.7601.17608 File System Driver Running ssudmdm SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) ssudmdm.sys 2.11.7.0 Kernel Driver Stopped stexstor stexstor stexstor.sys 5.0.1.1 Kernel Driver Stopped storflt Disk Virtual Machine Bus Acceleration Filter Driver vmstorfl.sys 6.1.7601.17514 Kernel Driver Running storvsc storvsc storvsc.sys 6.1.7601.17514 Kernel Driver Stopped swenum Software Bus Driver swenum.sys 6.1.7600.16385 Kernel Driver Running Synth3dVsc Synth3dVsc synth3dvsc.sys Kernel Driver Stopped taphss6 Anchorfree HSS VPN Adapter taphss6.sys Kernel Driver Stopped Tcpip TCP/IP Protocol Driver tcpip.sys 6.1.7601.18438 Kernel Driver Running TCPIP6 Microsoft IPv6 Protocol Driver tcpip.sys 6.1.7601.18438 Kernel Driver Stopped tcpipreg TCP/IP Registry Compatibility tcpipreg.sys 6.1.7601.17964 Kernel Driver Running TDPIPE TDPIPE tdpipe.sys 6.1.7601.17514 Kernel Driver Stopped TDTCP TDTCP tdtcp.sys 6.1.7601.17779 Kernel Driver Stopped tdx NetIO Legacy TDI Support Driver tdx.sys 6.1.7601.18658 Kernel Driver Running TermDD Terminal Device Driver termdd.sys 6.1.7601.17514 Kernel Driver Running tssecsrv Remote Desktop Services Security Filter Driver tssecsrv.sys 6.1.7601.18540 Kernel Driver Stopped TsUsbFlt TsUsbFlt tsusbflt.sys 6.3.9600.16415 Kernel Driver Stopped tsusbhub tsusbhub tsusbhub.sys Kernel Driver Stopped tunnel Microsoft Tunnel Miniport Adapter Driver tunnel.sys 6.1.7601.17514 Kernel Driver Running uagp35 Microsoft AGPv3.5 Filter uagp35.sys 6.1.7600.16385 Kernel Driver Stopped udfs udfs udfs.sys 6.1.7601.17514 File System Driver Stopped uliagpkx Uli AGP Bus Filter uliagpkx.sys 6.1.7600.16385 Kernel Driver Stopped umbus UMBus Enumerator Driver umbus.sys 6.1.7601.17514 Kernel Driver Running UmPass Microsoft UMPass Driver umpass.sys 6.1.7600.16385 Kernel Driver Stopped usbaudio USB Audio Driver (WDM) usbaudio.sys 6.1.7601.18208 Kernel Driver Stopped usbccgp Microsoft USB Generic Parent Driver usbccgp.sys 6.1.7601.18328 Kernel Driver Running usbcir eHome Infrared Receiver (USBCIR) usbcir.sys 6.1.7601.18208 Kernel Driver Stopped usbehci Microsoft USB 2.0 Enhanced Host Controller Miniport Driver usbehci.sys 6.1.7601.18328 Kernel Driver Running usbhub Microsoft USB Standard Hub Driver usbhub.sys 6.1.7601.18328 Kernel Driver Running usbohci Microsoft USB Open Host Controller Miniport Driver usbohci.sys 6.1.7601.18328 Kernel Driver Stopped usbprint Microsoft USB PRINTER Class usbprint.sys 6.1.7600.16385 Kernel Driver Stopped usbscan USB Scanner Driver usbscan.sys 6.1.7601.18199 Kernel Driver Stopped USBSTOR USB Mass Storage Driver USBSTOR.SYS 6.1.7601.17577 Kernel Driver Running usbuhci Microsoft USB Universal Host Controller Miniport Driver usbuhci.sys 6.1.7601.18328 Kernel Driver Running VBoxDrv VirtualBox Service VBoxDrv.sys 4.3.26.0 Kernel Driver Running VBoxNetAdp VirtualBox Host-Only Ethernet Adapter VBoxNetAdp.sys 4.3.26.0 Kernel Driver Running VBoxNetFlt VirtualBox Bridged Networking Service VBoxNetFlt.sys 4.3.26.0 Kernel Driver Running VBoxUSB VirtualBox USB VBoxUSB.sys 4.3.26.0 Kernel Driver Stopped VBoxUSBMon VirtualBox USB Monitor Driver VBoxUSBMon.sys 4.3.26.0 Kernel Driver Running vdrvroot Microsoft Virtual Drive Enumerator Driver vdrvroot.sys 6.1.7600.16385 Kernel Driver Running vga vga vgapnp.sys 6.1.7600.16385 Kernel Driver Stopped VgaSave VgaSave vga.sys 6.1.7600.16385 Kernel Driver Running VGPU VGPU rdvgkmd.sys Kernel Driver Stopped vhdmp vhdmp vhdmp.sys 6.1.7601.17514 Kernel Driver Stopped viaagp VIA AGP Bus Filter viaagp.sys 6.1.7600.16385 Kernel Driver Stopped ViaC7 VIA C7 Processor Driver viac7.sys 6.1.7600.16385 Kernel Driver Stopped viaide viaide viaide.sys 6.0.6000.170 Kernel Driver Stopped vmbus Virtual Machine Bus vmbus.sys 6.1.7601.17514 Kernel Driver Running VMBusHID VMBusHID VMBusHID.sys 6.1.7601.17514 Kernel Driver Stopped volmgr Volume Manager Driver volmgr.sys 6.1.7601.17514 Kernel Driver Running volmgrx Dynamic Volume Manager volmgrx.sys 6.1.7600.16385 Kernel Driver Running volsnap Storage volumes volsnap.sys 6.1.7601.17514 Kernel Driver Running vsmraid vsmraid vsmraid.sys 6.0.6000.6210 Kernel Driver Stopped vwifibus Virtual WiFi Bus Driver vwifibus.sys 6.1.7600.16385 Kernel Driver Stopped VX1000 VX-1000 VX1000.sys 1.3.10.0 Kernel Driver Stopped WacomPen Wacom Serial Pen HID Driver wacompen.sys 6.1.7600.16385 Kernel Driver Stopped WANARP Remote Access IP ARP Driver wanarp.sys 6.1.7601.17514 Kernel Driver Stopped Wanarpv6 Remote Access IPv6 ARP Driver wanarp.sys 6.1.7601.17514 Kernel Driver Running Wd Wd wd.sys 6.1.7600.16385 Kernel Driver Stopped Wdf01000 Kernel Mode Driver Frameworks service Wdf01000.sys 1.11.9200.16648 Kernel Driver Running WfpLwf WFP Lightweight Filter wfplwf.sys 6.1.7600.16385 Kernel Driver Running WIMMount WIMMount wimmount.sys 6.1.7600.16385 File System Driver Stopped WinUsb SAMSUNG Android USB Driver WinUsb.sys 6.1.7601.17514 Kernel Driver Stopped WmiAcpi Microsoft Windows Management Interface for ACPI wmiacpi.sys 6.1.7600.16385 Kernel Driver Stopped ws2ifsl Winsock IFS Driver ws2ifsl.sys 6.1.7600.16385 Kernel Driver Stopped WudfPf User Mode Driver Frameworks Platform Driver WudfPf.sys 6.2.9200.16384 Kernel Driver Running WUDFRd WUDFRd WUDFRd.sys 6.2.9200.16384 Kernel Driver Running --------[ Services ]---------------------------------------------------------------------------------------------------- AdobeARMservice Adobe Acrobat Update Service armsvc.exe 1.802.11.4130 Own Process Running LocalSystem AdobeFlashPlayerUpdateSvc Adobe Flash Player Update Service FlashPlayerUpdateService.exe 16.0.0.305 Own Process Stopped LocalSystem AeLookupSvc Application Experience svchost.exe 6.1.7600.16385 Share Process Running localSystem ALG Application Layer Gateway Service alg.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\LocalService AllShare Framework DMS AllShare Framework DMS AllShareFrameworkManagerDMS.exe 1.3.0.6 Own Process Running LocalSystem AppIDSvc Application Identity svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService Appinfo Application Information svchost.exe 6.1.7600.16385 Share Process Running LocalSystem AppMgmt Application Management svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem aspnet_state ASP.NET State Service aspnet_state.exe 4.0.30319.34209 Own Process Stopped NT AUTHORITY\NetworkService AudioEndpointBuilder Windows Audio Endpoint Builder svchost.exe 6.1.7600.16385 Share Process Running LocalSystem Audiosrv Windows Audio svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService AxInstSV ActiveX Installer (AxInstSV) svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem BDESVC BitLocker Drive Encryption Service svchost.exe 6.1.7600.16385 Share Process Stopped localSystem BFE Base Filtering Engine svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService BITS Background Intelligent Transfer Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem Browser Computer Browser svchost.exe 6.1.7600.16385 Share Process Running LocalSystem bthserv Bluetooth Support Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService c2cautoupdatesvc Skype Click to Call Updater SkypeC2CAutoUpdateSvc.exe 7.3.16540.9015 Own Process Running LocalSystem c2cpnrsvc Skype Click to Call PNR Service SkypeC2CPNRSvc.exe 7.3.16540.9015 Own Process Running NT AUTHORITY\NetworkService CertPropSvc Certificate Propagation svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem clr_optimization_v2.0.50727_32 Microsoft .NET Framework NGEN v2.0.50727_X86 mscorsvw.exe 2.0.50727.5483 Own Process Stopped LocalSystem clr_optimization_v4.0.30319_32 Microsoft .NET Framework NGEN v4.0.30319_X86 mscorsvw.exe 4.0.30319.34209 Own Process Stopped LocalSystem COMSysApp COM+ System Application dllhost.exe 6.1.7600.16385 Own Process Stopped LocalSystem CryptSvc Cryptographic Services svchost.exe 6.1.7600.16385 Share Process Running NT Authority\NetworkService CscService Offline Files svchost.exe 6.1.7600.16385 Share Process Running LocalSystem DcomLaunch DCOM Server Process Launcher svchost.exe 6.1.7600.16385 Share Process Running LocalSystem defragsvc Disk Defragmenter svchost.exe 6.1.7600.16385 Own Process Stopped localSystem Dhcp DHCP Client svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService Dnscache DNS Client svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService dot3svc Wired AutoConfig svchost.exe 6.1.7600.16385 Share Process Stopped localSystem DPS Diagnostic Policy Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService EapHost Extensible Authentication Protocol svchost.exe 6.1.7600.16385 Share Process Stopped localSystem EasyAntiCheat EasyAntiCheat EasyAntiCheat.exe 4.0.0.0 Own Process Stopped LocalSystem EFS Encrypting File System (EFS) lsass.exe 6.1.7601.18779 Share Process Stopped LocalSystem ehRecvr Windows Media Center Receiver Service ehRecvr.exe 6.1.7601.17514 Own Process Stopped NT AUTHORITY\networkService ehSched Windows Media Center Scheduler Service ehsched.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\networkService eventlog Windows Event Log svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService EventSystem COM+ Event System svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService Fax Fax fxssvc.exe 6.1.7601.17514 Own Process Stopped NT AUTHORITY\NetworkService fdPHost Function Discovery Provider Host svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService FDResPub Function Discovery Resource Publication svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService FontCache Windows Font Cache Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService FontCache3.0.0.0 Windows Presentation Foundation Font Cache 3.0.0.0 PresentationFontCache.exe 3.0.6920.4902 Own Process Stopped NT Authority\LocalService fsssvc Windows Live Family Safety Service fsssvc.exe 15.4.3555.308 Own Process Stopped LocalSystem gpsvc Group Policy Client svchost.exe 6.1.7600.16385 Own Process Running LocalSystem gupdate Serviciul Google Update (gupdate) GoogleUpdate.exe 1.3.25.11 Own Process Stopped LocalSystem gupdatem Serviciul Google Update (gupdatem) GoogleUpdate.exe 1.3.25.11 Own Process Stopped LocalSystem Hamachi2Svc LogMeIn Hamachi Tunneling Engine hamachi-2.exe 2.2.0.328 Own Process Running LocalSystem hidserv Human Interface Device Access svchost.exe 6.1.7600.16385 Share Process Running LocalSystem hkmsvc Health Key and Certificate Management svchost.exe 6.1.7600.16385 Share Process Stopped localSystem HomeGroupListener HomeGroup Listener svchost.exe 6.1.7600.16385 Share Process Running LocalSystem HomeGroupProvider HomeGroup Provider svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService idsvc Windows CardSpace infocard.exe 3.0.4506.5464 Share Process Stopped LocalSystem IEEtwCollectorService Internet Explorer ETW Collector Service IEEtwCollector.exe 11.0.9600.17689 Own Process Stopped LocalSystem IKEEXT IKE and AuthIP IPsec Keying Modules svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem IPBusEnum PnP-X IP Bus Enumerator svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem iphlpsvc IP Helper svchost.exe 6.1.7600.16385 Share Process Running LocalSystem KeyIso CNG Key Isolation lsass.exe 6.1.7601.18779 Share Process Running LocalSystem KtmRm KtmRm for Distributed Transaction Coordinator svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService LanmanServer Server svchost.exe 6.1.7600.16385 Share Process Running LocalSystem LanmanWorkstation Workstation svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService lltdsvc Link-Layer Topology Discovery Mapper svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService lmhosts TCP/IP NetBIOS Helper svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService Mcx2Svc Media Center Extender Service svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService Microsoft SharePoint Workspace Audit Service Microsoft SharePoint Workspace Audit Service GROOVE.EXE 14.0.4734.1000 Own Process Stopped NT AUTHORITY\LocalService MMCSS Multimedia Class Scheduler svchost.exe 6.1.7600.16385 Share Process Running LocalSystem MpsSvc Windows Firewall svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService MSDTC Distributed Transaction Coordinator msdtc.exe 2001.12.8530.16385 Own Process Stopped NT AUTHORITY\NetworkService MSiSCSI Microsoft iSCSI Initiator Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem msiserver Windows Installer msiexec.exe 5.0.7601.17514 Own Process Stopped LocalSystem MsMpSvc Microsoft Antimalware Service MsMpEng.exe 4.7.205.0 Own Process Running LocalSystem napagent Network Access Protection Agent svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService Netlogon Netlogon lsass.exe 6.1.7601.18779 Share Process Stopped LocalSystem Netman Network Connections svchost.exe 6.1.7600.16385 Share Process Running LocalSystem NetMsmqActivator Net.Msmq Listener Adapter SMSvcHost.exe 4.0.30319.34209 Share Process Stopped NT AUTHORITY\NetworkService NetPipeActivator Net.Pipe Listener Adapter SMSvcHost.exe 4.0.30319.34209 Share Process Stopped NT AUTHORITY\LocalService netprofm Network List Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService NetTcpActivator Net.Tcp Listener Adapter SMSvcHost.exe 4.0.30319.34209 Share Process Stopped NT AUTHORITY\LocalService NetTcpPortSharing Net.Tcp Port Sharing Service SMSvcHost.exe 4.0.30319.34209 Share Process Stopped NT AUTHORITY\LocalService NisSrv Microsoft Network Inspection NisSrv.exe 4.7.205.0 Own Process Running NT AUTHORITY\LocalService NlaSvc Network Location Awareness svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService nsi Network Store Interface Service svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService nvsvc NVIDIA Display Driver Service nvvsvc.exe 8.17.13.4144 Own Process Running LocalSystem ose Office Source Engine OSE.EXE 14.0.4730.1010 Own Process Stopped LocalSystem osppsvc Office Software Protection Platform OSPPSVC.EXE 14.0.370.400 Own Process Stopped NT AUTHORITY\NetworkService p2pimsvc Peer Networking Identity Manager svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService p2psvc Peer Networking Grouping svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService PcaSvc Program Compatibility Assistant Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem PeerDistSvc BranchCache svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService pla Performance Logs & Alerts svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService PlugPlay Plug and Play svchost.exe 6.1.7600.16385 Share Process Running LocalSystem PNRPAutoReg PNRP Machine Name Publication Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService PNRPsvc Peer Name Resolution Protocol svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService PolicyAgent IPsec Policy Agent svchost.exe 6.1.7600.16385 Share Process Running NT Authority\NetworkService Power Power svchost.exe 6.1.7600.16385 Share Process Running LocalSystem ProfSvc User Profile Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem ProtectedStorage Protected Storage lsass.exe 6.1.7601.18779 Share Process Stopped LocalSystem QWAVE Quality Windows Audio Video Experience svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService RasAuto Remote Access Auto Connection Manager svchost.exe 6.1.7600.16385 Share Process Stopped localSystem RasMan Remote Access Connection Manager svchost.exe 6.1.7600.16385 Share Process Running localSystem RemoteAccess Routing and Remote Access svchost.exe 6.1.7600.16385 Share Process Stopped localSystem RemoteRegistry Remote Registry svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService RpcEptMapper RPC Endpoint Mapper svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService RpcLocator Remote Procedure Call (RPC) Locator locator.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\NetworkService RpcSs Remote Procedure Call (RPC) svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService SamSs Security Accounts Manager lsass.exe 6.1.7601.18779 Share Process Running LocalSystem Samsung Link Service Samsung Link Service Samsung Link.exe 2.0.0.47726 Own Process Stopped LocalSystem SCardSvr Smart Card svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService Schedule Task Scheduler svchost.exe 6.1.7600.16385 Share Process Running LocalSystem SCPolicySvc Smart Card Removal Policy svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem SDRSVC Windows Backup svchost.exe 6.1.7600.16385 Own Process Stopped localSystem seclogon Secondary Logon svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem SENS System Event Notification Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem SensrSvc Adaptive Brightness svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService SessionEnv Remote Desktop Configuration svchost.exe 6.1.7600.16385 Share Process Stopped localSystem SharedAccess Internet Connection Sharing (ICS) svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem ShellHWDetection Shell Hardware Detection svchost.exe 6.1.7600.16385 Share Process Running LocalSystem SkypeUpdate Skype Updater Updater.exe 7.0.0.386 Own Process Stopped LocalSystem SNMPTRAP SNMP Trap snmptrap.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\LocalService Spooler Print Spooler spoolsv.exe 6.1.7601.17777 Own Process Running LocalSystem sppsvc Software Protection sppsvc.exe 6.1.7601.17514 Own Process Running NT AUTHORITY\NetworkService sppuinotify SPP Notification Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService SSDPSRV SSDP Discovery svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService SstpSvc Secure Socket Tunneling Protocol Service svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService Stereo Service NVIDIA Stereoscopic 3D Driver Service nvSCPAPISvr.exe 7.17.13.4144 Own Process Running LocalSystem StiSvc Windows Image Acquisition (WIA) svchost.exe 6.1.7600.16385 Own Process Running NT Authority\LocalService swprv Microsoft Software Shadow Copy Provider svchost.exe 6.1.7600.16385 Own Process Stopped LocalSystem SysMain Superfetch svchost.exe 6.1.7600.16385 Share Process Running LocalSystem TabletInputService Tablet PC Input Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem TapiSrv Telephony svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService TBS TPM Base Services svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService TeamViewer TeamViewer 10 TeamViewer_Service.exe 10.0.40798.0 Own Process Running LocalSystem TermService Remote Desktop Services svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\NetworkService Themes Themes svchost.exe 6.1.7600.16385 Share Process Running LocalSystem THREADORDER Thread Ordering Server svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService TrkWks Distributed Link Tracking Client svchost.exe 6.1.7600.16385 Share Process Running LocalSystem TrustedInstaller Windows Modules Installer TrustedInstaller.exe 6.1.7601.17514 Own Process Stopped localSystem UI0Detect Interactive Services Detection UI0Detect.exe 6.1.7600.16385 Own Process Stopped LocalSystem UmRdpService Remote Desktop Services UserMode Port Redirector svchost.exe 6.1.7600.16385 Share Process Stopped localSystem upnphost UPnP Device Host svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService UxSms Desktop Window Manager Session Manager svchost.exe 6.1.7600.16385 Share Process Running localSystem VaultSvc Credential Manager lsass.exe 6.1.7601.18779 Share Process Stopped LocalSystem vds Virtual Disk vds.exe 6.1.7601.17514 Own Process Stopped LocalSystem VSS Volume Shadow Copy vssvc.exe 6.1.7601.17514 Own Process Stopped LocalSystem W32Time Windows Time svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService wbengine Block Level Backup Engine Service wbengine.exe 6.1.7601.17514 Own Process Stopped localSystem WbioSrvc Windows Biometric Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem wcncsvc Windows Connect Now - Config Registrar svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService WcsPlugInService Windows Color System svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService WdiServiceHost Diagnostic Service Host svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService WdiSystemHost Diagnostic System Host svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem WebClient WebClient svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService Wecsvc Windows Event Collector svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService wercplsupport Problem Reports and Solutions Control Panel Support svchost.exe 6.1.7600.16385 Share Process Stopped localSystem WerSvc Windows Error Reporting Service svchost.exe 6.1.7600.16385 Share Process Stopped localSystem WinDefend Windows Defender svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem WinHttpAutoProxySvc WinHTTP Web Proxy Auto-Discovery Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService Winmgmt Windows Management Instrumentation svchost.exe 6.1.7600.16385 Share Process Running localSystem WinRM Windows Remote Management (WS-Management) svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService Wlansvc WLAN AutoConfig svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem wlidsvc Windows Live ID Sign-in Assistant WLIDSVC.EXE 7.250.4232.0 Own Process Running LocalSystem wmiApSrv WMI Performance Adapter WmiApSrv.exe 6.1.7600.16385 Own Process Stopped localSystem WMPNetworkSvc Windows Media Player Network Sharing Service wmpnetwk.exe 12.0.7601.17514 Own Process Running NT AUTHORITY\NetworkService WPCSvc Parental Controls svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService WPDBusEnum Portable Device Enumerator Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem wscsvc Security Center svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService WSearch Windows Search SearchIndexer.exe 7.0.7601.17610 Own Process Running LocalSystem wuauserv Windows Update svchost.exe 6.1.7600.16385 Share Process Running LocalSystem wudfsvc Windows Driver Foundation - User-mode Driver Framework svchost.exe 6.1.7600.16385 Share Process Running LocalSystem WwanSvc WWAN AutoConfig svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService --------[ AX Files ]---------------------------------------------------------------------------------------------------- bdaplgin.ax 6.1.7600.16385 Microsoft BDA Device Control Plug-in for MPEG2 based networks. g711codc.ax 6.1.7601.17514 Intel G711 CODEC iac25_32.ax 2.0.5.53 Indeo® audio software ir41_32.ax 4.51.16.3 Intel Indeo® Video 4.5 ivfsrc.ax 5.10.2.51 Intel Indeo® video IVF Source Filter 5.10 ksproxy.ax 6.1.7601.17514 WDM Streaming ActiveMovie Proxy kstvtune.ax 6.1.7601.17514 WDM Streaming TvTuner kswdmcap.ax 6.1.7601.17514 WDM Streaming Video Capture ksxbar.ax 6.1.7601.17514 WDM Streaming Crossbar lcproxy.ax mpeg2data.ax 6.6.7601.17514 Microsoft MPEG-2 Section and Table Acquisition Module mpg2splt.ax 6.6.7601.17528 DirectShow MPEG-2 Splitter. msdvbnp.ax 6.6.7601.17514 Microsoft Network Provider for MPEG2 based networks. msnp.ax 6.6.7601.17514 Microsoft Network Provider for MPEG2 based networks. psisrndr.ax 6.6.7601.17669 Microsoft Transport Information Filter for MPEG2 based networks. vbicodec.ax 6.6.7601.17514 Microsoft VBI Codec vbisurf.ax 6.1.7601.17514 VBI Surface Allocator Filter vidcap.ax 6.1.7600.16385 Video Capture Interface Server wstpager.ax 6.6.7601.17514 Microsoft Teletext Server --------[ DLL Files ]--------------------------------------------------------------------------------------------------- accessibilitycpl.dll 6.1.7601.17514 Ease of access control panel acctres.dll 6.1.7600.16385 Microsoft Internet Account Manager Resources acledit.dll 6.1.7600.16385 Access Control List Editor aclui.dll 6.1.7600.16385 Security Descriptor Editor acmigration.dll 10.0.10037.0 Compatibility Upgrade Migration Host acppage.dll 6.1.7601.17514 Compatibility Tab Shell Extension Library acproxy.dll 6.1.7600.16385 Autochk Proxy DLL actioncenter.dll 6.1.7601.17514 Action Center actioncentercpl.dll 6.1.7601.17514 Action Center Control Panel actionqueue.dll 6.1.7601.17514 Unattend Action Queue Generator / Executor activeds.dll 6.1.7601.17514 ADs Router Layer DLL actxprxy.dll 6.1.7601.17514 ActiveX Interface Marshaling Library admtmpl.dll 6.1.7601.17514 Administrative Templates Extension adprovider.dll 6.1.7601.18409 adprovider DLL adsldp.dll 6.1.7601.17514 ADs LDAP Provider DLL adsldpc.dll 6.1.7600.16385 ADs LDAP Provider C DLL adsmsext.dll 6.1.7600.16385 ADs LDAP Provider DLL adsnt.dll 6.1.7600.16385 ADs Windows NT Provider DLL adtschema.dll 6.1.7601.18779 Security Audit Schema DLL advapi32.dll 6.1.7601.18247 Advanced Windows 32 Base API advpack.dll 8.0.7600.16385 ADVPACK aecache.dll 6.1.7600.16385 AECache Sysprep Plugin aeevts.dll 6.1.7600.16385 Application Experience Event Resources aeinv.dll 10.0.10037.0 Application Experience Program Inventory Component aelupsvc.dll 6.1.7600.16385 Application Experience Service aepdu.dll 6.1.7601.18803 Program Compatibility Data Updater aepic.dll 10.0.9896.0 Application Experience Program Cache alttab.dll 6.1.7600.16385 Windows Shell Alt Tab amstream.dll 6.6.7601.17514 DirectShow Runtime. amxread.dll 6.1.7600.16385 API Tracing Manifest Read Library apds.dll 6.1.7600.16385 Microsoft® Help Data Services Module apilogen.dll 6.1.7600.16385 API Tracing Log Engine api-ms-win-core-console-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-datetime-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-debug-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-delayload-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-errorhandling-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-fibers-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-file-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-handle-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-heap-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-interlocked-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-io-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-libraryloader-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-localization-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-localregistry-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-memory-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-misc-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-namedpipe-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-processenvironment-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-processthreads-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-profile-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-rtlsupport-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-string-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-synch-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-sysinfo-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-threadpool-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-util-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-xstate-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-downlevel-advapi32-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-advapi32-l2-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-normaliz-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-ole32-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-shell32-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-shlwapi-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-shlwapi-l2-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-user32-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-version-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-security-base-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-security-lsalookup-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-security-sddl-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-service-core-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-service-management-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-service-management-l2-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-service-winsvc-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL apircl.dll 6.1.7600.16385 Microsoft® InfoTech IR Local DLL apisetschema.dll 6.1.7601.18741 ApiSet Schema DLL apphelp.dll 6.1.7601.17514 Application Compatibility Client Library apphlpdm.dll 6.1.7600.16385 Application Compatibility Help Module appidapi.dll 6.1.7601.18741 Application Identity APIs Dll appidpolicyengineapi.dll 6.1.7600.16385 AppId Policy Engine API Module appidsvc.dll 6.1.7601.18741 Application Identity Service appinfo.dll 6.1.7601.18103 Application Information Service appmgmts.dll 6.1.7600.16385 Software installation Service appmgr.dll 6.1.7601.17514 Software Installation Snapin Extenstion appraiser.dll 10.0.10037.0 Compatibility Appraiser apss.dll 6.1.7600.16385 Microsoft® InfoTech Storage System Library asferror.dll 12.0.7600.16385 ASF Error Definitions aspnet_counters.dll 4.0.30319.34209 Microsoft ASP.NET Performance Counter Shim DLL asycfilt.dll 6.1.7601.17514 atl.dll 3.5.2284.0 ATL Module for Windows XP (Unicode) atl100.dll 10.0.40219.325 ATL Module for Windows atl110.dll 11.0.60610.1 ATL Module for Windows atmfd.dll 5.1.2.241 Windows NT OpenType/Type 1 Font Driver atmlib.dll 5.1.2.241 Windows NT OpenType/Type 1 API Library. audiodev.dll 6.1.7601.17514 Portable Media Devices Shell Extension audioeng.dll 6.1.7601.18741 Audio Engine audiokse.dll 6.1.7601.18741 Audio Ks Endpoint audioses.dll 6.1.7601.18741 Audio Session audiosrv.dll 6.1.7601.18741 Windows Audio Service auditcse.dll 6.1.7600.16385 Windows Audit Settings CSE auditnativesnapin.dll 6.1.7600.16385 Audit Policy Group Policy Editor Extension auditpolicygpinterop.dll 6.1.7600.16385 Audit Policy GP Module auditpolmsg.dll 6.1.7600.16385 Audit Policy MMC SnapIn Messages authfwcfg.dll 6.1.7600.16385 Windows Firewall with Advanced Security Configuration Helper authfwgp.dll 6.1.7600.16385 Windows Firewall with Advanced Security Group Policy Editor Extension authfwsnapin.dll 6.1.7601.17514 Microsoft.WindowsFirewall.SnapIn authfwwizfwk.dll 6.1.7600.16385 Wizard Framework authui.dll 6.1.7601.18493 Windows Authentication UI authz.dll 6.1.7600.16385 Authorization Framework autoplay.dll 6.1.7601.17514 AutoPlay Control Panel auxiliarydisplayapi.dll 6.1.7600.16385 Microsoft Windows SideShow API auxiliarydisplayclassinstaller.dll 6.1.7600.16385 Class installer for Microsoft Windows SideShow-compatible devices auxiliarydisplaycpl.dll 6.1.7601.17514 Microsoft Windows SideShow Control Panel auxiliarydisplaydriverlib.dll 6.1.7600.16385 Microsoft Windows SideShow class extension component auxiliarydisplayservices.dll 6.1.7601.17514 Microsoft Windows SideShow services avicap.dll 1.15.0.1 AVI Capture DLL avicap32.dll 6.1.7600.16385 AVI Capture window class avifil32.dll 6.1.7601.17514 Microsoft AVI File support library avifile.dll 4.90.0.3000 Microsoft AVI File support library avrt.dll 6.1.7600.16385 Multimedia Realtime Runtime axinstsv.dll 6.1.7601.17514 ActiveX Installer Service azroles.dll 6.1.7601.17514 azroles Module azroleui.dll 6.1.7601.17514 Authorization Manager azsqlext.dll 6.1.7601.17514 AzMan Sql Audit Extended Stored Procedures Dll basecsp.dll 6.1.7601.17514 Microsoft Base Smart Card Crypto Provider basesrv.dll 6.1.7601.17514 Windows NT BASE API Server DLL batmeter.dll 6.1.7601.17514 Battery Meter Helper DLL batt.dll 6.1.7600.16385 Battery Class Installer bcdprov.dll 6.1.7600.16385 Boot Configuration Data WMI Provider bcdsrv.dll 6.1.7601.17514 Boot Configuration Data COM Server bcrypt.dll 6.1.7600.16385 Windows Cryptographic Primitives Library bcryptprimitives.dll 6.1.7600.16385 Windows Cryptographic Primitives Library bdehdcfglib.dll 6.1.7600.16385 Windows BitLocker Drive Preparation Tool bderepair.dll 6.1.7600.16385 BitLocker Drive Encryption: Drive Repair Tool bdesvc.dll 6.1.7600.16385 BDE Service bdeui.dll 6.1.7600.16385 Windows BitLocker Drive Encryption User Interface bfe.dll 6.1.7601.17514 Base Filtering Engine bidispl.dll 6.1.7600.16385 Bidispl DLL biocpl.dll 6.1.7601.17514 Biometrics Control Panel biocredprov.dll 6.1.7600.16385 WinBio Credential Provider bitsigd.dll 7.5.7600.16385 Background Intelligent Transfer Service IGD Support bitsperf.dll 7.5.7601.17514 Perfmon Counter Access bitsprx2.dll 7.5.7600.16385 Background Intelligent Transfer Service Proxy bitsprx3.dll 7.5.7600.16385 Background Intelligent Transfer Service 2.0 Proxy bitsprx4.dll 7.5.7600.16385 Background Intelligent Transfer Service 2.5 Proxy bitsprx5.dll 7.5.7600.16385 Background Intelligent Transfer Service 3.0 Proxy bitsprx6.dll 7.5.7600.16385 Background Intelligent Transfer Service 4.0 Proxy blackbox.dll 11.0.7601.18741 BlackBox DLL blb_ps.dll 6.1.7600.16385 Microsoft® Block Level Backup proxy/stub blbevents.dll 6.1.7601.17514 Blb Publisher blbres.dll 6.1.7600.16385 Microsoft® Block Level Backup Engine Service Resources boost_date_time-vc90-mt-1_47.dll boost_filesystem-vc90-mt-1_47.dll boost_regex-vc90-mt-1_47.dll boost_serialization-vc90-mt-1_47.dll boost_system-vc90-mt-1_47.dll boost_thread-vc90-mt-1_47.dll bootres.dll 6.1.7601.17514 Boot Resource Library bootstr.dll 6.1.7600.16385 Boot String Resource Library bootvid.dll 6.1.7600.16385 VGA Boot Driver brcoinst.dll 1.0.0.20 Brother Multi Function CoInstaller brdgcfg.dll 6.1.7600.16385 NWLink IPX Notify Object bridgeres.dll 6.1.7600.16385 Bridge Resources browcli.dll 6.1.7601.17887 Browser Service Client DLL browser.dll 6.1.7601.17887 Computer Browser Service DLL browseui.dll 6.1.7601.17514 Shell Browser UI Library bthci.dll 6.1.7600.16385 Bluetooth Class Installer bthmtpcontexthandler.dll 6.1.7600.16385 Bluetooth MTP Context Menu Handler bthpanapi.dll 6.1.7600.16385 bthpanapi bthpancontexthandler.dll 1.0.0.1 Bthpan Context Handler bthserv.dll 6.1.7600.16385 Bluetooth Support Service btpanui.dll 6.1.7600.16385 Bluetooth PAN User Interface bwcontexthandler.dll 1.0.0.1 ContextH Application bwunpairelevated.dll 6.1.7600.16385 BWUnpairElevated Proxy Dll c_g18030.dll 6.1.7600.16385 GB18030 DBCS-Unicode Conversion DLL c_is2022.dll 6.1.7600.16385 ISO-2022 Code Page Translation DLL c_iscii.dll 6.1.7601.17514 ISCII Code Page Translation DLL cabinet.dll 6.1.7601.17514 Microsoft® Cabinet File API cabview.dll 6.1.7601.17514 Cabinet File Viewer Shell Extension capiprovider.dll 6.1.7601.18409 capiprovider DLL capisp.dll 6.1.7600.16385 Sysprep cleanup dll for CAPI cardgames.dll 1.0.0.1 CardGames Resources catsrv.dll 2001.12.8530.16385 COM+ Configuration Catalog Server catsrvps.dll 2001.12.8530.16385 COM+ Configuration Catalog Server Proxy/Stub catsrvut.dll 2001.12.8530.16385 COM+ Configuration Catalog Server Utilities cca.dll 6.6.7601.17514 CCA DirectShow Filter. cdd.dll 6.1.7601.18510 Canonical Display Driver cdosys.dll 6.6.7601.17857 Microsoft CDO for Windows Library certcli.dll 6.1.7601.17514 Microsoft® Active Directory Certificate Services Client certcredprovider.dll 6.1.7600.16385 Cert Credential Provider certenc.dll 6.1.7601.18151 Active Directory Certificate Services Encoding certenroll.dll 6.1.7601.17514 Microsoft® Active Directory Certificate Services Enrollment Client certenrollui.dll 6.1.7600.16385 X509 Certificate Enrollment UI certmgr.dll 6.1.7601.17514 Certificates snap-in certpoleng.dll 6.1.7601.17514 Certificate Policy Engine certprop.dll 6.1.7601.17514 Microsoft Smartcard Certificate Propagation Service cewmdm.dll 12.0.7600.16385 Windows CE WMDM Service Provider cfgbkend.dll 6.1.7600.16385 Configuration Backend Interface cfgmgr32.dll 6.1.7601.17514 Configuration Manager DLL chkwudrv.dll 6.1.7600.16385 Search Windows Update for Drivers chsbrkr.dll 6.1.7600.16385 Simplified Chinese Word Breaker chtbrkr.dll 6.1.7600.16385 Chinese Traditional Word Breaker chxreadingstringime.dll 6.1.7600.16385 CHxReadingStringIME ci.dll 6.1.7601.18519 Code Integrity Module cic.dll 6.1.7600.16385 CIC - MMC controls for Taskpad circoinst.dll 6.1.7600.16385 USB Consumer IR Driver coinstaller for eHome clb.dll 6.1.7600.16385 Column List Box clbcatq.dll 2001.12.8530.16385 COM+ Configuration Catalog clfsw32.dll 6.1.7600.16385 Common Log Marshalling Win32 DLL cliconfg.dll 6.1.7600.16385 SQL Client Configuration Utility DLL clusapi.dll 6.1.7601.17514 Cluster API Library cmcfg32.dll 7.2.7600.16385 Microsoft Connection Manager Configuration Dll cmdial32.dll 7.2.7600.16385 Microsoft Connection Manager cmicryptinstall.dll 6.1.7600.16385 Installers for cryptographic elements of CMI objects cmifw.dll 6.1.7600.16385 Windows Firewall rule configuration plug-in cmipnpinstall.dll 6.1.7600.16385 PNP plugin installer for CMI cmlua.dll 7.2.7600.16385 Connection Manager Admin API Helper cmnclim.dll 6.1.7600.16385 Common Client Library cmpbk32.dll 7.2.7600.16385 Microsoft Connection Manager Phonebook cmstplua.dll 7.2.7600.16385 Connection Manager Admin API Helper for Setup cmutil.dll 7.2.7600.16385 Microsoft Connection Manager Utility Lib cnc190c.dll 1.0.6.0 WIA Scanner Driver cnc190i.dll 1.0.6.0 WIA Scanner Driver Image Enhancement dll cnc190l.dll 1.0.0.0 LLD cnc190o.dll 2.0.4.0 Canon WIA scanner co-installer. cngaudit.dll 6.1.7600.16385 Windows Cryptographic Next Generation audit library cngprovider.dll 6.1.7601.18409 cngprovider DLL cnhi07a.dll 1.0.0.0 WIA Scanner Driver Image Enhancement dll cnhl190.dll 1.0.0.0 LLD cnmlm9i.dll 0.3.0.1 IJ Language Monitor cnvfat.dll 6.1.7600.16385 FAT File System Conversion Utility DLL cofiredm.dll 6.1.7600.16385 Corrupted File Recovery Diagnostic Module colbact.dll 2001.12.8530.16385 COM+ colorcnv.dll 6.1.7600.16385 Windows Media Color Conversion colorui.dll 6.1.7600.16385 Microsoft Color Control Panel comcat.dll 6.1.7600.16385 Microsoft Component Category Manager Library comctl32.dll 5.82.7601.18201 User Experience Controls Library comdlg32.dll 6.1.7601.17514 Common Dialogs DLL commdlg.dll 3.10.0.103 Common Dialogs libraries compobj.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library compstui.dll 6.1.7600.16385 Common Property Sheet User Interface DLL comrepl.dll 2001.12.8530.16385 COM+ comres.dll 2001.12.8530.16385 COM+ Resources comsnap.dll 2001.12.8530.16385 COM+ Explorer MMC Snapin comsvcs.dll 2001.12.8530.16385 COM+ Services comuid.dll 2001.12.8530.16385 COM+ Explorer UI connect.dll 6.1.7600.16385 Get Connected Wizards console.dll 6.1.7600.16385 Control Panel Console Applet correngine.dll 6.1.7600.16385 Correlation Engine cpfilters.dll 6.6.7601.17528 PTFilter & Encypter/Decrypter Tagger Filters. credssp.dll 6.1.7601.18779 Credential Delegation Security Package credui.dll 6.1.7601.18276 Credential Manager User Interface crppresentation.dll 6.1.7600.16385 Conference Room Projector : Presentation crtdll.dll 4.0.1183.1 Microsoft C Runtime Library crypt32.dll 6.1.7601.18741 Crypto API32 cryptbase.dll 6.1.7600.16385 Base cryptographic API DLL cryptdlg.dll 6.1.7601.18150 Microsoft Common Certificate Dialogs cryptdll.dll 6.1.7600.16385 Cryptography Manager cryptext.dll 6.1.7600.16385 Crypto Shell Extensions cryptnet.dll 6.1.7601.18741 Crypto Network Related API cryptsp.dll 6.1.7601.18741 Cryptographic Service Provider API cryptsvc.dll 6.1.7601.18741 Cryptographic Services cryptui.dll 6.1.7601.18741 Microsoft Trust UI Provider cryptxml.dll 6.1.7600.16385 XML DigSig API cscapi.dll 6.1.7601.17514 Offline Files Win32 API cscdll.dll 6.1.7601.17514 Offline Files Temporary Shim cscmig.dll 6.1.7601.17514 Microsoft Offline Files Migration Plugin cscobj.dll 6.1.7601.17514 In-proc COM object used by clients of CSC API cscsvc.dll 6.1.7601.17514 CSC Service DLL cscui.dll 6.1.7601.17514 Client Side Caching UI csrsrv.dll 6.1.7601.18741 Client Server Runtime Process ctl3d32.dll 2.31.0.0 Ctl3D 3D Windows Controls ctl3dv2.dll 2.99.0.0 Ctl3D 3D Windows NT(WOW) Controls cvx1000.dll 1.0.7.0 Microsoft LifeCam Device Application d2d1.dll 6.2.9200.16765 Microsoft D2D Library d3d10.dll 6.2.9200.16492 Direct3D 10 Runtime d3d10_1.dll 6.2.9200.16492 Direct3D 10.1 Runtime d3d10_1core.dll 6.2.9200.16492 Direct3D 10.1 Runtime d3d10core.dll 6.2.9200.16492 Direct3D 10 Runtime d3d10level9.dll 6.2.9200.16492 Direct3D 10 to Direct3D9 Translation Runtime d3d10warp.dll 6.2.9200.17033 Direct3D 10 Rasterizer d3d11.dll 6.2.9200.16570 Direct3D 11 Runtime d3d8.dll 6.1.7600.16385 Microsoft Direct3D d3d8thk.dll 6.1.7600.16385 Microsoft Direct3D OS Thunk Layer d3d9.dll 6.1.7601.17514 Direct3D 9 Runtime d3dcompiler_33.dll 9.18.904.15 Microsoft Direct3D d3dcompiler_34.dll 9.19.949.46 Microsoft Direct3D d3dcompiler_35.dll 9.19.949.1104 Microsoft Direct3D d3dcompiler_36.dll 9.19.949.2111 Microsoft Direct3D d3dcompiler_37.dll 9.22.949.2248 Microsoft Direct3D d3dcompiler_38.dll 9.23.949.2378 Microsoft Direct3D d3dcompiler_39.dll 9.24.949.2307 Microsoft Direct3D d3dcompiler_40.dll 9.24.950.2656 Direct3D HLSL Compiler d3dcompiler_41.dll 9.26.952.2844 Direct3D HLSL Compiler d3dcompiler_42.dll 9.27.952.3022 Direct3D HLSL Compiler d3dcompiler_43.dll 9.29.952.3111 Direct3D HLSL Compiler d3dcsx_42.dll 9.27.952.3022 Direct3D 10.1 Extensions d3dcsx_43.dll 9.29.952.3111 Direct3D 10.1 Extensions d3dim.dll 6.1.7600.16385 Microsoft Direct3D d3dim700.dll 6.1.7600.16385 Microsoft Direct3D d3dramp.dll 6.1.7600.16385 Microsoft Direct3D d3dx10.dll 9.16.843.0 Microsoft Direct3D d3dx10_33.dll 9.18.904.21 Microsoft Direct3D d3dx10_34.dll 9.19.949.46 Microsoft Direct3D d3dx10_35.dll 9.19.949.1104 Microsoft Direct3D d3dx10_36.dll 9.19.949.2009 Microsoft Direct3D d3dx10_37.dll 9.19.949.2187 Microsoft Direct3D d3dx10_38.dll 9.23.949.2378 Microsoft Direct3D d3dx10_39.dll 9.24.949.2307 Microsoft Direct3D d3dx10_40.dll 9.24.950.2656 Direct3D 10.1 Extensions d3dx10_41.dll 9.26.952.2844 Direct3D 10.1 Extensions d3dx10_42.dll 9.27.952.3001 Direct3D 10.1 Extensions d3dx10_43.dll 9.29.952.3111 Direct3D 10.1 Extensions d3dx11_42.dll 9.27.952.3022 Direct3D 10.1 Extensions d3dx11_43.dll 9.29.952.3111 Direct3D 10.1 Extensions d3dx9_24.dll 9.5.132.0 Microsoft® DirectX for Windows® d3dx9_25.dll 9.6.168.0 Microsoft® DirectX for Windows® d3dx9_26.dll 9.7.239.0 Microsoft® DirectX for Windows® d3dx9_27.dll 9.8.299.0 Microsoft® DirectX for Windows® d3dx9_28.dll 9.10.455.0 Microsoft® DirectX for Windows® d3dx9_29.dll 9.11.519.0 Microsoft® DirectX for Windows® d3dx9_30.dll 9.12.589.0 Microsoft® DirectX for Windows® d3dx9_31.dll 9.15.779.0 Microsoft® DirectX for Windows® d3dx9_32.dll 9.16.843.0 Microsoft® DirectX for Windows® d3dx9_33.dll 9.18.904.15 Microsoft® DirectX for Windows® d3dx9_34.dll 9.19.949.46 Microsoft® DirectX for Windows® d3dx9_35.dll 9.19.949.1104 Microsoft® DirectX for Windows® d3dx9_36.dll 9.19.949.2111 Microsoft® DirectX for Windows® d3dx9_37.dll 9.22.949.2248 Microsoft® DirectX for Windows® d3dx9_38.dll 9.23.949.2378 Microsoft® DirectX for Windows® d3dx9_39.dll 9.24.949.2307 Microsoft® DirectX for Windows® d3dx9_40.dll 9.24.950.2656 Direct3D 9 Extensions d3dx9_41.dll 9.26.952.2844 Direct3D 9 Extensions d3dx9_42.dll 9.27.952.3001 Direct3D 9 Extensions d3dx9_43.dll 9.29.952.3111 Direct3D 9 Extensions d3dxof.dll 6.1.7600.16385 DirectX Files DLL dataclen.dll 6.1.7600.16385 Disk Space Cleaner for Windows davclnt.dll 6.1.7601.18201 Web DAV Client DLL davhlpr.dll 6.1.7600.16385 DAV Helper DLL dbgeng.dll 6.1.7601.17514 Windows Symbolic Debugger Engine dbghelp.dll 6.1.7601.17514 Windows Image Helper dbnetlib.dll 6.1.7600.16385 Winsock Oriented Net DLL for SQL Clients dbnmpntw.dll 6.1.7600.16385 Named Pipes Net DLL for SQL Clients dciman32.dll 6.1.7601.18768 DCI Manager ddaclsys.dll 6.1.7600.16385 SysPrep module for Reseting Data Drive ACL ddeml.dll 3.50.0.103 DDE Management library ddoiproxy.dll 6.1.7600.16385 DDOI Interface Proxy ddores.dll 6.1.7600.16385 Device Category information and resources ddraw.dll 6.1.7600.16385 Microsoft DirectDraw ddrawex.dll 6.1.7600.16385 Direct Draw Ex defaultlocationcpl.dll 6.1.7601.17514 Default Location Control Panel defragproxy.dll 6.1.7600.16385 Microsoft® Disk Defragmenter Proxy Library defragsvc.dll 6.1.7600.16385 Microsoft\Disk Defragmenter deskadp.dll 6.1.7600.16385 Advanced display adapter properties deskmon.dll 6.1.7600.16385 Advanced display monitor properties deskperf.dll 6.1.7600.16385 Advanced display performance properties devenum.dll 6.6.7600.16385 Device enumeration. devicecenter.dll 6.1.7601.17514 Device Center devicedisplaystatusmanager.dll 6.1.7600.16385 Device Display Status Manager devicemetadataparsers.dll 6.1.7600.16385 Common Device Metadata parsers devicepairing.dll 6.1.7600.16385 Shell extensions for Device Pairing devicepairingfolder.dll 6.1.7601.17514 Device Pairing Folder devicepairinghandler.dll 6.1.7600.16385 Device Pairing Handler Dll devicepairingproxy.dll 6.1.7600.16385 Device Pairing Proxy Dll deviceuxres.dll 6.1.7600.16385 Windows Device User Experience Resource File devinv.dll 10.0.10037.0 Device Inventory Library devmgr.dll 6.1.7600.16385 Device Manager MMC Snapin devobj.dll 6.1.7600.16385 Device Information Set DLL devrtl.dll 6.1.7600.16385 Device Management Run Time Library dfdts.dll 6.1.7600.16385 Windows Disk Failure Diagnostic Module dfscli.dll 6.1.7600.16385 Windows NT Distributed File System Client DLL dfshim.dll 4.0.41210.0 ClickOnce Application Deployment Support Library dfsshlex.dll 6.1.7600.16385 Distributed File System shell extension dhcpcmonitor.dll 6.1.7600.16385 DHCP Client Monitor Dll dhcpcore.dll 6.1.7601.17514 DHCP Client Service dhcpcore6.dll 6.1.7601.17970 DHCPv6 Client dhcpcsvc.dll 6.1.7600.16385 DHCP Client Service dhcpcsvc6.dll 6.1.7601.17970 DHCPv6 Client dhcpqec.dll 6.1.7600.16385 Microsoft DHCP NAP Enforcement Client dhcpsapi.dll 6.1.7600.16385 DHCP Server API Stub DLL diagcpl.dll 6.1.7601.17514 Troubleshooting Control Panel diagperf.dll 6.1.7601.17514 Microsoft Performance Diagnostics difxapi.dll 2.1.0.0 Driver Install Frameworks for API library module dimsjob.dll 6.1.7600.16385 DIMS Job DLL dimsroam.dll 6.1.7601.18409 Key Roaming DIMS Provider DLL dinput.dll 6.1.7600.16385 Microsoft DirectInput dinput8.dll 6.1.7600.16385 Microsoft DirectInput directdb.dll 6.1.7600.16385 Microsoft Direct Database API diskcopy.dll 6.1.7600.16385 Windows DiskCopy dispci.dll 6.1.7600.16385 Microsoft Display Class Installer dispex.dll 5.8.7600.16385 Microsoft ® DispEx display.dll 6.1.7601.17514 Display Control Panel dmband.dll 6.1.7600.16385 Microsoft DirectMusic Band dmcompos.dll 6.1.7600.16385 Microsoft DirectMusic Composer dmdlgs.dll 6.1.7600.16385 Disk Management Snap-in Dialogs dmdskmgr.dll 6.1.7600.16385 Disk Management Snap-in Support Library dmdskres.dll 6.1.7600.16385 Disk Management Snap-in Resources dmdskres2.dll 6.1.7600.16385 Disk Management Snap-in Resources dmime.dll 6.1.7600.16385 Microsoft DirectMusic Interactive Engine dmintf.dll 6.1.7600.16385 Disk Management DCOM Interface Stub dmloader.dll 6.1.7600.16385 Microsoft DirectMusic Loader dmocx.dll 6.1.7600.16385 TreeView OCX dmrc.dll 6.1.7600.16385 Windows MRC dmscript.dll 6.1.7600.16385 Microsoft DirectMusic Scripting dmstyle.dll 6.1.7600.16385 Microsoft DirectMusic Style Engline dmsynth.dll 6.1.7600.16385 Microsoft DirectMusic Software Synthesizer dmusic.dll 6.1.7600.16385 Microsoft DirectMusic Core Services dmutil.dll 6.1.7600.16385 Logical Disk Manager Utility Library dmvdsitf.dll 6.1.7600.16385 Disk Management Snap-in Support Library dnsapi.dll 6.1.7601.17570 DNS Client API DLL dnscmmc.dll 6.1.7601.17514 DNS Client MMC Snap-in DLL dnsext.dll 6.1.7600.16385 DNS extension DLL dnshc.dll 6.1.7600.16385 DNS Helper Class dnsrslvr.dll 6.1.7601.17570 DNS Caching Resolver Service docprop.dll 6.1.7600.16385 OLE DocFile Property Page documentperformanceevents.dll 6.1.7600.16385 Documents and Printing Performance Events dot3api.dll 6.1.7601.17514 802.3 Autoconfiguration API dot3cfg.dll 6.1.7601.17514 802.3 Netsh Helper dot3dlg.dll 6.1.7600.16385 802.3 UI Helper dot3gpclnt.dll 6.1.7600.16385 802.3 Group Policy Client dot3gpui.dll 6.1.7600.16385 802.3 Network Policy Management Snap-in dot3hc.dll 6.1.7600.16385 Dot3 Helper Class dot3msm.dll 6.1.7601.17514 802.3 Media Specific Module dot3svc.dll 6.1.7601.17514 Wired AutoConfig Service dot3ui.dll 6.1.7601.17514 802.3 Advanced UI dpapiprovider.dll 6.1.7601.18409 dpapiprovider DLL dplayx.dll 6.1.7600.16385 Microsoft DirectPlay dpmodemx.dll 6.1.7600.16385 Modem and Serial Connection For DirectPlay dpnaddr.dll 6.1.7601.17514 Microsoft DirectPlay8 Address dpnathlp.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper UPnP dpnet.dll 6.1.7601.17989 Microsoft DirectPlay dpnhpast.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper PAST dpnhupnp.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper UPNP dpnlobby.dll 6.1.7600.16385 Microsoft DirectPlay8 Lobby dps.dll 6.1.7601.17514 WDI Diagnostic Policy Service dpwsockx.dll 6.1.7600.16385 Internet TCP/IP and IPX Connection For DirectPlay dpx.dll 6.1.7601.17514 Microsoft(R) Delta Package Expander drmmgrtn.dll 11.0.7601.18741 DRM Migration DLL drmv2clt.dll 11.0.7601.18741 DRMv2 Client DLL drprov.dll 6.1.7600.16385 Microsoft Remote Desktop Session Host Server Network Provider drt.dll 6.1.7600.16385 Distributed Routing Table drtprov.dll 6.1.7600.16385 Distributed Routing Table Providers drttransport.dll 6.1.7600.16385 Distributed Routing Table Transport Provider drvstore.dll 6.1.7601.17514 Driver Store API ds16gt.dll 3.510.3711.0 Microsoft ODBC Driver Setup Generic Thunk ds32gt.dll 6.1.7600.16385 ODBC Driver Setup Generic Thunk dsauth.dll 6.1.7601.17514 DS Authorization for Services dsdmo.dll 6.1.7600.16385 DirectSound Effects dshowrdpfilter.dll 1.0.0.0 RDP Renderer Filter (redirector) dskquota.dll 6.1.7600.16385 Windows Shell Disk Quota Support DLL dskquoui.dll 6.1.7601.17514 Windows Shell Disk Quota UI DLL dsound.dll 6.1.7600.16385 DirectSound dsprop.dll 6.1.7600.16385 Windows Active Directory Property Pages dsquery.dll 6.1.7600.16385 Directory Service Find dsrole.dll 6.1.7600.16385 DS Role Client DLL dssec.dll 6.1.7600.16385 Directory Service Security UI dssenh.dll 6.1.7600.16385 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider dsuiext.dll 6.1.7601.17514 Directory Service Common UI dswave.dll 6.1.7600.16385 Microsoft DirectMusic Wave dtsh.dll 6.1.7600.16385 Detection and Sharing Status API dui70.dll 6.1.7600.16385 Windows DirectUI Engine duser.dll 6.1.7600.16385 Windows DirectUser Engine dwmapi.dll 6.1.7600.16385 Microsoft Desktop Window Manager API dwmcore.dll 6.1.7601.17514 Microsoft DWM Core Library dwmredir.dll 6.1.7601.17514 Microsoft Desktop Window Manager Redirection Component dwrite.dll 6.2.9200.16571 Microsoft DirectX Typography Services dxdiagn.dll 6.1.7601.17514 Microsoft DirectX Diagnostic Tool dxgi.dll 6.2.9200.16492 DirectX Graphics Infrastructure dxmasf.dll 12.0.7601.18741 Microsoft Windows Media Component Removal File. dxp.dll 6.1.7601.17514 Device Stage Shell Extension dxpps.dll 6.1.7600.16385 Device Experience Platform Proxy\Stub DLL dxptaskringtone.dll 6.1.7601.17514 Microsoft Ringtone Editor dxptasksync.dll 6.1.7601.17514 Microsoft Windows DXP Sync. dxtmsft.dll 11.0.9600.17690 DirectX Media -- Image DirectX Transforms dxtrans.dll 11.0.9600.17690 DirectX Media -- DirectX Transform Core dxva2.dll 6.1.7600.16385 DirectX Video Acceleration 2.0 DLL eapp3hst.dll 6.1.7601.17514 Microsoft ThirdPartyEapDispatcher eappcfg.dll 6.1.7600.16385 Eap Peer Config eappgnui.dll 6.1.7601.17514 EAP Generic UI eapphost.dll 6.1.7601.17514 Microsoft EAPHost Peer service eappprxy.dll 6.1.7600.16385 Microsoft EAPHost Peer Client DLL eapqec.dll 6.1.7600.16385 Microsoft EAP NAP Enforcement Client eapsvc.dll 6.1.7600.16385 Microsoft EAPHost service efsadu.dll 6.1.7600.16385 File Encryption Utility efscore.dll 6.1.7601.17514 EFS Core Library efslsaext.dll 6.1.7600.16385 LSA extension for EFS efssvc.dll 6.1.7600.16385 EFS Service efsutil.dll 6.1.7600.16385 EFS Utility Library ehstorapi.dll 6.1.7601.17514 Windows Enhanced Storage API ehstorpwdmgr.dll 6.1.7600.16385 Windows Enhanced Storage Password Manager ehstorshell.dll 6.1.7600.16385 Windows Enhanced Storage Shell Extension DLL els.dll 6.1.7600.16385 Event Viewer Snapin elscore.dll 6.1.7600.16385 Els Core Platform DLL elshyph.dll 6.3.9600.16428 ELS Hyphenation Service elslad.dll 6.1.7600.16385 ELS Language Detection elstrans.dll 6.1.7601.17514 ELS Transliteration Service encapi.dll 6.1.7600.16385 Encoder API encdec.dll 6.6.7601.17708 XDSCodec & Encypter/Decrypter Tagger Filters. encdump.dll 5.0.1.1 Media Foundation Crash Dump Encryption DLL energy.dll 6.1.7600.16385 Power Efficiency Diagnostics eqossnap.dll 6.1.7600.16385 EQoS Snapin extension es.dll 2001.12.8530.16385 COM+ esent.dll 6.1.7601.17577 Extensible Storage Engine for Microsoft(R) Windows(R) esentprf.dll 6.1.7600.16385 Extensible Storage Engine Performance Monitoring Library for Microsoft(R) Windows(R) eventcls.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service event class evr.dll 6.1.7601.18741 Enhanced Video Renderer DLL explorerframe.dll 6.1.7601.17514 ExplorerFrame expsrv.dll 6.0.72.9589 Visual Basic for Applications Runtime - Expression Service f3ahvoas.dll 6.1.7600.16385 JP Japanese Keyboard Layout for Fujitsu FMV oyayubi-shift keyboard faultrep.dll 6.1.7601.17514 Windows User Mode Crash Reporting DLL fdbth.dll 6.1.7600.16385 Function Discovery Bluetooth Provider Dll fdbthproxy.dll 6.1.7600.16385 Bluetooth Provider Proxy Dll fde.dll 6.1.7601.17514 Folder Redirection Snapin Extension fdeploy.dll 6.1.7601.17514 Folder Redirection Group Policy Extension fdphost.dll 6.1.7600.16385 Function Discovery Provider host service fdpnp.dll 6.1.7600.16385 Pnp Provider Dll fdprint.dll 6.1.7600.16385 Function Discovery Print Provider Dll fdproxy.dll 6.1.7600.16385 Function Discovery Proxy Dll fdrespub.dll 6.1.7600.16385 Function Discovery Resource Publication Service fdssdp.dll 6.1.7600.16385 Function Discovery SSDP Provider Dll fdwcn.dll 6.1.7600.16385 Windows Connect Now - Config Function Discovery Provider DLL fdwnet.dll 6.1.7600.16385 Function Discovery WNet Provider Dll fdwsd.dll 6.1.7600.16385 Function Discovery WS Discovery Provider Dll feclient.dll 6.1.7600.16385 Windows NT File Encryption Client Interfaces filemgmt.dll 6.1.7600.16385 Services and Shared Folders findnetprinters.dll 6.1.7600.16385 Find Network Printers COM Component firewallapi.dll 6.1.7600.16385 Windows Firewall API firewallcontrolpanel.dll 6.1.7601.17514 Windows Firewall Control Panel fltlib.dll 6.1.7600.16385 Filter Library fm20.dll 14.0.4730.1010 Microsoft® Forms DLL fm20enu.dll 14.0.4730.1010 Microsoft® Forms International DLL fmifs.dll 6.1.7600.16385 FM IFS Utility DLL fms.dll 1.1.6000.16384 Font Management Services fntcache.dll 6.2.9200.16492 Windows Font Cache Service fontext.dll 6.1.7601.17514 Windows Font Folder fontsub.dll 6.1.7601.18768 Font Subsetting DLL fphc.dll 6.1.7601.17514 Filtering Platform Helper Class framebuf.dll 6.1.7600.16385 Framebuffer Display Driver framedyn.dll 6.1.7601.17514 WMI SDK Provider Framework framedynos.dll 6.1.7601.17514 WMI SDK Provider Framework fthsvc.dll 6.1.7600.16385 Microsoft Windows Fault Tolerant Heap Diagnostic Module fundisc.dll 6.1.7600.16385 Function Discovery Dll fveapi.dll 6.1.7601.17514 Windows BitLocker Drive Encryption API fveapibase.dll 6.1.7600.16385 Windows BitLocker Drive Encryption Base API fvecerts.dll 6.1.7600.16385 BitLocker Certificates Library fvecpl.dll 6.1.7601.17514 BitLocker Drive Encryption control panel fverecover.dll 6.1.7600.16385 Windows BitLocker Drive Encryption User Interface fveui.dll 6.1.7600.16385 BitLocker Drive Encryption UI fvewiz.dll 6.1.7600.16385 BitLocker Drive Encryption Wizard fwcfg.dll 6.1.7600.16385 Windows Firewall Configuration Helper fwpuclnt.dll 6.1.7601.18283 FWP/IPsec User-Mode API fwremotesvr.dll 6.1.7600.16385 Windows Firewall Remote APIs Server fxsapi.dll 6.1.7600.16385 Microsoft Fax API Support DLL fxscom.dll 6.1.7600.16385 Microsoft Fax Server COM Client Interface fxscomex.dll 6.1.7600.16385 Microsoft Fax Server Extended COM Client Interface fxscompose.dll 6.1.7600.16385 Compose Form fxscomposeres.dll 6.1.7600.16385 Fax Compose fxsevent.dll 6.1.7600.16385 Microsoft Fax EventLog Support DLL fxsext32.dll 6.1.7600.16385 Microsoft Fax Exchange Command Extension fxsmon.dll 6.1.7601.17514 Microsoft Fax Print Monitor fxsresm.dll 6.1.7600.16385 Microsoft Fax Resource DLL fxsroute.dll 6.1.7600.16385 Microsoft Fax Routing DLL fxsst.dll 6.1.7600.16385 Fax Service fxst30.dll 6.1.7600.16385 Microsoft Fax T30 Protocol Service Provider fxstiff.dll 6.1.7601.17514 Microsoft Fax TIFF library fxsutility.dll 6.1.7600.16385 Fax Utility DLL fxsxp32.dll 6.1.7600.16385 Microsoft Fax Transport Provider gacinstall.dll 6.1.7600.16385 Installers for CLR and other managed code gameux.dll 6.1.7601.18020 Games Explorer gameuxlegacygdfs.dll 1.0.0.1 Legacy GDF resource DLL gcdef.dll 6.1.7600.16385 Game Controllers Default Sheets gdi32.dll 6.1.7601.18577 GDI Client DLL generaltel.dll 10.0.10037.0 General Telemetry getuname.dll 6.1.7600.16385 Unicode name Dll for UCE glmf32.dll 6.1.7600.16385 OpenGL Metafiling DLL glu32.dll 6.1.7600.16385 OpenGL Utility Library DLL gpapi.dll 6.1.7600.16385 Group Policy Client API gpedit.dll 6.1.7600.16385 GPEdit gpprefcl.dll 6.1.7601.17514 Group Policy Preference Client gpprnext.dll 6.1.7600.16385 Group Policy Printer Extension gpscript.dll 6.1.7600.16385 Script Client Side Extension gpsvc.dll 6.1.7601.17514 Group Policy Client gptext.dll 6.1.7600.16385 GPTExt groupinghc.dll 6.1.7600.16385 Grouping Helper Class hal.dll 6.1.7601.17514 Hardware Abstraction Layer DLL halacpi.dll 6.1.7601.17514 Hardware Abstraction Layer DLL halmacpi.dll 6.1.7601.17514 Hardware Abstraction Layer DLL hbaapi.dll 6.1.7601.17514 HBA API data interface dll for HBA_API_Rev_2-18_2002MAR1.doc hcproviders.dll 6.1.7600.16385 Action Center Providers helppaneproxy.dll 6.1.7600.16385 Microsoft® Help Proxy hgcpl.dll 6.1.7601.17514 HomeGroup Control Panel hgprint.dll 6.1.7601.17514 HomeGroup Printing Support hhsetup.dll 6.1.7600.16385 Microsoft® HTML Help hid.dll 6.1.7600.16385 Hid User Library hidserv.dll 6.1.7600.16385 HID Service hlink.dll 6.1.7600.16385 Microsoft Office 2000 component hnetcfg.dll 6.1.7600.16385 Home Networking Configuration Manager hnetmon.dll 6.1.7600.16385 Home Networking Monitor DLL hotplug.dll 6.1.7600.16385 Safely Remove Hardware applet hotstartuseragent.dll 6.1.7601.17514 Microsoft Windows HotStart User Agent httpapi.dll 6.1.7601.17514 HTTP Protocol Stack API htui.dll 6.1.7600.16385 Common halftone Color Adjustment Dialogs ias.dll 6.1.7600.16385 Network Policy Server iasacct.dll 6.1.7601.17514 NPS Accounting Provider iasads.dll 6.1.7600.16385 NPS Active Directory Data Store iasdatastore.dll 6.1.7600.16385 NPS Datastore server iashlpr.dll 6.1.7600.16385 NPS Surrogate Component iasmigplugin.dll 6.1.7600.16385 NPS Migration DLL iasnap.dll 6.1.7600.16385 NPS NAP Provider iaspolcy.dll 6.1.7600.16385 NPS Pipeline iasrad.dll 6.1.7601.17514 NPS RADIUS Protocol Component iasrecst.dll 6.1.7601.17514 NPS XML Datastore Access iassam.dll 6.1.7600.16385 NPS NT SAM Provider iassdo.dll 6.1.7600.16385 NPS SDO Component iassvcs.dll 6.1.7600.16385 NPS Services Component icaapi.dll 6.1.7601.17514 DLL Interface to TermDD Device Driver icardie.dll 11.0.9600.16428 Microsoft Information Card IE Helper icardres.dll 3.0.4506.5464 Windows CardSpace iccoinstall.dll 6.1.7601.17514 Hyper-V Integration Components Coinstaller iccvid.dll 1.10.0.13 Cinepak® Codec icfupgd.dll 6.1.7600.16385 Windows Firewal ICF Settings Upgrade icm32.dll 6.1.7600.16385 Microsoft Color Management Module (CMM) icmp.dll 6.1.7600.16385 ICMP DLL icmui.dll 6.1.7600.16385 Microsoft Color Matching System User Interface DLL iconcodecservice.dll 6.1.7600.16385 Converts a PNG part of the icon to a legacy bmp icon icsigd.dll 6.1.7600.16385 Internet Gateway Device properties idlisten.dll 6.1.7600.16385 Identity Listener idndl.dll 6.1.7600.16385 Downlevel DLL idstore.dll 6.1.7600.16385 Identity Store ieadvpack.dll 11.0.9600.16428 ADVPACK ieapfltr.dll 11.0.9600.17689 Microsoft SmartScreen Filter iedkcs32.dll 18.0.9600.17689 IEAK branding ieetwcollectorres.dll 11.0.9600.17689 IE ETW Collector Service Resources ieetwproxystub.dll 11.0.9600.17689 IE ETW Collector Proxy Stub Resources ieframe.dll 11.0.9600.17690 Internet Browser iepeers.dll 11.0.9600.16428 Internet Explorer Peer Objects iernonce.dll 11.0.9600.17689 Extended RunOnce processing with UI iertutil.dll 11.0.9600.17689 Run time utility for Internet Explorer iesetup.dll 11.0.9600.17689 IOD Version Map iesysprep.dll 11.0.9600.16428 IE Sysprep Provider ieui.dll 11.0.9600.17689 Internet Explorer UI Engine ifmon.dll 6.1.7600.16385 IF Monitor DLL ifsutil.dll 6.1.7601.17514 IFS Utility DLL ifsutilx.dll 6.1.7600.16385 IFS Utility Extension DLL igddiag.dll 6.1.7600.16385 IGD Helper Class ikeext.dll 6.1.7601.18283 IKE extension imagehlp.dll 6.1.7601.18288 Windows NT Image Helper imageres.dll 6.1.7600.16385 Windows Image Resource imagesp1.dll 6.1.7600.16385 Windows SP1 Image Resource imapi.dll 6.1.7600.16385 Image Mastering API imapi2.dll 6.1.7601.17514 Image Mastering API v2 imapi2fs.dll 6.1.7601.17514 Image Mastering File System Imaging API v2 imgutil.dll 11.0.9600.16428 IE plugin image decoder support DLL imjp10k.dll 10.1.7601.18556 Microsoft IME imm32.dll 6.1.7601.17514 Multi-User Windows IMM32 API Client DLL inetcomm.dll 6.1.7601.17609 Microsoft Internet Messaging API Resources inetmib1.dll 6.1.7601.17514 Microsoft MIB-II subagent inetpp.dll 6.1.7601.17514 Internet Print Provider DLL inetppui.dll 6.1.7600.16385 Internet Print Client DLL inetres.dll 6.1.7600.16385 Microsoft Internet Messaging API Resources infocardapi.dll 3.0.4506.5461 Microsoft InfoCards inked.dll 6.1.7600.16385 Microsoft Tablet PC InkEdit Control input.dll 6.1.7601.17514 InputSetting DLL inseng.dll 11.0.9600.16428 Install engine invagent.dll 10.0.10037.0 Inventory Agent iologmsg.dll 6.1.7601.18386 IO Logging DLL ipbusenum.dll 6.1.7600.16385 PnP-X IP Bus Enumerator DLL ipbusenumproxy.dll 6.1.7600.16385 Associated Device Presence Proxy Dll iphlpapi.dll 6.1.7601.17514 IP Helper API iphlpsvc.dll 6.1.7601.17964 Service that offers IPv6 connectivity over an IPv4 network. ipnathlp.dll 6.1.7600.16385 Microsoft NAT Helper Components iprop.dll 6.1.7600.16385 OLE PropertySet Implementation iprtprio.dll 6.1.7600.16385 IP Routing Protocol Priority DLL iprtrmgr.dll 6.1.7601.17514 IP Router Manager ipsecsnp.dll 6.1.7600.16385 IP Security Policy Management Snap-in ipsecsvc.dll 6.1.7601.17514 Windows IPsec SPD Server DLL ipsmsnap.dll 6.1.7601.17514 IP Security Monitor Snap-in ir32_32.dll 3.24.15.3 Intel Indeo(R) Video R3.2 32-bit Driver ir41_qc.dll 4.30.62.2 Intel Indeo® Video Interactive Quick Compressor ir41_qcx.dll 4.30.62.2 Intel Indeo® Video Interactive Quick Compressor ir50_32.dll 5.2562.15.55 Intel Indeo® video 5.10 ir50_qc.dll 5.0.63.48 Intel Indeo® video 5.10 Quick Compressor ir50_qcx.dll 5.0.63.48 Intel Indeo® video 5.10 Quick Compressor irclass.dll 6.1.7600.16385 Infrared Class Coinstaller irmon.dll 6.1.7600.16385 Infrared Monitor iscsicpl.dll 5.2.3790.1830 iSCSI Initiator Control Panel Applet iscsidsc.dll 6.1.7600.16385 iSCSI Discovery api iscsied.dll 6.1.7600.16385 iSCSI Extension DLL iscsiexe.dll 6.1.7600.16385 iSCSI Discovery service iscsilog.dll 6.1.7600.16385 iSCSI Event Log DLL iscsium.dll 6.1.7601.17514 iSCSI Discovery api iscsiwmi.dll 6.1.7600.16385 MS iSCSI Initiator WMI Provider itircl.dll 6.1.7601.17514 Microsoft® InfoTech IR Local DLL itss.dll 6.1.7600.16385 Microsoft® InfoTech Storage System Library itvdata.dll 6.6.7601.17514 iTV Data Filters. iyuv_32.dll 6.1.7601.17514 Intel Indeo(R) Video YUV Codec javascriptcollectionagent.dll 11.0.9600.17689 JavaScript Performance Collection Agent jnwmon.dll 0.3.7600.16385 Windows Journal Port Monitor DLL jscript.dll 5.8.9600.16428 Microsoft ® JScript jscript9.dll 11.0.9600.17689 Microsoft ® JScript jscript9diag.dll 11.0.9600.17689 Microsoft ® JScript Diagnostics jsintl.dll 6.3.9600.16428 Windows Globalization jsproxy.dll 11.0.9600.17689 JScript Proxy Auto-Configuration kbd101.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 101 kbd101a.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101 (Type A) kbd101b.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101(Type B) kbd101c.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101(Type C) kbd103.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 103 kbd106.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 106 kbd106n.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 106 kbda1.dll 6.1.7600.16385 Arabic_English_101 Keyboard Layout kbda2.dll 6.1.7600.16385 Arabic_2 Keyboard Layout kbda3.dll 6.1.7600.16385 Arabic_French_102 Keyboard Layout kbdal.dll 6.1.7600.16385 Albania Keyboard Layout kbdarme.dll 6.1.7600.16385 Eastern Armenian Keyboard Layout kbdarmw.dll 6.1.7600.16385 Western Armenian Keyboard Layout kbdax2.dll 6.1.7600.16385 JP Japanese Keyboard Layout for AX2 kbdaze.dll 6.1.7600.16385 Azerbaijan_Cyrillic Keyboard Layout kbdazel.dll 6.1.7600.16385 Azeri-Latin Keyboard Layout kbdbash.dll 6.1.7601.18528 Bashkir Keyboard Layout kbdbe.dll 6.1.7600.16385 Belgian Keyboard Layout kbdbene.dll 6.1.7600.16385 Belgian Dutch Keyboard Layout kbdbgph.dll 6.1.7600.16385 Bulgarian Phonetic Keyboard Layout kbdbgph1.dll 6.1.7600.16385 Bulgarian (Phonetic Traditional) Keyboard Layout kbdbhc.dll 6.1.7600.16385 Bosnian (Cyrillic) Keyboard Layout kbdblr.dll 6.1.7601.17514 Belarusian Keyboard Layout kbdbr.dll 6.1.7600.16385 Brazilian Keyboard Layout kbdbu.dll 6.1.7600.16385 Bulgarian (Typewriter) Keyboard Layout kbdbulg.dll 6.1.7601.17514 Bulgarian Keyboard Layout kbdca.dll 6.1.7600.16385 Canadian Multilingual Keyboard Layout kbdcan.dll 6.1.7600.16385 Canadian Multilingual Standard Keyboard Layout kbdcr.dll 6.1.7600.16385 Croatian/Slovenian Keyboard Layout kbdcz.dll 6.1.7600.16385 Czech Keyboard Layout kbdcz1.dll 6.1.7601.17514 Czech_101 Keyboard Layout kbdcz2.dll 6.1.7600.16385 Czech_Programmer's Keyboard Layout kbdda.dll 6.1.7600.16385 Danish Keyboard Layout kbddiv1.dll 6.1.7600.16385 Divehi Phonetic Keyboard Layout kbddiv2.dll 6.1.7600.16385 Divehi Typewriter Keyboard Layout kbddv.dll 6.1.7600.16385 Dvorak US English Keyboard Layout kbdes.dll 6.1.7600.16385 Spanish Alernate Keyboard Layout kbdest.dll 6.1.7600.16385 Estonia Keyboard Layout kbdfa.dll 6.1.7600.16385 Persian Keyboard Layout kbdfc.dll 6.1.7600.16385 Canadian French Keyboard Layout kbdfi.dll 6.1.7600.16385 Finnish Keyboard Layout kbdfi1.dll 6.1.7600.16385 Finnish-Swedish with Sami Keyboard Layout kbdfo.dll 6.1.7600.16385 Faroese Keyboard Layout kbdfr.dll 6.1.7600.16385 French Keyboard Layout kbdgae.dll 6.1.7600.16385 Gaelic Keyboard Layout kbdgeo.dll 6.1.7601.17514 Georgian Keyboard Layout kbdgeoer.dll 6.1.7600.16385 Georgian (Ergonomic) Keyboard Layout kbdgeoqw.dll 6.1.7600.16385 Georgian (QWERTY) Keyboard Layout kbdgkl.dll 6.1.7601.17514 Greek_Latin Keyboard Layout kbdgr.dll 6.1.7600.16385 German Keyboard Layout kbdgr1.dll 6.1.7601.17514 German_IBM Keyboard Layout kbdgrlnd.dll 6.1.7600.16385 Greenlandic Keyboard Layout kbdhau.dll 6.1.7600.16385 Hausa Keyboard Layout kbdhe.dll 6.1.7600.16385 Greek Keyboard Layout kbdhe220.dll 6.1.7600.16385 Greek IBM 220 Keyboard Layout kbdhe319.dll 6.1.7600.16385 Greek IBM 319 Keyboard Layout kbdheb.dll 6.1.7600.16385 KBDHEB Keyboard Layout kbdhela2.dll 6.1.7600.16385 Greek IBM 220 Latin Keyboard Layout kbdhela3.dll 6.1.7600.16385 Greek IBM 319 Latin Keyboard Layout kbdhept.dll 6.1.7600.16385 Greek_Polytonic Keyboard Layout kbdhu.dll 6.1.7600.16385 Hungarian Keyboard Layout kbdhu1.dll 6.1.7600.16385 Hungarian 101-key Keyboard Layout kbdibm02.dll 6.1.7600.16385 JP Japanese Keyboard Layout for IBM 5576-002/003 kbdibo.dll 6.1.7600.16385 Igbo Keyboard Layout kbdic.dll 6.1.7600.16385 Icelandic Keyboard Layout kbdinasa.dll 6.1.7600.16385 Assamese (Inscript) Keyboard Layout kbdinbe1.dll 6.1.7600.16385 Bengali - Inscript (Legacy) Keyboard Layout kbdinbe2.dll 6.1.7600.16385 Bengali (Inscript) Keyboard Layout kbdinben.dll 6.1.7601.17514 Bengali Keyboard Layout kbdindev.dll 6.1.7600.16385 Devanagari Keyboard Layout kbdinguj.dll 6.1.7600.16385 Gujarati Keyboard Layout kbdinhin.dll 6.1.7601.17514 Hindi Keyboard Layout kbdinkan.dll 6.1.7601.17514 Kannada Keyboard Layout kbdinmal.dll 6.1.7600.16385 Malayalam Keyboard Layout Keyboard Layout kbdinmar.dll 6.1.7601.17514 Marathi Keyboard Layout kbdinori.dll 6.1.7601.17514 Oriya Keyboard Layout kbdinpun.dll 6.1.7600.16385 Punjabi/Gurmukhi Keyboard Layout kbdintam.dll 6.1.7601.17514 Tamil Keyboard Layout kbdintel.dll 6.1.7601.17514 Telugu Keyboard Layout kbdinuk2.dll 6.1.7600.16385 Inuktitut Naqittaut Keyboard Layout kbdir.dll 6.1.7600.16385 Irish Keyboard Layout kbdit.dll 6.1.7600.16385 Italian Keyboard Layout kbdit142.dll 6.1.7600.16385 Italian 142 Keyboard Layout kbdiulat.dll 6.1.7600.16385 Inuktitut Latin Keyboard Layout kbdjpn.dll 6.1.7600.16385 JP Japanese Keyboard Layout Stub driver kbdkaz.dll 6.1.7600.16385 Kazak_Cyrillic Keyboard Layout kbdkhmr.dll 6.1.7600.16385 Cambodian Standard Keyboard Layout kbdkor.dll 6.1.7600.16385 KO Hangeul Keyboard Layout Stub driver kbdkyr.dll 6.1.7600.16385 Kyrgyz Keyboard Layout kbdla.dll 6.1.7600.16385 Latin-American Spanish Keyboard Layout kbdlao.dll 6.1.7600.16385 Lao Standard Keyboard Layout kbdlk41a.dll 6.1.7601.17514 DEC LK411-AJ Keyboard Layout kbdlt.dll 6.1.7600.16385 Lithuania Keyboard Layout kbdlt1.dll 6.1.7601.17514 Lithuanian Keyboard Layout kbdlt2.dll 6.1.7600.16385 Lithuanian Standard Keyboard Layout kbdlv.dll 6.1.7600.16385 Latvia Keyboard Layout kbdlv1.dll 6.1.7600.16385 Latvia-QWERTY Keyboard Layout kbdmac.dll 6.1.7600.16385 Macedonian (FYROM) Keyboard Layout kbdmacst.dll 6.1.7600.16385 Macedonian (FYROM) - Standard Keyboard Layout kbdmaori.dll 6.1.7601.17514 Maori Keyboard Layout kbdmlt47.dll 6.1.7600.16385 Maltese 47-key Keyboard Layout kbdmlt48.dll 6.1.7600.16385 Maltese 48-key Keyboard Layout kbdmon.dll 6.1.7601.17514 Mongolian Keyboard Layout kbdmonmo.dll 6.1.7600.16385 Mongolian (Mongolian Script) Keyboard Layout kbdne.dll 6.1.7600.16385 Dutch Keyboard Layout kbdnec.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800) kbdnec95.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800 Windows 95) kbdnecat.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX) kbdnecnt.dll 6.1.7600.16385 JP Japanese NEC PC-9800 Keyboard Layout kbdnepr.dll 6.1.7601.17514 Nepali Keyboard Layout kbdno.dll 6.1.7600.16385 Norwegian Keyboard Layout kbdno1.dll 6.1.7600.16385 Norwegian with Sami Keyboard Layout kbdnso.dll 6.1.7600.16385 Sesotho sa Leboa Keyboard Layout kbdpash.dll 6.1.7600.16385 Pashto (Afghanistan) Keyboard Layout kbdpl.dll 6.1.7600.16385 Polish Keyboard Layout kbdpl1.dll 6.1.7600.16385 Polish Programmer's Keyboard Layout kbdpo.dll 6.1.7601.17514 Portuguese Keyboard Layout kbdro.dll 6.1.7600.16385 Romanian (Legacy) Keyboard Layout kbdropr.dll 6.1.7600.16385 Romanian (Programmers) Keyboard Layout kbdrost.dll 6.1.7600.16385 Romanian (Standard) Keyboard Layout kbdru.dll 6.1.7601.18528 Russian Keyboard Layout kbdru1.dll 6.1.7601.18528 Russia(Typewriter) Keyboard Layout kbdsf.dll 6.1.7601.17514 Swiss French Keyboard Layout kbdsg.dll 6.1.7601.17514 Swiss German Keyboard Layout kbdsl.dll 6.1.7600.16385 Slovak Keyboard Layout kbdsl1.dll 6.1.7600.16385 Slovak(QWERTY) Keyboard Layout kbdsmsfi.dll 6.1.7600.16385 Sami Extended Finland-Sweden Keyboard Layout kbdsmsno.dll 6.1.7600.16385 Sami Extended Norway Keyboard Layout kbdsn1.dll 6.1.7600.16385 Sinhala Keyboard Layout kbdsorex.dll 6.1.7600.16385 Sorbian Extended Keyboard Layout kbdsors1.dll 6.1.7600.16385 Sorbian Standard Keyboard Layout kbdsorst.dll 6.1.7600.16385 Sorbian Standard (Legacy) Keyboard Layout kbdsp.dll 6.1.7600.16385 Spanish Keyboard Layout kbdsw.dll 6.1.7600.16385 Swedish Keyboard Layout kbdsw09.dll 6.1.7600.16385 Sinhala - Wij 9 Keyboard Layout kbdsyr1.dll 6.1.7600.16385 Syriac Standard Keyboard Layout kbdsyr2.dll 6.1.7600.16385 Syriac Phoenetic Keyboard Layout kbdtajik.dll 6.1.7601.17514 Tajik Keyboard Layout kbdtat.dll 6.1.7601.18528 Tatar (Legacy) Keyboard Layout kbdth0.dll 6.1.7600.16385 Thai Kedmanee Keyboard Layout kbdth1.dll 6.1.7600.16385 Thai Pattachote Keyboard Layout kbdth2.dll 6.1.7600.16385 Thai Kedmanee (non-ShiftLock) Keyboard Layout kbdth3.dll 6.1.7600.16385 Thai Pattachote (non-ShiftLock) Keyboard Layout kbdtiprc.dll 6.1.7600.16385 Tibetan (PRC) Keyboard Layout kbdtuf.dll 6.1.7601.17514 Turkish F Keyboard Layout kbdtuq.dll 6.1.7601.17514 Turkish Q Keyboard Layout kbdturme.dll 6.1.7601.17514 Turkmen Keyboard Layout kbdughr.dll 6.1.7600.16385 Uyghur (Legacy) Keyboard Layout kbdughr1.dll 6.1.7601.17514 Uyghur Keyboard Layout kbduk.dll 6.1.7600.16385 United Kingdom Keyboard Layout kbdukx.dll 6.1.7600.16385 United Kingdom Extended Keyboard Layout kbdur.dll 6.1.7600.16385 Ukrainian Keyboard Layout kbdur1.dll 6.1.7600.16385 Ukrainian (Enhanced) Keyboard Layout kbdurdu.dll 6.1.7600.16385 Urdu Keyboard Layout kbdus.dll 6.1.7601.17514 United States Keyboard Layout kbdusa.dll 6.1.7600.16385 US IBM Arabic 238_L Keyboard Layout kbdusl.dll 6.1.7600.16385 Dvorak Left-Hand US English Keyboard Layout kbdusr.dll 6.1.7600.16385 Dvorak Right-Hand US English Keyboard Layout kbdusx.dll 6.1.7600.16385 US Multinational Keyboard Layout kbduzb.dll 6.1.7600.16385 Uzbek_Cyrillic Keyboard Layout kbdvntc.dll 6.1.7600.16385 Vietnamese Keyboard Layout kbdwol.dll 6.1.7600.16385 Wolof Keyboard Layout kbdyak.dll 6.1.7601.18528 Sakha - Russia Keyboard Layout kbdyba.dll 6.1.7600.16385 Yoruba Keyboard Layout kbdycc.dll 6.1.7600.16385 Serbian (Cyrillic) Keyboard Layout kbdycl.dll 6.1.7600.16385 Serbian (Latin) Keyboard Layout kd1394.dll 6.1.7600.16385 1394 Kernel Debugger kdcom.dll 6.1.7600.16385 Serial Kernel Debugger kdusb.dll 6.1.7600.16385 USB 2.0 Kernel Debugger kerberos.dll 6.1.7601.18779 Kerberos Security Package kernel32.dll 6.1.7601.18409 Windows NT BASE API Client DLL kernelbase.dll 6.1.7601.18409 Windows NT BASE API Client DLL kernelceip.dll 6.1.7600.16385 Kernel Ceip Task keyiso.dll 6.1.7600.16385 CNG Key Isolation Service keymgr.dll 6.1.7600.16385 Stored User Names and Passwords kmsvc.dll 6.1.7601.17514 Key Management Service korwbrkr.dll 6.1.7600.16385 korwbrkr ksuser.dll 6.1.7600.16385 User CSA Library ktmw32.dll 6.1.7600.16385 Windows KTM Win32 Client DLL l2gpstore.dll 6.1.7600.16385 Policy Storage dll l2nacp.dll 6.1.7600.16385 Windows Onex Credential Provider l2sechc.dll 6.1.7600.16385 Layer 2 Security Diagnostics Helper Classes langcleanupsysprepaction.dll 6.1.7600.16385 Language cleanup Sysprep action laprxy.dll 12.0.7600.16385 Windows Media Logagent Proxy lccoin30.dll 3.0.204.0 LCCoin30.dll licmgr10.dll 11.0.9600.16428 Microsoft® License Manager DLL linkinfo.dll 6.1.7600.16385 Windows Volume Tracking listsvc.dll 6.1.7601.17514 Windows HomeGroup livessp.dll 7.250.4232.0 LiveSSP lltdapi.dll 6.1.7600.16385 Link-Layer Topology Mapper API lltdres.dll 6.1.7600.16385 Link-Layer Topology Discovery Resources lltdsvc.dll 6.1.7600.16385 Link-Layer Topology Mapper Service lmhsvc.dll 6.1.7600.16385 TCPIP NetBios Transport Services DLL loadperf.dll 6.1.7600.16385 Load & Unload Performance Counters localsec.dll 6.1.7601.17514 Local Users and Groups MMC Snapin localspl.dll 6.1.7601.17841 Local Spooler DLL localui.dll 6.1.7600.16385 Local Monitor UI DLL locationapi.dll 6.1.7600.16385 Microsoft Windows Location API loghours.dll 6.1.7600.16385 Schedule Dialog logoncli.dll 6.1.7601.17514 Net Logon Client DLL lpk.dll 6.1.7601.18768 Language Pack lpksetupproxyserv.dll 6.1.7600.16385 COM proxy server for lpksetup.exe lsasrv.dll 6.1.7601.18779 LSA Server DLL lscshostpolicy.dll 6.1.7601.17514 Microsoft Remote Desktop Virtual Graphics Session Licensing Host Policy lsmproxy.dll 6.1.7601.17514 LSM interfaces proxy Dll luainstall.dll 6.1.7601.17514 Lua manifest install lz32.dll 6.1.7600.16385 LZ Expand/Compress API DLL lzexpand.dll 3.10.0.103 Windows file expansion library magnification.dll 6.1.7600.16385 Microsoft Magnification API mapi32.dll 1.0.2536.0 Extended MAPI 1.0 for Windows NT mapistub.dll 1.0.2536.0 Extended MAPI 1.0 for Windows NT mcewmdrmndbootstrap.dll 1.3.2302.0 Windows® Media Center WMDRM-ND Receiver Bridge Bootstrap DLL mciavi32.dll 6.1.7601.17514 Video For Windows MCI driver mcicda.dll 6.1.7600.16385 MCI driver for cdaudio devices mciqtz32.dll 6.6.7601.17514 DirectShow MCI Driver mciseq.dll 6.1.7600.16385 MCI driver for MIDI sequencer mciwave.dll 6.1.7600.16385 MCI driver for waveform audio mcmde.dll 12.0.7601.17514 MCMDE DLL mcsrchph.dll 1.0.0.1 Windows Media Center Search Protocol Handler mctres.dll 6.1.7600.16385 MCT resource DLL mcupdate_authenticamd.dll 6.1.7600.16385 AMD Microcode Update Library mcupdate_genuineintel.dll 6.1.7601.17514 Intel Microcode Update Library mcx2svc.dll 6.1.7601.17514 Media Center Extender Service mcxdriv.dll 6.1.7600.16385 Media Center Extender Resources mdminst.dll 6.1.7600.16385 Modem Class Installer mediametadatahandler.dll 6.1.7601.17514 Media Metadata Handler memdiag.dll 6.1.7600.16385 Memory Tester Enhancement mf.dll 12.0.7601.18741 Media Foundation DLL mf3216.dll 6.1.7600.16385 32-bit to 16-bit Metafile Conversion DLL mfaacenc.dll 6.1.7600.16385 Media Foundation AAC Encoder mfc100.dll 10.0.40219.325 MFCDLL Shared Library - Retail Version mfc100chs.dll 10.0.40219.325 MFC Language Specific Resources mfc100cht.dll 10.0.40219.325 MFC Language Specific Resources mfc100deu.dll 10.0.40219.325 MFC Language Specific Resources mfc100enu.dll 10.0.40219.325 MFC Language Specific Resources mfc100esn.dll 10.0.40219.325 MFC Language Specific Resources mfc100fra.dll 10.0.40219.325 MFC Language Specific Resources mfc100ita.dll 10.0.40219.325 MFC Language Specific Resources mfc100jpn.dll 10.0.40219.325 MFC Language Specific Resources mfc100kor.dll 10.0.40219.325 MFC Language Specific Resources mfc100rus.dll 10.0.40219.325 MFC Language Specific Resources mfc100u.dll 10.0.40219.325 MFCDLL Shared Library - Retail Version mfc110.dll 11.0.60610.1 MFCDLL Shared Library - Retail Version mfc110chs.dll 11.0.60610.1 MFC Language Specific Resources mfc110cht.dll 11.0.60610.1 MFC Language Specific Resources mfc110deu.dll 11.0.60610.1 MFC Language Specific Resources mfc110enu.dll 11.0.60610.1 MFC Language Specific Resources mfc110esn.dll 11.0.60610.1 MFC Language Specific Resources mfc110fra.dll 11.0.60610.1 MFC Language Specific Resources mfc110ita.dll 11.0.60610.1 MFC Language Specific Resources mfc110jpn.dll 11.0.60610.1 MFC Language Specific Resources mfc110kor.dll 11.0.60610.1 MFC Language Specific Resources mfc110rus.dll 11.0.60610.1 MFC Language Specific Resources mfc110u.dll 11.0.60610.1 MFCDLL Shared Library - Retail Version mfc40.dll 4.1.0.6151 MFCDLL Shared Library - Retail Version mfc40u.dll 4.1.0.6151 MFCDLL Shared Library - Retail Version mfc42.dll 6.6.8064.0 MFCDLL Shared Library - Retail Version mfc42u.dll 6.6.8064.0 MFCDLL Shared Library - Retail Version mfcm100.dll 10.0.40219.325 MFC Managed Library - Retail Version mfcm100u.dll 10.0.40219.325 MFC Managed Library - Retail Version mfcm110.dll 11.0.60610.1 MFC Managed Library - Retail Version mfcm110u.dll 11.0.60610.1 MFC Managed Library - Retail Version mfcsubs.dll 2001.12.8530.16385 COM+ mfds.dll 12.0.7601.17514 Media Foundation Direct Show wrapper DLL mfdvdec.dll 6.1.7600.16385 Media Foundation DV Decoder mferror.dll 12.0.7601.18741 Media Foundation Error DLL mfh264enc.dll 6.1.7600.16385 Media Foundation H264 Encoder mfmjpegdec.dll 6.1.7600.16385 Media Foundation MJPEG Decoder mfplat.dll 12.0.7601.18741 Media Foundation Platform DLL mfplay.dll 12.0.7601.17514 Media Foundation Playback API DLL mfps.dll 12.0.7601.18741 Media Foundation Proxy DLL mfreadwrite.dll 12.0.7601.17514 Media Foundation ReadWrite DLL mfvdsp.dll 6.1.7600.16385 Windows Media Foundation Video DSP Components mfwmaaec.dll 6.1.7600.16385 Windows Media Audio AEC for Media Foundation mgmtapi.dll 6.1.7600.16385 Microsoft SNMP Manager API (uses WinSNMP) microsoft-windows-hal-events.dll 6.1.7600.16385 Microsoft-Windows-HAL-Events Resources microsoft-windows-kernel-power-events.dll 6.1.7600.16385 Microsoft-Windows-Kernel-Power-Events Resources microsoft-windows-kernel-processor-power-events.dll 6.1.7600.16385 Microsoft-Windows-Kernel-Processor-Power-Events Resources midimap.dll 6.1.7600.16385 Microsoft MIDI Mapper migisol.dll 6.1.7601.17514 Migration System Isolation Layer miguiresource.dll 6.1.7600.16385 MIG wini32 resources mimefilt.dll 2008.0.7601.17514 MIME Filter mlang.dll 6.1.7600.16385 Multi Language Support DLL mmcbase.dll 6.1.7600.16385 MMC Base DLL mmci.dll 6.1.7600.16385 Media class installer mmcico.dll 6.1.7600.16385 Media class co-installer mmcndmgr.dll 6.1.7601.17514 MMC Node Manager DLL mmcshext.dll 6.1.7600.16385 MMC Shell Extension DLL mmcss.dll 6.1.7600.16385 Multimedia Class Scheduler Service mmdevapi.dll 6.1.7601.17514 MMDevice API mmres.dll 6.1.7600.16385 General Audio Resources mmsystem.dll 3.10.0.103 System APIs for Multimedia modemui.dll 6.1.7600.16385 Windows Modem Properties montr_ci.dll 6.1.7600.16385 Microsoft Monitor Class Installer moricons.dll 6.1.7600.16385 Windows NT Setup Icon Resources Library mp3dmod.dll 6.1.7600.16385 Microsoft MP3 Decoder DMO mp43decd.dll 6.1.7600.16385 Windows Media MPEG-4 Video Decoder mp4sdecd.dll 6.1.7600.16385 Windows Media MPEG-4 S Video Decoder mpg4decd.dll 6.1.7600.16385 Windows Media MPEG-4 Video Decoder mpr.dll 6.1.7600.16385 Multiple Provider Router DLL mprapi.dll 6.1.7601.17514 Windows NT MP Router Administration DLL mprddm.dll 6.1.7601.17514 Demand Dial Manager Supervisor mprdim.dll 6.1.7600.16385 Dynamic Interface Manager mprmsg.dll 6.1.7600.16385 Multi-Protocol Router Service Messages DLL mpssvc.dll 6.1.7601.17514 Microsoft Protection Service msaatext.dll 2.0.10413.0 Active Accessibility text support msac3enc.dll 6.1.7601.17514 Microsoft AC-3 Encoder msacm.dll 3.50.0.9 Microsoft Audio Compression Manager msacm32.dll 6.1.7600.16385 Microsoft ACM Audio Filter msadce.dll 6.1.7601.17514 OLE DB Cursor Engine msadcer.dll 6.1.7600.16385 OLE DB Cursor Engine Resources msadcf.dll 6.1.7601.17514 Remote Data Services Data Factory msadcfr.dll 6.1.7600.16385 Remote Data Services Data Factory Resources msadco.dll 6.1.7601.17857 Remote Data Services Data Control msadcor.dll 6.1.7600.16385 Remote Data Services Data Control Resources msadcs.dll 6.1.7601.17514 Remote Data Services ISAPI Library msadds.dll 6.1.7600.16385 OLE DB Data Shape Provider msaddsr.dll 6.1.7600.16385 OLE DB Data Shape Provider Resources msader15.dll 6.1.7600.16385 ActiveX Data Objects Resources msado15.dll 6.1.7601.17857 ActiveX Data Objects msadomd.dll 6.1.7601.17857 ActiveX Data Objects (Multi-Dimensional) msador15.dll 6.1.7601.17857 Microsoft ActiveX Data Objects Recordset msadox.dll 6.1.7601.17857 ActiveX Data Objects Extensions msadrh15.dll 6.1.7600.16385 ActiveX Data Objects Rowset Helper msafd.dll 6.1.7600.16385 Microsoft Windows Sockets 2.0 Service Provider msasn1.dll 6.1.7601.17514 ASN.1 Runtime APIs msaudite.dll 6.1.7601.18779 Security Audit Events DLL mscandui.dll 6.1.7600.16385 MSCANDUI Server DLL mscat32.dll 6.1.7600.16385 MSCAT32 Forwarder DLL msclmd.dll 6.1.7601.17514 Microsoft Class Mini-driver mscms.dll 6.1.7601.17514 Microsoft Color Matching System DLL mscoree.dll 4.0.40305.0 Microsoft .NET Runtime Execution Engine mscorier.dll 2.0.50727.5483 Microsoft .NET Runtime IE resources mscories.dll 2.0.50727.5483 Microsoft .NET IE SECURITY REGISTRATION mscpx32r.dll 6.1.7600.16385 ODBC Code Page Translator Resources mscpxl32.dll 6.1.7600.16385 ODBC Code Page Translator msctf.dll 6.1.7601.18731 MSCTF Server DLL msctfmonitor.dll 6.1.7600.16385 MsCtfMonitor DLL msctfp.dll 6.1.7600.16385 MSCTFP Server DLL msctfui.dll 6.1.7600.16385 MSCTFUI Server DLL msdadc.dll 6.1.7600.16385 OLE DB Data Conversion Stub msdadiag.dll 6.1.7600.16385 Built-In Diagnostics msdaenum.dll 6.1.7600.16385 OLE DB Root Enumerator Stub msdaer.dll 6.1.7600.16385 OLE DB Error Collection Stub msdaora.dll 6.1.7600.16385 OLE DB Provider for Oracle msdaorar.dll 6.1.7600.16385 OLE DB Provider for Oracle Resources msdaosp.dll 6.1.7601.17632 OLE DB Simple Provider msdaprsr.dll 6.1.7600.16385 OLE DB Persistence Services Resources msdaprst.dll 6.1.7600.16385 OLE DB Persistence Services msdaps.dll 6.1.7600.16385 OLE DB Interface Proxies/Stubs msdarem.dll 6.1.7601.17514 OLE DB Remote Provider msdaremr.dll 6.1.7600.16385 OLE DB Remote Provider Resources msdart.dll 6.1.7600.16385 OLE DB Runtime Routines msdasc.dll 6.1.7600.16385 OLE DB Service Components Stub msdasql.dll 6.1.7601.17514 OLE DB Provider for ODBC Drivers msdasqlr.dll 6.1.7600.16385 OLE DB Provider for ODBC Drivers Resources msdatl3.dll 6.1.7600.16385 OLE DB Implementation Support Routines msdatt.dll 6.1.7600.16385 OLE DB Temporary Table Services msdaurl.dll 6.1.7600.16385 OLE DB RootBinder Stub msdelta.dll 6.1.7600.16385 Microsoft Patch Engine msdfmap.dll 6.1.7601.17514 Data Factory Handler msdmeng.dll 8.0.2039.0 Microsoft Data Mining Engine msdmine.dll 8.0.2039.0 Microsoft OLE DB Provider for Data Mining Services msdmo.dll 6.6.7601.17514 DMO Runtime msdri.dll 6.1.7601.17514 Microsoft Digital Receiver Interface Class Driver msdrm.dll 6.1.7601.18332 Windows Rights Management client msdtckrm.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator OLE Transactions KTM Resource Manager DLL msdtclog.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Log Manager DLL msdtcprx.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator OLE Transactions Interface Proxy DLL msdtctm.dll 2001.12.8531.17514 Microsoft Distributed Transaction Coordinator Transaction Manager DLL msdtcuiu.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Administrative DLL msdtcvsp1res.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Resources for Vista SP1 msexch40.dll 4.0.9756.0 Microsoft Jet Exchange Isam msexcl40.dll 4.0.9756.0 Microsoft Jet Excel Isam msfeeds.dll 11.0.9600.17689 Microsoft Feeds Manager msfeedsbs.dll 11.0.9600.16428 Microsoft Feeds Background Sync msftedit.dll 5.41.21.2510 Rich Text Edit Control, v4.1 mshtml.dll 11.0.9600.17690 Microsoft (R) HTML Viewer mshtmldac.dll 11.0.9600.17689 DAC for Trident DOM mshtmled.dll 11.0.9600.17690 Microsoft® HTML Editing Component mshtmler.dll 11.0.9600.16428 Microsoft® HTML Editing Component's Resource DLL mshtmlmedia.dll 11.0.9600.17689 Microsoft (R) HTML Media DLL msi.dll 5.0.7601.18637 Windows Installer msicofire.dll 6.1.7600.16385 Corrupted MSI File Recovery Diagnostic Module msidcrl30.dll 6.1.7600.16385 IDCRL Dynamic Link Library msident.dll 6.1.7600.16385 Microsoft Identity Manager msidle.dll 6.1.7600.16385 User Idle Monitor msidntld.dll 6.1.7600.16385 Microsoft Identity Manager msieftp.dll 6.1.7601.18300 Microsoft Internet Explorer FTP Folder Shell Extension msihnd.dll 5.0.7601.18493 Windows® installer msiltcfg.dll 5.0.7600.16385 Windows Installer Configuration API Stub msimg32.dll 6.1.7600.16385 GDIEXT Client DLL msimsg.dll 5.0.7600.16385 Windows® Installer International Messages msimtf.dll 6.1.7600.16385 Active IMM Server DLL msisip.dll 5.0.7600.16385 MSI Signature SIP Provider msjet40.dll 4.0.9756.0 Microsoft Jet Engine Library msjetoledb40.dll 4.0.9756.0 msjint40.dll 4.0.9756.0 Microsoft Jet Database Engine International DLL msjro.dll 6.1.7601.17857 Jet and Replication Objects msjter40.dll 4.0.9756.0 Microsoft Jet Database Engine Error DLL msjtes40.dll 4.0.9756.0 Microsoft Jet Expression Service msls31.dll 3.10.349.0 Microsoft Line Services library file msltus40.dll 4.0.9756.0 Microsoft Jet Lotus 1-2-3 Isam msmapi32.dll 14.0.4734.1000 Extended MAPI 1.0 for Windows NT msmdcb80.dll 8.0.2039.0 PivotTable Service dll msmdgd80.dll 8.0.2039.0 Microsoft SQL Server Analysis Services driver msmdun80.dll 2000.80.2039.0 String Function .DLL for SQL Enterprise Components msmmsp.dll 6.1.7601.18741 Mount Point Manger Sysprep Utility Library msmpeg2adec.dll 6.1.7140.0 Microsoft DTV-DVD Audio Decoder msmpeg2enc.dll 6.1.7601.17514 Microsoft MPEG-2 Encoder msmpeg2vdec.dll 12.0.9200.17037 Microsoft DTV-DVD Video Decoder msnetobj.dll 11.0.7601.18741 DRM ActiveX Network Object msobjs.dll 6.1.7601.18779 System object audit names msoeacct.dll 6.1.7600.16385 Microsoft Internet Account Manager msoert2.dll 6.1.7600.16385 Microsoft Windows Mail RT Lib msolap80.dll 8.0.2216.0 Microsoft OLE DB Provider for Analysis Services 8.0 msolui80.dll 8.0.0.2039 Microsoft OLE DB provider for Analysis Services connection dialog 8.0 msorc32r.dll 6.1.7600.16385 ODBC Driver for Oracle Resources msorcl32.dll 6.1.7601.17514 ODBC Driver for Oracle mspatcha.dll 6.1.7600.16385 Microsoft File Patch Application API mspbda.dll 6.1.7601.17514 Microsoft Protected Broadcast Digital Architecture Class Driver mspbdacoinst.dll 6.1.7600.16385 Microsoft Protected Broadcast Digital Architecture Class Driver CoInstaller mspbde40.dll 4.0.9756.0 Microsoft Jet Paradox Isam msports.dll 6.1.7600.16385 Ports Class Installer msprivs.dll 6.1.7600.16385 Microsoft Privilege Translations msrahc.dll 6.1.7600.16385 Remote Assistance Diagnostics Provider msrating.dll 11.0.9600.17689 Internet Ratings and Local User Management DLL msrd2x40.dll 4.0.9756.0 Microsoft (R) Red ISAM msrd3x40.dll 4.0.9756.0 Microsoft (R) Red ISAM msrdc.dll 6.1.7600.16385 Remote Differential Compression COM server msrdpwebaccess.dll 6.3.9600.16415 Microsoft Remote Desktop Services Web Access Control msrepl40.dll 4.0.9756.0 Microsoft Replication Library msrle32.dll 6.1.7601.17514 Microsoft RLE Compressor msscntrs.dll 7.0.7601.17610 msscntrs.dll msscp.dll 11.0.7601.18741 Windows Media Secure Content Provider mssha.dll 6.1.7600.16385 Windows Security Health Agent msshavmsg.dll 6.1.7600.16385 Windows Security Health Agent Validator Message msshooks.dll 7.0.7600.16385 MSSHooks.dll mssign32.dll 6.1.7600.16385 Microsoft Trust Signing APIs mssip32.dll 6.1.7600.16385 MSSIP32 Forwarder DLL mssitlb.dll 7.0.7600.16385 mssitlb mssph.dll 7.0.7601.17610 Microsoft Search Protocol Handler mssphtb.dll 7.0.7601.17610 Outlook MSSearch Connector mssprxy.dll 7.0.7600.16385 Microsoft Search Proxy mssrch.dll 7.0.7601.17610 mssrch.dll mssvp.dll 7.0.7601.17610 MSSearch Vista Platform msswch.dll 6.1.7600.16385 msswch mstask.dll 6.1.7601.17514 Task Scheduler interface DLL mstext40.dll 4.0.9756.0 Microsoft Jet Text Isam mstscax.dll 6.3.9600.17276 Remote Desktop Services ActiveX Client msutb.dll 6.1.7601.17514 MSUTB Server DLL msv1_0.dll 6.1.7601.18779 Microsoft Authentication Package v1.0 msvbvm60.dll 6.0.98.15 Visual Basic Virtual Machine msvcirt.dll 7.0.7600.16385 Windows NT IOStreams DLL msvcp100.dll 10.0.40219.325 Microsoft® C Runtime Library msvcp110.dll 11.0.51106.1 Microsoft® C Runtime Library msvcp110_clr0400.dll 12.0.51209.34209 Microsoft® .NET Framework msvcp120.dll 12.0.21005.1 Microsoft® C Runtime Library msvcp120_clr0400.dll 12.0.51209.34209 Microsoft® C Runtime Library msvcp60.dll 7.0.7600.16385 Windows NT C++ Runtime Library DLL msvcr100.dll 10.0.40219.325 Microsoft® C Runtime Library msvcr100_clr0400.dll 12.0.51209.34209 Microsoft® .NET Framework msvcr110.dll 11.0.51106.1 Microsoft® C Runtime Library msvcr110_clr0400.dll 12.0.51209.34209 Microsoft® .NET Framework msvcr120.dll 12.0.21005.1 Microsoft® C Runtime Library msvcr120_clr0400.dll 12.0.51677.34237 Microsoft® C Runtime Library msvcrt.dll 7.0.7601.17744 Windows NT CRT DLL msvcrt20.dll 2.12.0.0 Microsoft® C Runtime Library msvcrt40.dll 6.1.7600.16385 VC 4.x CRT DLL (Forwarded to msvcrt.dll) msvfw32.dll 6.1.7601.17514 Microsoft Video for Windows DLL msvidc32.dll 6.1.7601.17514 Microsoft Video 1 Compressor msvidctl.dll 6.5.7601.17514 ActiveX control for streaming video msvideo.dll 1.15.0.1 Microsoft Video for Windows DLL mswdat10.dll 4.0.9756.0 Microsoft Jet Sort Tables mswmdm.dll 12.0.7600.16385 Windows Media Device Manager Core mswsock.dll 6.1.7601.18254 Microsoft Windows Sockets 2.0 Service Provider mswstr10.dll 4.0.9756.0 Microsoft Jet Sort Library msxactps.dll 6.1.7600.16385 OLE DB Transaction Proxies/Stubs msxbde40.dll 4.0.9756.0 Microsoft Jet xBASE Isam msxml3.dll 8.110.7601.18576 MSXML 3.0 SP11 msxml3r.dll 8.110.7601.18576 XML Resources msxml6.dll 6.30.7601.18431 MSXML 6.0 SP3 msxml6r.dll 6.30.7601.18431 XML Resources msyuv.dll 6.1.7601.17514 Microsoft UYVY Video Decompressor mtxclu.dll 2001.12.8531.17514 Microsoft Distributed Transaction Coordinator Failover Clustering Support DLL mtxdm.dll 2001.12.8530.16385 COM+ mtxex.dll 2001.12.8530.16385 COM+ mtxlegih.dll 2001.12.8530.16385 COM+ mtxoci.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Database Support DLL for Oracle muifontsetup.dll 6.1.7601.17514 MUI Callback for font registry settings muilanguagecleanup.dll 6.1.7600.16385 MUI Callback for Language pack cleanup mycomput.dll 6.1.7600.16385 Computer Management mydocs.dll 6.1.7601.17514 My Documents Folder UI napcrypt.dll 6.1.7601.17514 NAP Cryptographic API helper napdsnap.dll 6.1.7601.17514 NAP GPEdit Extension naphlpr.dll 6.1.7601.17514 NAP client config API helper napinsp.dll 6.1.7600.16385 E-mail Naming Shim Provider napipsec.dll 6.1.7600.16385 NAP IPSec Enforcement Client napmontr.dll 6.1.7600.16385 NAP Netsh Helper nativehooks.dll 6.1.7600.16385 Microsoft Narrator Native hook handler naturallanguage6.dll 6.1.7601.17514 Natural Language Development Platform 6 ncdprop.dll 6.1.7600.16385 Advanced network device properties nci.dll 6.1.7601.17514 CoInstaller: NET ncobjapi.dll 6.1.7600.16385 Microsoft® Windows® Operating System ncrypt.dll 6.1.7601.18779 Windows cryptographic library ncryptui.dll 6.1.7601.17514 Windows cryptographic key protection UI library ncsi.dll 6.1.7601.17964 Network Connectivity Status Indicator nddeapi.dll 6.1.7600.16385 Network DDE Share Management APIs ndfapi.dll 6.1.7600.16385 Network Diagnostic Framework Client API ndfetw.dll 6.1.7600.16385 Network Diagnostic Engine Event Interface ndfhcdiscovery.dll 6.1.7600.16385 Network Diagnostic Framework HC Discovery API ndiscapcfg.dll 6.1.7600.16385 NdisCap Notify Object ndishc.dll 6.1.7600.16385 NDIS Helper Classes ndproxystub.dll 6.1.7600.16385 Network Diagnostic Engine Proxy/Stub negoexts.dll 6.1.7600.16385 NegoExtender Security Package netapi.dll 3.11.0.300 Microsoft Network Dynamic Link Library for Microsoft Windows netapi32.dll 6.1.7601.17887 Net Win32 API DLL netbios.dll 6.1.7600.16385 NetBIOS Interface Library netcenter.dll 6.1.7601.17514 Network Center control panel netcfgx.dll 6.1.7601.17514 Network Configuration Objects netcorehc.dll 6.1.7601.17964 Networking Core Diagnostics Helper Classes netdiagfx.dll 6.1.7601.17514 Network Diagnostic Framework netevent.dll 6.1.7601.17964 Net Event Handler netfxperf.dll 4.0.40305.0 Extensible Performance Counter Shim neth.dll 6.1.7600.16385 Net Help Messages DLL netid.dll 6.1.7601.17514 System Control Panel Applet; Network ID Page netiohlp.dll 6.1.7601.17514 Netio Helper DLL netjoin.dll 6.1.7601.17514 Domain Join DLL netlogon.dll 6.1.7601.17514 Net Logon Services DLL netman.dll 6.1.7600.16385 Network Connections Manager netmsg.dll 6.1.7600.16385 Net Messages DLL netplwiz.dll 6.1.7601.17514 Map Network Drives/Network Places Wizard netprof.dll 6.1.7600.16385 Network Profile Management UI netprofm.dll 6.1.7600.16385 Network List Manager netprojw.dll 6.1.7600.16385 Connect to a Network Projector netshell.dll 6.1.7601.17514 Network Connections Shell nettrace.dll 6.1.7600.16385 Network Trace Helper netutils.dll 6.1.7601.17514 Net Win32 API Helpers DLL networkexplorer.dll 6.1.7601.17514 Network Explorer networkitemfactory.dll 6.1.7600.16385 NetworkItem Factory networkmap.dll 6.1.7601.17514 Network Map newdev.dll 6.0.5054.0 Add Hardware Device Library nlaapi.dll 6.1.7601.17964 Network Location Awareness 2 nlahc.dll 6.1.7600.16385 NLA Helper Classes nlasvc.dll 6.1.7601.18685 Network Location Awareness 2 nlhtml.dll 2008.0.7600.16385 HTML filter nlmgp.dll 6.1.7600.16385 Network List Manager Snapin nlmsprep.dll 6.1.7600.16385 Network List Manager Sysprep Module nlsbres.dll 6.1.7601.17514 NLSBuild resource DLL nlsdata0000.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0001.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0002.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0003.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0007.dll 6.1.7600.16385 Microsoft German Natural Language Server Data and Code nlsdata0009.dll 6.1.7600.16385 Microsoft English Natural Language Server Data and Code nlsdata000a.dll 6.1.7600.16385 Microsoft Spanish Natural Language Server Data and Code nlsdata000c.dll 6.1.7600.16385 Microsoft French Natural Language Server Data and Code nlsdata000d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata000f.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0010.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code nlsdata0013.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0018.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0019.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata001a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata001b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata001d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0020.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0021.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0022.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0024.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0026.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0027.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata002a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0039.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata003e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0045.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0046.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0047.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0049.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata004a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata004b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata004c.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata004e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0414.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0416.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0816.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata081a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0c1a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdl.dll 6.1.7600.16385 Nls Downlevel DLL nlslexicons0001.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0002.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0003.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0007.dll 6.1.7600.16385 Microsoft German Natural Language Server Data and Code nlslexicons0009.dll 6.1.7600.16385 Microsoft English Natural Language Server Data and Code nlslexicons000a.dll 6.1.7600.16385 Microsoft Spanish Natural Language Server Data and Code nlslexicons000c.dll 6.1.7600.16385 Microsoft French Natural Language Server Data and Code nlslexicons000d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons000f.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0010.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code nlslexicons0013.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0018.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0019.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons001a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons001b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons001d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0020.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0021.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0022.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0024.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0026.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0027.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons002a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0039.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons003e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0045.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0046.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0047.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0049.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons004a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons004b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons004c.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons004e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0414.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0416.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0816.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons081a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0c1a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsmodels0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code normaliz.dll 6.1.7600.16385 Unicode Normalization DLL npmproxy.dll 6.1.7600.16385 Network List Manager Proxy nrpsrv.dll 6.1.7601.17514 Name Resolution Proxy (NRP) RPC interface nshhttp.dll 6.1.7600.16385 HTTP netsh DLL nshipsec.dll 6.1.7601.17514 Net Shell IP Security helper DLL nshwfp.dll 6.1.7601.18283 Windows Filtering Platform Netsh Helper nsi.dll 6.1.7600.16385 NSI User-mode interface DLL nsisvc.dll 6.1.7600.16385 Network Store Interface RPC server ntdll.dll 6.1.7601.18247 NT Layer DLL ntdsapi.dll 6.1.7600.16385 Active Directory Domain Services API ntlanman.dll 6.1.7601.17514 Microsoft® Lan Manager ntlanui2.dll 6.1.7600.16385 Network object shell UI ntmarta.dll 6.1.7600.16385 Windows NT MARTA provider ntprint.dll 6.1.7601.17514 Spooler Setup DLL ntshrui.dll 6.1.7601.17755 Shell extensions for sharing ntvdmd.dll 6.1.7600.16385 NTVDMD.DLL nvapi.dll 9.18.13.4144 NVIDIA NVAPI Library, Version 341.44 nvcompiler.dll 8.17.13.4144 NVIDIA Compiler, Version 341.44 nvcpl.dll 8.17.13.4144 NVIDIA Display Properties Extension nvcuda.dll 8.17.13.4144 NVIDIA CUDA Driver, Version 341.44 nvcuvid.dll 7.17.13.4144 NVIDIA CUDA Video Decode API, Version 341.44 nvd3dum.dll 9.18.13.4144 NVIDIA WDDM D3D Driver, Version 341.44 nvdispco3234052.dll 2.0.40.4 Display Driver Coinstaller nvdispco3234144.dll 2.0.41.4 Display Driver Coinstaller nvdispgenco3234052.dll 2.0.19.2 Generic Coinstaller nvdispgenco3234144.dll 2.0.19.2 Generic Coinstaller nvfbc.dll 6.14.13.4144 NVIDIA Front Buffer Capture Library, Version nvhdagenco3220103.dll 2.0.18.2 Generic Coinstaller nvhdap32.dll 1.3.30.1 NVIDIA HDMI Audio Driver nvifr.dll 6.14.13.4144 NVIDIA In-band Frame Rendering Library, Version nvmctray.dll 8.17.13.4144 NVIDIA Media Center Library nvoglv32.dll 9.18.13.4144 NVIDIA Compatible OpenGL ICD nvopencl.dll 8.17.13.4144 NVIDIA CUDA 6.5.45 OpenCL 1.1 Driver, Version 341.44 nvshext.dll 1.2.0.1 NVIDIA Display Shell Extension nvsvc.dll 8.17.13.4144 NVIDIA Driver Helper Service, Version 341.44 nvsvcr.dll 8.17.13.4144 NVIDIA Driver Helper Service, Version 341.44 nvwgf2um.dll 9.18.13.4144 NVIDIA D3D10 Driver, Version 341.44 objsel.dll 6.1.7601.18409 Object Picker Dialog occache.dll 11.0.9600.16428 Object Control Viewer ocsetapi.dll 6.1.7601.17514 Windows Optional Component Setup API odbc16gt.dll 3.510.3711.0 Microsoft ODBC Driver Generic Thunk odbc32.dll 6.1.7601.17514 ODBC Driver Manager odbc32gt.dll 6.1.7600.16385 ODBC Driver Generic Thunk odbcbcp.dll 6.1.7600.16385 BCP for ODBC odbcconf.dll 6.1.7601.17514 ODBC Driver Configuration Program odbccp32.dll 6.1.7601.17632 ODBC Installer odbccr32.dll 6.1.7601.17632 ODBC Cursor Library odbccu32.dll 6.1.7601.17632 ODBC Cursor Library odbcint.dll 6.1.7600.16385 ODBC Resources odbcji32.dll 6.1.7600.16385 Microsoft ODBC Desktop Driver Pack 3.5 odbcjt32.dll 6.1.7601.17632 Microsoft ODBC Desktop Driver Pack 3.5 odbctrac.dll 6.1.7601.17632 ODBC Driver Manager Trace oddbse32.dll 6.1.7600.16385 ODBC (3.0) driver for DBase odexl32.dll 6.1.7600.16385 ODBC (3.0) driver for Excel odfox32.dll 6.1.7600.16385 ODBC (3.0) driver for FoxPro odpdx32.dll 6.1.7600.16385 ODBC (3.0) driver for Paradox odtext32.dll 6.1.7600.16385 ODBC (3.0) driver for text files offfilt.dll 2008.0.7600.16385 OFFICE Filter ogldrv.dll 6.1.7600.16385 MSOGL ole2.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library ole2disp.dll 2.10.3050.1 OLE 2.1 16/32 Interoperability Library ole2nls.dll 2.10.3050.1 OLE 2.1 16/32 Interoperability Library ole32.dll 6.1.7601.17514 Microsoft OLE for Windows oleacc.dll 7.0.0.0 Active Accessibility Core Component oleacchooks.dll 7.0.0.0 Active Accessibility Event Hooks Library oleaccrc.dll 7.0.0.0 Active Accessibility Resource DLL oleaut32.dll 6.1.7601.18679 olecli.dll 1.32.0.0 Object Linking and Embedding Client Library olecli32.dll 6.1.7600.16385 Object Linking and Embedding Client Library oledb32.dll 6.1.7601.17514 OLE DB Core Services oledb32r.dll 6.1.7600.16385 OLE DB Core Services Resources oledlg.dll 6.1.7600.16385 OLE User Interface Support oleprn.dll 6.1.7600.16385 Oleprn DLL olepro32.dll 6.1.7601.17514 oleres.dll 6.1.7600.16385 Ole resource dll olesvr.dll 1.11.0.0 Object Linking and Embedding Server Library olesvr32.dll 6.1.7600.16385 Object Linking and Embedding Server Library olethk32.dll 6.1.7601.17514 Microsoft OLE for Windows onex.dll 6.1.7601.17514 IEEE 802.1X supplicant library onexui.dll 6.1.7601.17514 IEEE 802.1X supplicant UI library onlineidcpl.dll 6.1.7601.17514 Online IDs Control Panel oobefldr.dll 6.1.7601.17514 Getting Started opcservices.dll 6.1.7601.17514 Native Code OPC Services Library opencl.dll 1.0.0.0 OpenCL Client DLL opengl32.dll 6.1.7600.16385 OpenGL Client DLL osbaseln.dll 6.1.7600.16385 Service Reporting API osuninst.dll 6.1.7600.16385 Uninstall Interface p2p.dll 6.1.7600.16385 Peer-to-Peer Grouping p2pcollab.dll 6.1.7600.16385 Peer-to-Peer Collaboration p2pgraph.dll 6.1.7600.16385 Peer-to-Peer Graphing p2pnetsh.dll 6.1.7600.16385 Peer-to-Peer NetSh Helper p2psvc.dll 6.1.7600.16385 Peer-to-Peer Services packager.dll 6.1.7601.18645 Object Packager2 panmap.dll 6.1.7600.16385 PANOSE(tm) Font Mapper pautoenr.dll 6.1.7600.16385 Auto Enrollment DLL pcadm.dll 6.1.7601.18741 Program Compatibility Assistant Diagnostic Module pcaevts.dll 6.1.7601.18741 Program Compatibility Assistant Event Resources pcasvc.dll 6.1.7601.18741 Program Compatibility Assistant Service pcaui.dll 6.1.7600.16385 Program Compatibility Assistant User Interface Module pcwum.dll 6.1.7600.16385 Performance Counters for Windows Native DLL pcwutl.dll 6.1.7600.16385 Program Compatibility Troubleshooter Helper pdh.dll 6.1.7601.17514 Windows Performance Data Helper DLL pdhui.dll 6.1.7601.17514 PDH UI peerdist.dll 6.1.7600.16385 BranchCache Client Library peerdisthttptrans.dll 6.1.7600.16385 BranchCache HTTP Tansport peerdistsh.dll 6.1.7600.16385 BranchCache Netshell Helper peerdistsvc.dll 6.1.7600.16385 BranchCache Service peerdistwsddiscoprov.dll 6.1.7600.16385 BranchCache WSD Discovery Provider perfcentercpl.dll 6.1.7601.17514 Performance Center perfctrs.dll 6.1.7600.16385 Performance Counters perfdisk.dll 6.1.7600.16385 Windows Disk Performance Objects DLL perfnet.dll 6.1.7600.16385 Windows Network Service Performance Objects DLL perfos.dll 6.1.7600.16385 Windows System Performance Objects DLL perfproc.dll 6.1.7600.16385 Windows System Process Performance Objects DLL perftrack.dll 6.1.7601.18713 Microsoft Performance PerfTrack perfts.dll 6.1.7601.17514 Windows Remote Desktop Services Performance Objects photometadatahandler.dll 6.1.7600.16385 Photo Metadata Handler photowiz.dll 6.1.7601.17514 Photo Printing Wizard pid.dll 6.1.7600.16385 Microsoft PID pidgenx.dll 6.1.7600.16385 Pid Generation pifmgr.dll 6.1.7601.17514 Windows NT PIF Manager Icon Resources Library pku2u.dll 6.1.7601.18658 Pku2u Security Package pla.dll 6.1.7601.17514 Performance Logs & Alerts playsndsrv.dll 6.1.7600.16385 PlaySound Service pmcsnap.dll 6.1.7600.16385 pmcsnap dll pmspl.dll 2.10.0.1 Microsoft LAN Manager 2.1 Network Dynamic Link Library for Microsoft Windows pngfilt.dll 11.0.9600.16428 IE PNG plugin image decoder pnidui.dll 6.1.7601.17514 Network System Icon pnpsetup.dll 6.1.7600.16385 Pnp installer for CMI pnpts.dll 6.1.7600.16385 PlugPlay Troubleshooter pnpui.dll 5.2.3668.0 Plug and Play User Interface DLL pnpxassoc.dll 6.1.7600.16385 PNPX Association Dll pnpxassocprx.dll 6.1.7600.16385 PNPX Association Dll pnrpauto.dll 6.1.7600.16385 PNRP Auto Service Dll pnrphc.dll 6.1.7600.16385 PNRP Helper Class pnrpnsp.dll 6.1.7600.16385 PNRP Name Space Provider pnrpsvc.dll 6.1.7600.16385 PNRP Service Dll polstore.dll 6.1.7600.16385 Policy Storage dll portabledeviceapi.dll 6.1.7601.17514 Windows Portable Device API Components portabledeviceclassextension.dll 6.1.7600.16385 Windows Portable Device Class Extension Component portabledeviceconnectapi.dll 6.1.7600.16385 Portable Device Connection API Components portabledevicestatus.dll 6.1.7601.17514 Microsoft Windows Portable Device Status Provider portabledevicesyncprovider.dll 6.1.7601.17514 Microsoft Windows Portable Device Provider. portabledevicetypes.dll 6.1.7600.16385 Windows Portable Device (Parameter) Types Component portabledevicewiacompat.dll 6.1.7600.16385 PortableDevice WIA Compatibility Driver portabledevicewmdrm.dll 6.1.7600.16385 Windows Portable Device WMDRM Component pots.dll 6.1.7600.16385 Power Troubleshooter powercpl.dll 6.1.7601.17514 Power Options Control Panel powertracker.dll 6.1.7601.18713 Microsoft Performance PowerTracker powrprof.dll 6.1.7600.16385 Power Profile Helper DLL ppcsnap.dll 6.1.7600.16385 ppcsnap DLL presentationcffrasterizernative_v0300.dll 3.0.6920.5459 WinFX OpenType/CFF Rasterizer presentationhostproxy.dll 4.0.40305.0 Windows Presentation Foundation Host Proxy presentationnative_v0300.dll 3.0.6920.4902 PresentationNative_v0300.dll prflbmsg.dll 6.1.7600.16385 Perflib Event Messages printfilterpipelineprxy.dll 6.1.7600.16385 Print Filter Pipeline Proxy printisolationproxy.dll 6.1.7601.17514 Print Sandbox COM Proxy Stub printui.dll 6.1.7601.17514 Printer Settings User Interface prncache.dll 6.1.7601.17514 Print UI Cache prnfldr.dll 6.1.7601.17514 prnfldr dll prnntfy.dll 6.1.7600.16385 prnntfy DLL prntvpt.dll 6.1.7601.17514 Print Ticket Services Module procinst.dll 6.1.7600.16385 Processor Class Installer profapi.dll 6.1.7600.16385 User Profile Basic API profprov.dll 6.1.7601.17514 User Profile WMI Provider profsvc.dll 6.1.7601.18706 ProfSvc propsys.dll 7.0.7601.17514 Microsoft Property System provsvc.dll 6.1.7601.17514 Windows HomeGroup provthrd.dll 6.1.7600.16385 WMI Provider Thread & Log Library psapi.dll 6.1.7600.16385 Process Status Helper psbase.dll 6.1.7600.16385 Protected Storage default provider pshed.dll 6.1.7600.16385 Platform Specific Hardware Error Driver psisdecd.dll 6.6.7601.17669 Microsoft SI/PSI parser for MPEG2 based networks. pstorec.dll 6.1.7600.16385 Protected Storage COM interfaces pstorsvc.dll 6.1.7600.16385 Protected storage server puiapi.dll 6.1.7600.16385 puiapi DLL puiobj.dll 6.1.7601.17514 PrintUI Objects DLL pwrshplugin.dll 6.1.7600.16385 pwrshplugin.dll qagent.dll 6.1.7601.17514 Quarantine Agent Proxy qagentrt.dll 6.1.7601.17514 Quarantine Agent Service Run-Time qasf.dll 12.0.7601.17514 DirectShow ASF Support qcap.dll 6.6.7601.17514 DirectShow Runtime. qcliprov.dll 6.1.7601.17514 Quarantine Client WMI Provider qdv.dll 6.6.7601.17514 DirectShow Runtime. qdvd.dll 6.6.7601.18741 DirectShow DVD PlayBack Runtime. qedit.dll 6.6.7601.18501 DirectShow Editing. qedwipes.dll 6.6.7600.16385 DirectShow Editing SMPTE Wipes qmgr.dll 7.5.7601.17514 Background Intelligent Transfer Service qmgrprxy.dll 7.5.7600.16385 Background Intelligent Transfer Service Proxy qshvhost.dll 6.1.7601.17514 Quarantine SHV Host qsvrmgmt.dll 6.1.7601.17514 Quarantine Server Management quartz.dll 6.6.7601.18741 DirectShow Runtime. query.dll 6.1.7601.17514 Content Index Utility DLL qutil.dll 6.1.7601.17514 Quarantine Utilities qwave.dll 6.1.7600.16385 Windows NT racengn.dll 6.1.7601.17514 Reliability analysis metrics calculation engine racpldlg.dll 6.1.7600.16385 Remote Assistance Contact List radardt.dll 6.1.7600.16385 Microsoft Windows Resource Exhaustion Detector radarrs.dll 6.1.7600.16385 Microsoft Windows Resource Exhaustion Resolver rasadhlp.dll 6.1.7600.16385 Remote Access AutoDial Helper rasapi32.dll 6.1.7600.16385 Remote Access API rasauto.dll 6.1.7600.16385 Remote Access AutoDial Manager rascfg.dll 6.1.7600.16385 RAS Configuration Objects raschap.dll 6.1.7601.17514 Remote Access PPP CHAP rasctrs.dll 6.1.7600.16385 Windows NT Remote Access Perfmon Counter dll rasdiag.dll 6.1.7600.16385 RAS Diagnostics Helper Classes rasdlg.dll 6.1.7600.16385 Remote Access Common Dialog API rasgcw.dll 6.1.7600.16385 RAS Wizard Pages rasman.dll 6.1.7600.16385 Remote Access Connection Manager rasmans.dll 6.1.7601.17514 Remote Access Connection Manager rasmbmgr.dll 6.1.7600.16385 Provides support for the switching of mobility enabled VPN connections if their underlying interface goes down. rasmm.dll 6.1.7600.16385 RAS Media Manager rasmontr.dll 6.1.7600.16385 RAS Monitor DLL rasmxs.dll 6.1.7600.16385 Remote Access Device DLL for modems, PADs and switches rasplap.dll 6.1.7600.16385 RAS PLAP Credential Provider rasppp.dll 6.1.7601.17514 Remote Access PPP rasser.dll 6.1.7600.16385 Remote Access Media DLL for COM ports rastapi.dll 6.1.7601.17514 Remote Access TAPI Compliance Layer rastls.dll 6.1.7601.18584 Remote Access PPP EAP-TLS rdpcfgex.dll 6.1.7601.17514 Remote Desktop Session Host Server Connection Configuration Extension for the RDP protocol rdpcore.dll 6.1.7601.17779 RDP Core DLL rdpcorekmts.dll 6.1.7601.18540 TS (KM) RDPCore DLL rdpcorets.dll 6.2.9200.17053 TS RDPCore DLL rdpd3d.dll 6.1.7601.17514 RDP Direct3D Remoting DLL rdpdd.dll 6.1.7601.17514 RDP Display Driver rdpencdd.dll 6.1.7601.17514 RDP Encoder Mirror Driver rdpencom.dll 6.1.7601.17514 RDPSRAPI COM Objects rdpendp.dll 6.1.7601.17514 RDP Audio Endpoint rdpendp_winip.dll 6.2.9200.16398 RDP Audio Endpoint rdpgrouppolicyextension.dll 6.2.9200.16914 Remote Desktop Protocol Group Policy Extension rdprefdd.dll 6.1.7601.17514 Microsoft RDP Reflector Display Driver rdprefdrvapi.dll 6.1.7601.17514 Reflector Driver API rdpudd.dll 6.2.9200.17247 UMRDP Display Driver rdpwsx.dll 6.1.7601.17828 RDP Extension DLL rdvidcrl.dll 6.3.9600.16415 Remote Desktop Services Client for Microsoft Online Services reagent.dll 6.1.7601.17514 Microsoft Windows Recovery Agent DLL recovery.dll 6.1.7601.17514 Recovery Control Panel regapi.dll 6.1.7601.17514 Registry Configuration APIs regctrl.dll 6.1.7600.16385 RegCtrl regidle.dll 6.1.7600.16385 RegIdle Backup Task regsvc.dll 6.1.7600.16385 Remote Registry Service remotepg.dll 6.1.7601.17514 Remote Sessions CPL Extension resampledmo.dll 6.1.7600.16385 Windows Media Resampler resutils.dll 6.1.7601.17514 Microsoft Cluster Resource Utility DLL rgb9rast.dll 6.1.7600.16385 Microsoft® Windows® Operating System riched20.dll 5.31.23.1230 Rich Text Edit Control, v3.1 riched32.dll 6.1.7601.17514 Wrapper Dll for Richedit 1.0 rnr20.dll 6.1.7600.16385 Windows Socket2 NameSpace DLL rpcdiag.dll 6.1.7600.16385 RPC Diagnostics rpcepmap.dll 6.1.7600.16385 RPC Endpoint Mapper rpchttp.dll 6.1.7601.17514 RPC HTTP DLL rpcndfp.dll 1.0.0.1 RPC NDF Helper Class rpcns4.dll 6.1.7600.16385 Remote Procedure Call Name Service Client rpcnsh.dll 6.1.7600.16385 RPC Netshell Helper rpcrt4.dll 6.1.7601.18532 Remote Procedure Call Runtime rpcrtremote.dll 6.1.7601.17514 Remote RPC Extension rpcss.dll 6.1.7601.17514 Distributed COM Services rsaenh.dll 6.1.7600.16385 Microsoft Enhanced Cryptographic Provider rshx32.dll 6.1.7600.16385 Security Shell Extension rstrtmgr.dll 6.1.7600.16385 Restart Manager rtffilt.dll 2008.0.7600.16385 RTF Filter rtm.dll 6.1.7600.16385 Routing Table Manager rtutils.dll 6.1.7601.17514 Routing Utilities samcli.dll 6.1.7601.17514 Security Accounts Manager Client DLL samlib.dll 6.1.7600.16385 SAM Library DLL sampleres.dll 6.1.7600.16385 Microsoft Samples samsrv.dll 6.1.7601.17514 SAM Server DLL sas.dll 6.1.7600.16385 WinLogon Software SAS Library sbe.dll 6.6.7601.17528 DirectShow Stream Buffer Filter. sbeio.dll 12.0.7600.16385 Stream Buffer IO DLL sberes.dll 6.6.7600.16385 DirectShow Stream Buffer Filter Resouces. scansetting.dll 6.1.7601.17514 Microsoft® Windows(TM) ScanSettings Profile and Scanning implementation scarddlg.dll 6.1.7600.16385 SCardDlg - Smart Card Common Dialog scardsvr.dll 6.1.7600.16385 Smart Card Resource Management Server scavengeui.dll 6.1.7601.18246 Update Package Cleanup sccls.dll 6.1.7600.16385 Class-Installer DLL for Smart Cards scecli.dll 6.1.7601.17514 Windows Security Configuration Editor Client Engine scesrv.dll 6.1.7601.18686 Windows Security Configuration Editor Engine scext.dll 6.1.7600.16385 Service Control Manager Extension DLL for non-minwin schannel.dll 6.1.7601.18779 TLS / SSL Security Provider schedcli.dll 6.1.7601.17514 Scheduler Service Client DLL schedsvc.dll 6.1.7601.17514 Task Scheduler Service scksp.dll 6.1.7600.16385 Microsoft Smart Card Key Storage Provider scripto.dll 6.6.7600.16385 Microsoft ScriptO scrobj.dll 5.8.7600.16385 Windows ® Script Component Runtime scrptadm.dll 6.1.7601.17514 Script Adm Extension scrrun.dll 5.8.7601.18283 Microsoft ® Script Runtime sdautoplay.dll 6.1.7600.16385 Microsoft® Windows Backup AutoPlay Integration Library sdcpl.dll 6.1.7601.17514 Windows Backup And Restore Control Panel sdengin2.dll 6.1.7601.17514 Microsoft® Windows Backup Engine sdhcinst.dll 6.1.7600.16385 Secure Digital Host Controller Class Installer sdiageng.dll 6.1.7600.16385 Scripted Diagnostics Execution Engine sdiagprv.dll 6.1.7600.16385 Windows Scripted Diagnostic Provider API sdiagschd.dll 6.1.7600.16385 Scripted Diagnostics Scheduled Task sdohlp.dll 6.1.7600.16385 NPS SDO Helper Component sdrsvc.dll 6.1.7601.17514 Microsoft® Windows Backup Service sdshext.dll 6.1.7600.16385 Microsoft® Windows Backup Shell Extension searchfolder.dll 6.1.7601.17514 SearchFolder sechost.dll 6.1.7600.16385 Host for SCM/SDDL/LSA Lookup APIs seclogon.dll 6.1.7600.16385 Secondary Logon Service DLL secproc.dll 6.1.7601.18332 Windows Rights Management Desktop Security Processor secproc_isv.dll 6.1.7601.18332 Windows Rights Management Desktop Security Processor secproc_ssp.dll 6.1.7601.18332 Windows Rights Management Services Server Security Processor secproc_ssp_isv.dll 6.1.7601.18332 Windows Rights Management Services Server Security Processor (Pre-production) secur32.dll 6.1.7601.18779 Security Support Provider Interface security.dll 6.1.7600.16385 Security Support Provider Interface sendmail.dll 6.1.7600.16385 Send Mail sens.dll 6.1.7600.16385 System Event Notification Service (SENS) sensapi.dll 6.1.7600.16385 SENS Connectivity API DLL sensorsapi.dll 6.1.7600.16385 Sensor API sensorsclassextension.dll 6.1.7600.16385 Sensor Driver Class Extension component sensorscpl.dll 6.1.7601.17514 Open Location and Other Sensors sensrsvc.dll 6.1.7600.16385 Microsoft Windows ambient light service serialui.dll 6.1.7600.16385 Serial Port Property Pages serwvdrv.dll 6.1.7600.16385 Unimodem Serial Wave driver sessenv.dll 6.1.7601.17514 Remote Desktop Configuration service setbcdlocale.dll 6.1.7601.18741 MUI Callback for Bcd setupapi.dll 6.1.7601.17514 Windows Setup API setupcln.dll 6.1.7601.17514 Setup Files Cleanup setupetw.dll 6.1.7600.16385 Setup ETW Event Resources sfc.dll 6.1.7600.16385 Windows File Protection sfc_os.dll 6.1.7600.16385 Windows File Protection shacct.dll 6.1.7601.17514 Shell Accounts Classes sharemediacpl.dll 6.1.7601.17514 Share Media Control Panel shdocvw.dll 6.1.7601.18222 Shell Doc Object and Control Library shell.dll 3.10.0.103 Windows Shell library shell32.dll 6.1.7601.18762 Windows Shell Common Dll shellstyle.dll 6.1.7600.16385 Windows Shell Style Resource Dll shfolder.dll 6.1.7600.16385 Shell Folder Service shgina.dll 6.1.7601.17514 Windows Shell User Logon shimeng.dll 6.1.7600.16385 Shim Engine DLL shimgvw.dll 6.1.7601.17514 Photo Gallery Viewer shlwapi.dll 6.1.7601.17514 Shell Light-weight Utility Library shpafact.dll 6.1.7600.16385 Windows Shell LUA/PA Elevation Factory Dll shsetup.dll 6.1.7601.17514 Shell setup helper shsvcs.dll 6.1.7601.17514 Windows Shell Services Dll shunimpl.dll 6.1.7601.17514 Windows Shell Obsolete APIs shwebsvc.dll 6.1.7601.17514 Windows Shell Web Services sierranw.dll 4.0.2.4 WON DLL signdrv.dll 6.1.7600.16385 WMI provider for Signed Drivers sisbkup.dll 6.1.7601.17514 Single-Instance Store Backup Support Functions slc.dll 6.1.7600.16385 Software Licensing Client Dll slcext.dll 6.1.7600.16385 Software Licensing Client Extension Dll slwga.dll 6.1.7601.17514 Software Licensing WGA API smartcardcredentialprovider.dll 6.1.7601.18276 Windows Smartcard Credential Provider smbhelperclass.dll 1.0.0.1 SMB (File Sharing) Helper Class for Network Diagnostic Framework smiengine.dll 6.1.7601.17514 WMI Configuration Core sndvolsso.dll 6.1.7601.17514 SCA Volume snmpapi.dll 6.1.7600.16385 SNMP Utility Library sntsearch.dll 6.1.7600.16385 Sticky Notes Search DLL snwvalid.dll 4.0.2.4 WON DLL softkbd.dll 6.1.7600.16385 Soft Keyboard Server and Tip softpub.dll 6.1.7600.16385 Softpub Forwarder DLL sortserver2003compat.dll 6.1.7600.16385 Sort Version Server 2003 sortwindows6compat.dll 6.1.7600.16385 Sort Version Windows 6.0 spbcd.dll 6.1.7601.17514 BCD Sysprep Plugin spcmsg.dll 6.1.7600.16385 SP Installer Msg Dll sperror.dll 6.1.7600.16385 SP Error spfileq.dll 6.1.7600.16385 Windows SPFILEQ spinf.dll 6.1.7600.16385 Windows SPINF spnet.dll 6.1.7600.16385 Net Sysprep Plugin spoolss.dll 6.1.7600.16385 Spooler SubSystem DLL spopk.dll 6.1.7601.17514 OPK Sysprep Plugin spp.dll 6.1.7601.17514 Microsoft® Windows Shared Protection Point Library sppc.dll 6.1.7601.17514 Software Licensing Client Dll sppcc.dll 6.1.7600.16385 Software Licensing Commerce Client sppcext.dll 6.1.7600.16385 Software Protection Platform Client Extension Dll sppcomapi.dll 6.1.7601.17514 Software Licensing Library sppcommdlg.dll 6.1.7600.16385 Software Licensing UI API sppinst.dll 6.1.7601.17514 SPP CMI Installer Plug-in DLL sppnp.dll 6.1.7601.17514 PnP module of SysPrep sppobjs.dll 6.1.7601.17514 Software Protection Platform Plugins sppuinotify.dll 6.1.7601.17514 SPP Notification Service sppwinob.dll 6.1.7601.17514 Software Protection Platform Windows Plugin sppwmi.dll 6.1.7600.16385 Software Protection Platform WMI provider spwinsat.dll 6.1.7600.16385 WinSAT Sysprep Plugin spwizeng.dll 6.1.7601.17514 Setup Wizard Framework spwizimg.dll 6.1.7600.16385 Setup Wizard Framework Resources spwizres.dll 6.1.7601.17514 Setup Wizard Framework Resources spwizui.dll 6.1.7601.17514 SPC Wizard UI spwmp.dll 6.1.7601.18741 Windows Media Player System Preparation DLL sqlceoledb30.dll 3.0.7600.0 Microsoft SQL Mobile sqlceqp30.dll 3.0.7600.0 Microsoft SQL Mobile sqlcese30.dll 3.0.7601.0 Microsoft SQL Mobile sqloledb.dll 6.1.7601.17514 OLE DB Provider for SQL Server sqlsrv32.dll 6.1.7601.17514 SQL Server ODBC Driver sqlunirl.dll 2000.80.728.0 String Function .DLL for SQL Enterprise Components sqlwid.dll 1999.10.20.0 Unicode Function .DLL for SQL Enterprise Components sqlwoa.dll 1999.10.20.0 Unicode/ANSI Function .DLL for SQL Enterprise Components sqlxmlx.dll 6.1.7600.16385 XML extensions for SQL Server sqmapi.dll 6.1.7601.17514 SQM Client srchadmin.dll 7.0.7601.17514 Indexing Options srclient.dll 6.1.7601.18741 Microsoft® Windows System Restore Client Library srcore.dll 6.1.7601.18741 Microsoft® Windows System Restore Core Library srhelper.dll 6.1.7600.16385 Microsoft® Windows driver and windows update enumeration library srpuxnativesnapin.dll 6.1.7600.16385 Application Control Policies Group Policy Editor Extension srrstr.dll 6.1.7601.17514 Microsoft® Windows System Protection Configuration Library srvcli.dll 6.1.7601.17514 Server Service Client DLL srvsvc.dll 6.1.7601.17514 Server Service DLL srwmi.dll 6.1.7600.16385 Microsoft® Windows System Restore WMI Provider sscore.dll 6.1.7601.17514 Server Service Core DLL ssdpapi.dll 6.1.7600.16385 SSDP Client API DLL ssdpsrv.dll 6.1.7600.16385 SSDP Service DLL sspicli.dll 6.1.7601.18779 Security Support Provider Interface sspisrv.dll 6.1.7601.18779 LSA SSPI RPC interface DLL ssshim.dll 6.1.7600.16385 Windows Componentization Platform Servicing API sstpsvc.dll 6.1.7600.16385 Provides the facility of using Secure Socket Tunneling Protocol (SSTP) to connect to remote computers (using VPN). stclient.dll 2001.12.8530.16385 COM+ Configuration Catalog Client sti.dll 6.1.7600.16385 Still Image Devices client DLL sti_ci.dll 6.1.7600.16385 Still Image Class Installer stobject.dll 6.1.7601.17514 Systray shell service object storage.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library storagecontexthandler.dll 6.1.7600.16385 Device Center Storage Context Menu Handler storprop.dll 6.1.7600.16385 Property Pages for Storage Devices streamci.dll 6.1.7600.16385 Streaming Device Class Installer structuredquery.dll 7.0.7601.17514 Structured Query sud.dll 6.1.7601.17514 SUD Control Panel swprv.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service software provider sxproxy.dll 6.1.7600.16385 Microsoft® Windows System Protection Proxy Library sxs.dll 6.1.7601.17514 Fusion 2.5 sxshared.dll 6.1.7600.16385 Microsoft® Windows SX Shared Library sxssrv.dll 6.1.7600.16385 Windows SxS Server DLL sxsstore.dll 6.1.7600.16385 Sxs Store DLL synccenter.dll 6.1.7601.17514 Microsoft Sync Center synceng.dll 6.1.7601.17959 Windows Briefcase Engine synchostps.dll 6.1.7600.16385 Proxystub for sync host syncinfrastructure.dll 6.1.7600.16385 Microsoft Windows Sync Infrastructure. syncinfrastructureps.dll 6.1.7600.16385 Microsoft Windows sync infrastructure proxy stub. syncreg.dll 2007.94.7600.16385 Microsoft Synchronization Framework Registration syncui.dll 6.1.7601.17514 Windows Briefcase sysclass.dll 6.1.7601.17514 System Class Installer Library sysfxui.dll 6.1.7600.16385 Audio System FX Control Panel Extension sysmain.dll 6.1.7601.17514 Superfetch Service Host sysntfy.dll 6.1.7600.16385 Windows Notifications Dynamic Link Library sysprepmce.dll 6.1.7600.16385 Windows Media Center SysPrep DLL syssetup.dll 6.1.7601.17514 Windows NT System Setup systemcpl.dll 6.1.7601.17514 My System CPL t2embed.dll 6.1.7601.17514 Microsoft T2Embed Font Embedding tabbtn.dll 6.1.7600.16385 Microsoft Tablet PC Buttons Component tabbtnex.dll 6.1.7600.16385 Microsoft Tablet PC Extended Buttons Component tabsvc.dll 6.1.7601.17514 Microsoft Tablet PC Input Service tapi.dll 3.10.0.103 Microsoft® Windows(TM) Telephony Server16 tapi3.dll 6.1.7600.16385 Microsoft TAPI3 tapi32.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony API Client DLL tapilua.dll 6.1.7600.16385 Microsoft® Windows(TM) Phone And Modem Lua Elevation Dll tapimigplugin.dll 6.1.7600.16385 Microsoft® Windows(TM) TAPI Migration Plugin Dll tapiperf.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony Performance Monitor tapisrv.dll 6.1.7601.17514 Microsoft® Windows(TM) Telephony Server tapisysprep.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony Sysprep Work tapiui.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony API UI DLL taskbarcpl.dll 6.1.7601.17514 Taskbar Control Panel taskcomp.dll 6.1.7601.17514 Task Scheduler Backward Compatibility Plug-in taskschd.dll 6.1.7601.17514 Task Scheduler COM API taskschdps.dll 6.1.7600.16385 Task Scheduler Interfaces Proxy tbs.dll 6.1.7600.16385 TBS tbssvc.dll 6.1.7600.16385 TBS Service tcpipcfg.dll 6.1.7601.17514 Network Configuration Objects tcpmib.dll 6.1.7600.16385 Standard TCP/IP Port Monitor Helper DLL tcpmon.dll 6.1.7600.16385 Standard TCP/IP Port Monitor DLL tcpmonui.dll 6.1.7600.16385 Standard TCP/IP Port Monitor UI DLL tdh.dll 6.1.7601.18247 Event Trace Helper Library termmgr.dll 6.1.7601.17514 Microsoft TAPI3 Terminal Manager termsrv.dll 6.1.7601.18637 Remote Desktop Session Host Server Remote Connections Manager thawbrkr.dll 6.1.7600.16385 Thai Word Breaker themecpl.dll 6.1.7601.17514 Personalization CPL themeservice.dll 6.1.7600.16385 Windows Shell Theme Service Dll themeui.dll 6.1.7601.17514 Windows Theme API thumbcache.dll 6.1.7601.17514 Microsoft Thumbnail Cache timedatemuicallback.dll 6.1.7600.16385 Time Date Control UI Language Change plugin tlscsp.dll 6.1.7601.17514 Microsoft® Remote Desktop Services Cryptographic Utility toolhelp.dll 3.10.0.103 Windows Debug/Tool helper library tpmcompc.dll 6.1.7600.16385 Computer Chooser Dialog tquery.dll 7.0.7601.17610 tquery.dll traffic.dll 6.1.7600.16385 Microsoft Traffic Control 1.0 DLL trapi.dll 6.1.7601.17514 Microsoft Narrator Text Renderer trkwks.dll 6.1.7600.16385 Distributed Link Tracking Client tsbyuv.dll 6.1.7601.17514 Toshiba Video Codec tscfgwmi.dll 6.1.7601.17514 Remote Desktop Session Host Server Configuration WMI provider tschannel.dll 6.1.7600.16385 Task Scheduler Proxy tsddd.dll 6.1.7600.16385 Framebuffer Display Driver tserrredir.dll 6.1.7600.16385 Remote Desktop Services Logon Error Redirector tsgqec.dll 6.3.9600.16415 RD Gateway QEC tsmf.dll 6.1.7601.17514 RDP MF Plugin tspkg.dll 6.1.7601.18779 Web Service Security Package tspnprdrcoinstaller.dll 6.1.7600.16385 Remote Desktop PnP Redirected Device Co-Installer tspubwmi.dll 6.1.7601.17514 Remote Desktop Programs WMI provider tssrvlic.dll 6.1.7601.17514 RD Server Licensing Policy Module tsusbgdcoinstaller.dll 6.3.9600.16415 Remote Desktop Generic USB Driver Coinstaller tsusbredirectiongrouppolicyextension.dll 6.3.9600.16415 Remote Desktop USB Redirection GP Extension tsworkspace.dll 6.1.7601.18546 RemoteApp and Desktop Connection Component tvratings.dll 6.6.7600.16385 Module for managing TV ratings twext.dll 6.1.7601.17514 Previous Versions property page txflog.dll 2001.12.8530.16385 COM+ txfw32.dll 6.1.7600.16385 TxF Win32 DLL typelib.dll 2.10.3029.1 OLE 2.1 16/32 Interoperability Library tzres.dll 6.1.7601.18656 Time Zones resource DLL ubpm.dll 6.1.7601.18741 Unified Background Process Manager DLL ucmhc.dll 6.1.7600.16385 UCM Helper Class udhisapi.dll 6.1.7600.16385 UPnP Device Host ISAPI Extension udwm.dll 6.1.7600.16385 Microsoft Desktop Window Manager uexfat.dll 6.1.7600.16385 eXfat Utility DLL ufat.dll 6.1.7600.16385 FAT Utility DLL uianimation.dll 6.2.9200.16492 Windows Animation Manager uiautomationcore.dll 7.0.0.0 Microsoft UI Automation Core uicom.dll 6.1.7600.16385 Add/Remove Modems uihub.dll 6.1.7600.16385 Microsoft Tablet PC Flicks and Pen Feedback Component uiribbon.dll 6.1.7601.17514 Windows Ribbon Framework uiribbonres.dll 6.1.7601.17514 Windows Ribbon Framework Resources ulib.dll 6.1.7600.16385 File Utilities Support DLL umb.dll 6.1.7601.17514 User Mode Bus Driver Interface Dll umdmxfrm.dll 6.1.7600.16385 Unimodem Tranform Module umpnpmgr.dll 6.1.7601.17621 User-mode Plug-and-Play Service umpo.dll 6.1.7601.17514 User-mode Power Service umrdp.dll 6.1.7601.17514 Remote Desktop Services Device Redirector Service unattend.dll 6.1.7601.17514 Unattend Library unimdmat.dll 6.1.7601.17514 Unimodem Service Provider AT Mini Driver uniplat.dll 6.1.7600.16385 Unimodem AT Mini Driver Platform Driver for Windows NT untfs.dll 6.1.7601.17514 NTFS Utility DLL upnp.dll 6.1.7601.17514 UPnP Control Point API upnphost.dll 6.1.7600.16385 UPnP Device Host ureg.dll 6.1.7600.16385 Registry Utility DLL url.dll 11.0.9600.16428 Internet Shortcut Shell Extension DLL urlmon.dll 11.0.9600.17689 OLE32 Extensions for Win32 usbceip.dll 6.1.7600.16385 USBCEIP Task usbmon.dll 6.1.7600.16385 Standard Dynamic Printing Port Monitor DLL usbperf.dll 6.1.7600.16385 USB Performance Objects DLL usbui.dll 6.1.7600.16385 USB UI Dll user32.dll 6.1.7601.17514 Multi-User Windows USER API Client DLL useraccountcontrolsettings.dll 6.1.7601.17514 UserAccountControlSettings usercpl.dll 6.1.7601.17514 User control panel userenv.dll 6.1.7601.17514 Userenv usp10.dll 1.626.7601.18454 Uniscribe Unicode script processor utildll.dll 6.1.7601.17514 WinStation utility support DLL uudf.dll 6.1.7600.16385 UDF Utility DLL uxinit.dll 6.1.7600.16385 Windows User Experience Session Initialization Dll uxlib.dll 6.1.7601.17514 Setup Wizard Framework uxlibres.dll 6.1.7600.16385 UXLib Resources uxsms.dll 6.1.7600.16385 Microsoft User Experience Session Management Service uxtheme.dll 6.1.7600.16385 Microsoft UxTheme Library van.dll 6.1.7601.17514 View Available Networks vault.dll 6.1.7601.17514 Windows vault Control Panel vaultcli.dll 6.1.7600.16385 Credential Vault Client Library vaultcredprovider.dll 6.1.7600.16385 Vault Credential Provider vaultsvc.dll 6.1.7601.17514 Credential Manager Service vbajet32.dll 6.0.1.9431 Visual Basic for Applications Development Environment - Expression Service Loader vbame.dll 2.0.2.5 VBA : Middle East Support vboxnetfltnobj.dll 4.3.26.0 VirtualBox Bridged Networking Driver Notify Object v1.1 vbscript.dll 5.8.9600.17689 Microsoft ® VBScript vcamp110.dll 11.0.51106.1 Microsoft® C++ AMP Runtime vccorlib110.dll 11.0.51106.1 Microsoft ® VC WinRT core library vccorlib120.dll 12.0.21005.1 Microsoft ® VC WinRT core library vcomp100.dll 10.0.40219.325 Microsoft® C/C++ OpenMP Runtime vcomp110.dll 11.0.51106.1 Microsoft® C/C++ OpenMP Runtime vdmdbg.dll 6.1.7600.16385 VDMDBG.DLL vdmredir.dll 6.1.7600.16385 Virtual Dos Machine Network Interface Library vds_ps.dll 6.1.7600.16385 Microsoft® Virtual Disk Service proxy/stub vdsbas.dll 6.1.7601.17514 Virtual Disk Service Basic Provider vdsdyn.dll 6.1.7600.16385 VDS Dynamic Volume Provider, Version 2.1.0.1 vdsutil.dll 6.1.7601.17514 Virtual Disk Service Utility Library vdsvd.dll 6.1.7600.16385 VDS Virtual Disk Provider, Version 1.0 ver.dll 3.10.0.103 Version Checking and File Installation Libraries verifier.dll 6.1.7600.16385 Standard application verifier provider dll version.dll 6.1.7600.16385 Version Checking and File Installation Libraries vfpodbc.dll 1.0.2.0 vfpodbc vfwwdm32.dll 6.1.7601.17514 VfW MM Driver for WDM Video Capture Devices vga.dll 6.1.7600.16385 VGA 16 Colour Display Driver vga256.dll 6.1.7600.16385 256 Color VGA\SVGA Display Driver vga64k.dll 6.1.7600.16385 32K/64K color VGA\SVGA Display Driver vidreszr.dll 6.1.7600.16385 Windows Media Resizer virtdisk.dll 6.1.7600.16385 Virtual Disk API DLL vmbuscoinstaller.dll 6.1.7601.17514 Hyper-V VMBUS Coinstaller vmbuspipe.dll 6.1.7601.17514 VmBus User Mode Pipe DLL vmbusres.dll 6.1.7601.17514 Virtual Machine Bus Resource DLL vmdcoinstall.dll 6.1.7601.17514 Hyper-V Integration Components Coinstaller vmicres.dll 6.1.7601.17514 Virtual Machine Integration Component Service Resource DLL vmictimeprovider.dll 6.1.7601.17514 Virtual Machine Integration Component Time Sync Provider Library vmstorfltres.dll 6.1.7601.17514 Virtual Machine Storage Filter Resource DLL vpnike.dll 6.1.7601.17514 VPNIKE Protocol Engine - Test dll vpnikeapi.dll 6.1.7601.17514 VPN IKE API's vss_ps.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service proxy/stub vssapi.dll 6.1.7601.17514 Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL vsstrace.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service Tracing Library w32time.dll 6.1.7600.16385 Windows Time Service w32topl.dll 6.1.7600.16385 Windows NT Topology Maintenance Tool wab32.dll 6.1.7601.17699 Microsoft (R) Contacts DLL wab32res.dll 6.1.7600.16385 Microsoft (R) Contacts DLL wabsyncprovider.dll 6.1.7600.16385 Microsoft Windows Contacts Sync Provider wavdest.dll 6.1.7601.17514 Windows Sound Recorder wavemsp.dll 6.1.7601.17514 Microsoft Wave MSP wbemcomn.dll 6.1.7601.17514 WMI wbiosrvc.dll 6.1.7600.16385 Windows Biometric Service wcnapi.dll 6.1.7600.16385 Windows Connect Now - API Helper DLL wcncsvc.dll 6.1.7601.17514 Windows Connect Now - Config Registrar Service wcneapauthproxy.dll 6.1.7600.16385 Windows Connect Now - WCN EAP Authenticator Proxy wcneappeerproxy.dll 6.1.7600.16385 Windows Connect Now - WCN EAP PEER Proxy wcnnetsh.dll 6.1.7600.16385 WCN Netsh Helper DLL wcnwiz.dll 6.1.7600.16385 Windows Connect Now Wizards wcspluginservice.dll 6.1.7600.16385 WcsPlugInService DLL wdc.dll 6.1.7601.17514 Performance Monitor wdfcoinstaller01007.dll 1.7.6001.18000 WDF Coinstaller wdfres.dll 6.2.9200.16384 Kernel Mode Driver Framework Resource wdi.dll 6.1.7601.18713 Windows Diagnostic Infrastructure wdiasqmmodule.dll 6.1.7601.17514 Adaptive SQM WDI Plugin wdigest.dll 6.1.7601.18779 Microsoft Digest Access wdscore.dll 6.1.7601.17514 Panther Engine Module webcheck.dll 11.0.9600.16428 Web Site Monitor webclnt.dll 6.1.7601.18201 Web DAV Service DLL webio.dll 6.1.7601.17725 Web Transfer Protocols API webservices.dll 6.1.7601.17514 Windows Web Services Runtime wecapi.dll 6.1.7600.16385 Event Collector Configuration API wecsvc.dll 6.1.7600.16385 Event Collector Service wer.dll 6.1.7601.18381 Windows Error Reporting DLL werconcpl.dll 6.1.7601.17514 PRS CPL wercplsupport.dll 6.1.7600.16385 Problem Reports and Solutions werdiagcontroller.dll 6.1.7600.16385 WER Diagnostic Controller wersvc.dll 6.1.7600.16385 Windows Error Reporting Service werui.dll 6.1.7600.16385 Windows Error Reporting UI DLL wevtapi.dll 6.1.7600.16385 Eventing Consumption and Configuration API wevtfwd.dll 6.1.7600.16385 WS-Management Event Forwarding Plug-in wevtsvc.dll 6.1.7601.17514 Event Logging Service wfapigp.dll 6.1.7600.16385 Windows Firewall GPO Helper dll wfhc.dll 6.1.7600.16385 Windows Firewall Helper Class wfsr.dll 6.1.7600.16385 Windows Fax and Scan Resources whealogr.dll 6.1.7600.16385 WHEA Troubleshooter whhelper.dll 6.1.7600.16385 Net shell helper DLL for winHttp wiaaut.dll 6.1.7600.16385 WIA Automation Layer wiadefui.dll 6.1.7601.17514 WIA Scanner Default UI wiadss.dll 6.1.7600.16385 WIA TWAIN compatibility layer wiarpc.dll 6.1.7601.17514 Windows Image Acquisition RPC client DLL wiascanprofiles.dll 6.1.7600.16385 Microsoft Windows ScanProfiles wiaservc.dll 6.1.7601.17514 Still Image Devices Service wiashext.dll 6.1.7600.16385 Imaging Devices Shell Folder UI wiatrace.dll 6.1.7600.16385 WIA Tracing wiavideo.dll 6.1.7601.17514 WIA Video wifeman.dll 3.10.0.103 Windows WIFE interface core component wimgapi.dll 6.1.7601.17514 Windows Imaging Library win32spl.dll 6.1.7601.18142 Client Side Rendering Print Provider win87em.dll winbio.dll 6.1.7600.16385 Windows Biometrics Client API winbrand.dll 6.1.7600.16385 Windows Branding Resources wincredprovider.dll 6.1.7601.18409 wincredprovider DLL windowsaccessbridge.dll 2.0.4.0 Java Access Bridge for Windows windowscodecs.dll 6.2.9200.17251 Microsoft Windows Codecs Library windowscodecsext.dll 6.2.9200.16492 Microsoft Windows Codecs Extended Library winethc.dll 6.1.7600.16385 WinInet Helper Class winfax.dll 6.1.7600.16385 Microsoft Fax API Support DLL winhttp.dll 6.1.7601.17514 Windows HTTP Services wininet.dll 11.0.9600.17689 Internet Extensions for Win32 winipsec.dll 6.1.7600.16385 Windows IPsec SPD Client DLL winmm.dll 6.1.7601.17514 MCI API DLL winnls.dll 3.10.0.103 Windows IME interface core component winnsi.dll 6.1.7600.16385 Network Store Information RPC interface winrnr.dll 6.1.7600.16385 LDAP RnR Provider DLL winrscmd.dll 6.1.7600.16385 remtsvc winrsmgr.dll 6.1.7600.16385 WSMan Shell API winrssrv.dll 6.1.7600.16385 winrssrv winsatapi.dll 6.1.7601.17514 Windows System Assessment Tool API winscard.dll 6.1.7601.17514 Microsoft Smart Card API winshfhc.dll 6.1.7600.16385 File Risk Estimation winsock.dll 3.10.0.103 Windows Socket 16-Bit DLL winsockhc.dll 6.1.7600.16385 Winsock Network Diagnostic Helper Class winsrpc.dll 6.1.7600.16385 WINS RPC LIBRARY winsrv.dll 6.1.7601.18229 Multi-User Windows Server DLL winsta.dll 6.1.7601.18540 Winstation Library winsync.dll 2007.94.7600.16385 Synchronization Framework winsyncmetastore.dll 2007.94.7600.16385 Windows Synchronization Metadata Store winsyncproviders.dll 2007.94.7600.16385 Windows Synchronization Provider Framework wintrust.dll 6.1.7601.18741 Microsoft Trust Verification APIs winusb.dll 6.1.7600.16385 Windows USB Driver User Library winusbcoinstaller.dll 6.0.5841.16388 WinUsb - User-mode USB Update Co-Installer wkscli.dll 6.1.7601.17514 Workstation Service Client DLL wksprtps.dll 6.3.9600.16415 WorkspaceRuntime ProxyStub DLL wkssvc.dll 6.1.7601.17514 Workstation Service DLL wlanapi.dll 6.1.7600.16385 Windows WLAN AutoConfig Client Side API DLL wlancfg.dll 6.1.7600.16385 Wlan Netsh Helper DLL wlanconn.dll 6.1.7600.16385 Dot11 Connection Flows wlandlg.dll 6.1.7600.16385 Wireless Lan Dialog Wizards wlangpui.dll 6.1.7601.17514 Wireless Network Policy Management Snap-in wlanhc.dll 6.1.7600.16385 Wireless LAN Helper Classes wlanhlp.dll 6.1.7600.16385 Windows Wireless LAN 802.11 Client Side Helper API wlaninst.dll 6.1.7600.16385 Windows NET Device Class Co-Installer for Wireless LAN wlanmm.dll 6.1.7600.16385 Dot11 Media and AdHoc Managers wlanmsm.dll 6.1.7601.17514 Windows Wireless LAN 802.11 MSM DLL wlanpref.dll 6.1.7601.17514 Wireless Preferred Networks wlansec.dll 6.1.7600.16385 Windows Wireless LAN 802.11 MSM Security Module DLL wlansvc.dll 6.1.7600.16385 Windows WLAN AutoConfig Service DLL wlanui.dll 6.1.7601.17514 Wireless Profile UI wlanutil.dll 6.1.7600.16385 Windows Wireless LAN 802.11 Utility DLL wldap32.dll 6.1.7601.17514 Win32 LDAP API DLL wlgpclnt.dll 6.1.7600.16385 802.11 Group Policy Client wls0wndh.dll 6.1.7600.16385 Session0 Viewer Window Hook DLL wmadmod.dll 6.1.7601.17514 Windows Media Audio Decoder wmadmoe.dll 6.1.7600.16385 Windows Media Audio 10 Encoder/Transcoder wmalfxgfxdsp.dll 6.1.7600.16385 SysFx DSP wmasf.dll 12.0.7600.16385 Windows Media ASF DLL wmcodecdspps.dll 6.1.7600.16385 Windows Media CodecDSP Proxy Stub Dll wmdmlog.dll 12.0.7600.16385 Windows Media Device Manager Logger wmdmps.dll 12.0.7600.16385 Windows Media Device Manager Proxy Stub wmdrmdev.dll 12.0.7601.17514 Windows Media DRM for Network Devices Registration DLL wmdrmnet.dll 12.0.7601.17514 Windows Media DRM for Network Devices DLL wmdrmsdk.dll 11.0.7601.18741 Windows Media DRM SDK DLL wmerror.dll 12.0.7600.16385 Windows Media Error Definitions (English) wmi.dll 6.1.7601.17787 WMI DC and DP functionality wmicmiplugin.dll 6.1.7601.17514 WMI CMI Plugin wmidx.dll 12.0.7600.16385 Windows Media Indexer DLL wmiprop.dll 6.1.7600.16385 WDM Provider Dynamic Property Page CoInstaller wmnetmgr.dll 12.0.7601.17514 Windows Media Network Plugin Manager DLL wmp.dll 12.0.7601.18741 Windows Media Player wmpcm.dll 12.0.7600.16385 Windows Media Player Compositing Mixer wmpdui.dll 12.0.7600.16385 Windows Media Player UI Engine wmpdxm.dll 12.0.7601.17514 Windows Media Player Extension wmpeffects.dll 12.0.7601.17514 Windows Media Player Effects wmpencen.dll 12.0.7601.17514 Windows Media Player Encoding Module wmphoto.dll 6.2.9200.17254 Windows Media Photo Codec wmploc.dll 12.0.7601.18741 Windows Media Player Resources wmpmde.dll 12.0.7601.17514 WMPMDE DLL wmpps.dll 12.0.7601.17514 Windows Media Player Proxy Stub Dll wmpshell.dll 12.0.7601.17514 Windows Media Player Launcher wmpsrcwp.dll 12.0.7601.17514 WMPSrcWp Module wmsgapi.dll 6.1.7600.16385 WinLogon IPC Client wmspdmod.dll 6.1.7601.17514 Windows Media Audio Voice Decoder wmspdmoe.dll 6.1.7600.16385 Windows Media Audio Voice Encoder wmvcore.dll 12.0.7601.17514 Windows Media Playback/Authoring DLL wmvdecod.dll 6.1.7601.18221 Windows Media Video Decoder wmvdspa.dll 6.1.7600.16385 Windows Media Video DSP Components - Advanced wmvencod.dll 6.1.7600.16385 Windows Media Video 9 Encoder wmvsdecd.dll 6.1.7601.17514 Windows Media Screen Decoder wmvsencd.dll 6.1.7600.16385 Windows Media Screen Encoder wmvxencd.dll 6.1.7600.16385 Windows Media Video Encoder wow32.dll 6.1.7600.16385 32-bit WOW Subsystem Library wpc.dll 1.0.0.1 WPC Settings Library wpcao.dll 6.1.7600.16385 WPC Administrator Override wpccpl.dll 6.1.7601.17514 Parental Controls Control Panel wpcmig.dll 1.0.0.1 Windows Parental Controls Migration wpcsvc.dll 1.0.0.1 WPC Filtering Service wpcumi.dll 1.0.0.1 Windows Parental Controls Notifications wpd_ci.dll 6.1.7601.17514 Driver Setup Class Installer for Windows Portable Devices wpdbusenum.dll 6.1.7601.17514 Portable Device Enumerator wpdmtp.dll 6.1.7600.16385 MTP core protocol component wpdmtpus.dll 6.1.7600.16385 Usbscan transport layer for MTP driver wpdshext.dll 6.1.7601.17514 Portable Devices Shell Extension wpdshserviceobj.dll 6.1.7601.17514 Windows Portable Device Shell Service Object wpdsp.dll 6.1.7601.17514 WMDM Service Provider for Windows Portable Devices wpdwcn.dll 6.1.7601.17514 Windows Portable Device WCN Wizard ws2_32.dll 6.1.7601.17514 Windows Socket 2.0 32-Bit DLL ws2help.dll 6.1.7600.16385 Windows Socket 2.0 Helper for Windows NT wscapi.dll 6.1.7601.17514 Windows Security Center API wscinterop.dll 6.1.7600.16385 Windows Health Center WSC Interop wscisvif.dll 6.1.7600.16385 Windows Security Center ISV API wscmisetup.dll 6.1.7600.16385 Installers for Winsock Transport and Name Space Providers wscproxystub.dll 6.1.7600.16385 Windows Security Center ISV Proxy Stub wscsvc.dll 6.1.7600.16385 Windows Security Center Service wsdapi.dll 6.1.7601.17514 Web Services for Devices API DLL wsdchngr.dll 6.1.7601.17514 WSD Challenge Component wsdmon.dll 6.1.7600.16385 WSD Printer Port Monitor wsdprintproxy.dll 6.1.7600.16385 Function Discovery Printer Proxy Dll wsdscanproxy.dll 6.1.7600.16385 Function Discovery WSD Scanner Proxy Dll wsecedit.dll 6.1.7600.16385 Security Configuration UI Module wsepno.dll 7.0.7600.16385 Profile notification support for Windows Search Service wshbth.dll 6.1.7601.17514 Windows Sockets Helper DLL wshcon.dll 5.8.7600.16385 Microsoft ® Windows Script Controller wshelper.dll 6.1.7600.16385 Winsock Net shell helper DLL for winsock wshext.dll 5.8.7600.16385 Microsoft ® Shell Extension for Windows Script Host wship6.dll 6.1.7600.16385 Winsock2 Helper DLL (TL/IPv6) wshirda.dll 6.1.7601.17514 Windows Sockets Helper DLL wshnetbs.dll 6.1.7600.16385 Netbios Windows Sockets Helper DLL wshqos.dll 6.1.7600.16385 QoS Winsock2 Helper DLL wshrm.dll 6.1.7600.16385 Windows Sockets Helper DLL for PGM wshtcpip.dll 6.1.7600.16385 Winsock2 Helper DLL (TL/IPv4) wsmanmigrationplugin.dll 6.1.7601.18619 WinRM Migration Plugin wsmauto.dll 6.1.7601.18619 WSMAN Automation wsmplpxy.dll 6.1.7600.16385 wsmplpxy wsmres.dll 6.1.7600.16385 WSMan Resource DLL wsmsvc.dll 6.1.7601.18619 WSMan Service wsmwmipl.dll 6.1.7601.18619 WSMAN WMI Provider wsnmp32.dll 6.1.7601.17514 Microsoft WinSNMP v2.0 Manager API wsock32.dll 6.1.7600.16385 Windows Socket 32-Bit DLL wtsapi32.dll 6.1.7601.17514 Windows Remote Desktop Session Host Server SDK APIs wuapi.dll 7.6.7600.320 Windows Update Client API wuaueng.dll 7.6.7600.320 Windows Update Agent wucltux.dll 7.6.7600.320 Windows Update Client User Experience wudfcoinstaller.dll 6.2.9200.16384 Windows Driver Foundation - User-mode Platform Device Co-Installer wudfplatform.dll 6.2.9200.16384 Windows Driver Foundation - User-mode Platform Library wudfsvc.dll 6.2.9200.16384 Windows Driver Foundation - User-mode Driver Framework Service wudfx.dll 6.2.9200.16384 WDF:UMDF Framework Library wudriver.dll 7.6.7600.320 Windows Update WUDriver Stub wups.dll 7.6.7600.320 Windows Update client proxy stub wups2.dll 7.6.7600.320 Windows Update client proxy stub 2 wuwebv.dll 7.6.7600.320 Windows Update Vista Web Control wvc.dll 6.1.7601.17514 Windows Visual Components wwanadvui.dll 8.1.2.0 Wireless WAN Connection Flows wwanapi.dll 6.1.7600.16385 Mbnapi wwancfg.dll 6.1.7600.16385 MBN Netsh Helper DLL wwanconn.dll 8.1.7601.17514 Wireless WAN Connection Flows wwanhc.dll 8.1.2.0 Wireless WAN Helper Class wwaninst.dll 8.1.2.0 Windows NET Device Class Co-Installer for Wireless WAN wwanmm.dll 8.1.2.0 WWan Media Manager wwanpref.dll 8.1.2.0 Wireless WAN Profile Settings Editor wwanprotdim.dll 8.1.7601.18113 WWAN Device Interface Module wwansvc.dll 8.1.7601.18380 WWAN Auto Config Service wwapi.dll 8.1.2.0 WWAN API wzcdlg.dll 6.1.7600.16385 Windows Connect Now - Flash Config Enrollee x3daudio1_0.dll 9.11.519.0 X3DAudio x3daudio1_1.dll 9.15.779.0 X3DAudio x3daudio1_2.dll 9.21.1148.0 X3DAudio x3daudio1_3.dll 9.22.1284.0 X3DAudio x3daudio1_4.dll 9.23.1350.0 X3DAudio x3daudio1_5.dll 9.25.1476.0 X3DAudio x3daudio1_6.dll 9.26.1590.0 3D Audio Library x3daudio1_7.dll 9.28.1886.0 3D Audio Library xactengine2_0.dll 9.11.519.0 XACT Engine API xactengine2_1.dll 9.12.589.0 XACT Engine API xactengine2_10.dll 9.21.1148.0 XACT Engine API xactengine2_2.dll 9.13.644.0 XACT Engine API xactengine2_3.dll 9.14.701.0 XACT Engine API xactengine2_4.dll 9.15.779.0 XACT Engine API xactengine2_5.dll 9.16.857.0 XACT Engine API xactengine2_6.dll 9.17.892.0 XACT Engine API xactengine2_7.dll 9.18.944.0 XACT Engine API xactengine2_8.dll 9.19.1007.0 XACT Engine API xactengine2_9.dll 9.20.1057.0 XACT Engine API xactengine3_0.dll 9.22.1284.0 XACT Engine API xactengine3_1.dll 9.23.1350.0 XACT Engine API xactengine3_2.dll 9.24.1400.0 XACT Engine API xactengine3_3.dll 9.25.1476.0 XACT Engine API xactengine3_4.dll 9.26.1590.0 XACT Engine API xactengine3_5.dll 9.27.1734.0 XACT Engine API xactengine3_6.dll 9.28.1886.0 XACT Engine API xactengine3_7.dll 9.29.1962.0 XACT Engine API xapofx1_0.dll 9.23.1350.0 XAPOFX xapofx1_1.dll 9.24.1400.0 XAPOFX xapofx1_2.dll 9.25.1476.0 XAPOFX xapofx1_3.dll 9.26.1590.0 Audio Effect Library xapofx1_4.dll 9.28.1886.0 Audio Effect Library xapofx1_5.dll 9.29.1962.0 Audio Effect Library xaudio2_0.dll 9.22.1284.0 XAudio2 Game Audio API xaudio2_1.dll 9.23.1350.0 XAudio2 Game Audio API xaudio2_2.dll 9.24.1400.0 XAudio2 Game Audio API xaudio2_3.dll 9.25.1476.0 XAudio2 Game Audio API xaudio2_4.dll 9.26.1590.0 XAudio2 Game Audio API xaudio2_5.dll 9.27.1734.0 XAudio2 Game Audio API xaudio2_6.dll 9.28.1886.0 XAudio2 Game Audio API xaudio2_7.dll 9.29.1962.0 XAudio2 Game Audio API xinput1_1.dll 9.12.589.0 Microsoft Common Controller API xinput1_2.dll 9.14.701.0 Microsoft Common Controller API xinput1_3.dll 9.18.944.0 Microsoft Common Controller API xinput9_1_0.dll 6.1.7600.16385 XNA Common Controller xmlfilter.dll 2008.0.7600.16385 XML Filter xmllite.dll 1.3.1001.0 Microsoft XmlLite Library xmlprovi.dll 6.1.7600.16385 Network Provisioning Service Client API xmlrw.dll 2.0.3609.0 Microsoft XML Slim Library xmlrwbin.dll 2.0.3609.0 Microsoft XML Slim Library xolehlp.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Helper APIs DLL xpsfilt.dll 6.1.7600.16385 XML Paper Specification Document IFilter xpsgdiconverter.dll 6.2.9200.16492 XPS to GDI Converter xpsprint.dll 6.2.9200.16492 XPS Printing DLL xpsrasterservice.dll 6.1.7601.17514 XPS Rasterization Service Component xpsservices.dll 6.1.7601.17514 Xps Object Model in memory creation and deserialization xpsshhdr.dll 6.1.7600.16385 Package Document Shell Extension Handler xpssvcs.dll 6.1.7600.16385 Native Code Xps Services Library xwizards.dll 6.1.7600.16385 Extensible Wizards Manager Module xwreg.dll 6.1.7600.16385 Extensible Wizard Registration Manager Module xwtpdui.dll 6.1.7600.16385 Extensible Wizard Type Plugin for DUI xwtpw32.dll 6.1.7600.16385 Extensible Wizard Type Plugin for Win32 zgmprxy.dll 6.1.7600.16385 Internal file used by the Internet Games zipfldr.dll 6.1.7601.17514 Compressed (zipped) Folders --------[ Certificates ]------------------------------------------------------------------------------------------------ [ Certificate Authorities / AlphaSSL CA - SHA256 - G2 ] Certificate Properties: Version V3 Signature Algorithm SHA256 RSA (1.2.840.113549.1.1.11) Serial Number 31 36 F0 4E 44 01 00 00 00 00 04 Validity 20.02.2014 - 20.02.2024 Issuer Properties: Common Name GlobalSign Root CA Organization GlobalSign nv-sa Organizational Unit Root CA Country Belgium Subject Properties: Common Name AlphaSSL CA - SHA256 - G2 Organization GlobalSign nv-sa Country Belgium Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / COMODO Certification Authority ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 44 7A E6 6E 1A F3 8E 8B EA 87 88 90 2E 83 79 2E Validity 01.12.2006 - 30.05.2020 Issuer Properties: Common Name UTN - DATACorp SGC Organization The USERTRUST Network Organizational Unit http://www.usertrust.com Country United States Locality Name Salt Lake City State/Province UT Subject Properties: Common Name COMODO Certification Authority Organization COMODO CA Limited Country United Kingdom Locality Name Salford State/Province Greater Manchester Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / COMODO RSA Certification Authority ] Certificate Properties: Version V3 Signature Algorithm SHA384 RSA (1.2.840.113549.1.1.12) Serial Number 22 DE 84 FC A2 70 D7 AB 8E F3 49 EB 56 EE 66 27 Validity 30.05.2000 - 30.05.2020 Issuer Properties: Common Name AddTrust External CA Root Organization AddTrust AB Organizational Unit AddTrust External TTP Network Country Sweden Subject Properties: Common Name COMODO RSA Certification Authority Organization COMODO CA Limited Country United Kingdom Locality Name Salford State/Province Greater Manchester Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / COMODO RSA Domain Validation Secure Server CA ] Certificate Properties: Version V3 Signature Algorithm SHA384 RSA (1.2.840.113549.1.1.12) Serial Number 07 8C 7C A3 DB 6E 8A 14 6C 36 75 D9 EA 6E 2E 2B Validity 12.02.2014 - 12.02.2029 Issuer Properties: Common Name COMODO RSA Certification Authority Organization COMODO CA Limited Country United Kingdom Locality Name Salford State/Province Greater Manchester Subject Properties: Common Name COMODO RSA Domain Validation Secure Server CA Organization COMODO CA Limited Country United Kingdom Locality Name Salford State/Province Greater Manchester Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / DigiCert SHA2 Secure Server CA ] Certificate Properties: Version V3 Signature Algorithm SHA256 RSA (1.2.840.113549.1.1.11) Serial Number 91 BC CF 4B 72 8B 43 88 C8 75 CA 6E EB A3 FD 01 Validity 08.03.2013 - 08.03.2023 Issuer Properties: Common Name DigiCert Global Root CA Organization DigiCert Inc Organizational Unit www.digicert.com Country United States Subject Properties: Common Name DigiCert SHA2 Secure Server CA Organization DigiCert Inc Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / EssentialSSL CA ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 4A 2A 46 26 F3 F2 C1 0F A0 F1 04 A3 BA CB B2 18 Validity 01.12.2006 - 01.01.2020 Issuer Properties: Common Name COMODO Certification Authority Organization COMODO CA Limited Country United Kingdom Locality Name Salford State/Province Greater Manchester Subject Properties: Common Name EssentialSSL CA Organization COMODO CA Limited Country United Kingdom Locality Name Salford State/Province Greater Manchester Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / GeoTrust DV SSL CA - G4 ] Certificate Properties: Version V3 Signature Algorithm SHA256 RSA (1.2.840.113549.1.1.11) Serial Number 78 3A 02 Validity 30.08.2014 - 21.05.2022 Issuer Properties: Common Name GeoTrust Global CA Organization GeoTrust Inc. Country United States Subject Properties: Common Name GeoTrust DV SSL CA - G4 Organization GeoTrust Inc. Organizational Unit Domain Validated SSL Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / GeoTrust SSL CA - G2 ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 63 3A 02 Validity 27.08.2012 - 20.05.2022 Issuer Properties: Common Name GeoTrust Global CA Organization GeoTrust Inc. Country United States Subject Properties: Common Name GeoTrust SSL CA - G2 Organization GeoTrust Inc. Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / Go Daddy Secure Certificate Authority - G2 ] Certificate Properties: Version V3 Signature Algorithm SHA256 RSA (1.2.840.113549.1.1.11) Serial Number 07 Validity 03.05.2011 - 03.05.2031 Issuer Properties: Common Name Go Daddy Root Certificate Authority - G2 Organization GoDaddy.com, Inc. Country United States Locality Name Scottsdale State/Province Arizona Subject Properties: Common Name Go Daddy Secure Certificate Authority - G2 Organization GoDaddy.com, Inc. Organizational Unit http://certs.godaddy.com/repository/ Country United States Locality Name Scottsdale State/Province Arizona Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / Microsoft IT SSL SHA2 ] Certificate Properties: Version V3 Signature Algorithm SHA256 RSA (1.2.840.113549.1.1.11) Serial Number A9 9A 27 07 Validity 19.12.2013 - 19.12.2017 Issuer Properties: Common Name Baltimore CyberTrust Root Organization Baltimore Organizational Unit CyberTrust Country Ireland Subject Properties: Common Name Microsoft IT SSL SHA2 Organization Microsoft Corporation Organizational Unit Microsoft IT Country United States Locality Name Redmond State/Province Washington Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / Microsoft Windows Hardware Compatibility ] Certificate Properties: Version V3 Signature Algorithm MD5 RSA (1.2.840.113549.1.1.4) Serial Number A0 69 FE 8F 9A 3F D1 11 8B 19 Validity 01.10.1997 - 31.12.2002 Issuer Properties: Common Name Microsoft Root Authority Organizational Unit Copyright (c) 1997 Microsoft Corp. Organizational Unit Microsoft Corporation Subject Properties: Common Name Microsoft Windows Hardware Compatibility Organizational Unit Copyright (c) 1997 Microsoft Corp. Organizational Unit Microsoft Windows Hardware Compatibility Intermediate CA Organizational Unit Microsoft Corporation Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / PositiveSSL CA 2 ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 1B 00 0E C4 97 D6 48 D5 28 9C 45 81 46 12 6F 07 Validity 16.02.2012 - 30.05.2020 Issuer Properties: Common Name AddTrust External CA Root Organization AddTrust AB Organizational Unit AddTrust External TTP Network Country Sweden Subject Properties: Common Name PositiveSSL CA 2 Organization COMODO CA Limited Country United Kingdom Locality Name Salford State/Province Greater Manchester Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / RapidSSL CA ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number D1 36 02 Validity 20.02.2010 - 19.02.2020 Issuer Properties: Common Name GeoTrust Global CA Organization GeoTrust Inc. Country United States Subject Properties: Common Name RapidSSL CA Organization GeoTrust, Inc. Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / Root Agency ] Certificate Properties: Version V3 Signature Algorithm MD5 RSA (1.2.840.113549.1.1.4) Serial Number F4 35 5C AA D4 B8 CF 11 8A 64 00 AA 00 6C 37 06 Validity 29.05.1996 - 01.01.2040 Issuer Properties: Common Name Root Agency Subject Properties: Common Name Root Agency Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / Thawte SSL CA ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number EC C9 4D 24 7E 50 6D CD 20 4C B2 08 34 2C 5F 4D Validity 08.02.2010 - 08.02.2020 Issuer Properties: Common Name thawte Primary Root CA Organization thawte, Inc. Organizational Unit Certification Services Division Organizational Unit (c) 2006 thawte, Inc. - For authorized use only Country United States Subject Properties: Common Name Thawte SSL CA Organization Thawte, Inc. Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / UTN-USERFirst-Hardware ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 25 97 49 35 74 A2 D1 43 13 D7 C7 AA F1 AC 4B 48 Validity 07.06.2005 - 30.05.2020 Issuer Properties: Common Name AddTrust External CA Root Organization AddTrust AB Organizational Unit AddTrust External TTP Network Country Sweden Subject Properties: Common Name UTN-USERFirst-Hardware Organization The USERTRUST Network Organizational Unit http://www.usertrust.com Country United States Locality Name Salt Lake City State/Province UT Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / VeriSign Class 3 Code Signing 2010 CA ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number C7 33 4B D4 C9 96 ED 86 1A FC 56 25 AA E5 00 52 Validity 08.02.2010 - 08.02.2020 Issuer Properties: Common Name VeriSign Class 3 Public Primary Certification Authority - G5 Organization VeriSign, Inc. Organizational Unit VeriSign Trust Network Organizational Unit (c) 2006 VeriSign, Inc. - For authorized use only Country United States Subject Properties: Common Name VeriSign Class 3 Code Signing 2010 CA Organization VeriSign, Inc. Organizational Unit VeriSign Trust Network Organizational Unit Terms of use at https://www.verisign.com/rpa (c)10 Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / VeriSign Class 3 Secure Server CA - G3 ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 91 D4 52 E9 F4 BC CE B8 09 20 03 A7 A5 7A CC 6E Validity 08.02.2010 - 08.02.2020 Issuer Properties: Common Name VeriSign Class 3 Public Primary Certification Authority - G5 Organization VeriSign, Inc. Organizational Unit VeriSign Trust Network Organizational Unit (c) 2006 VeriSign, Inc. - For authorized use only Country United States Subject Properties: Common Name VeriSign Class 3 Secure Server CA - G3 Organization VeriSign, Inc. Organizational Unit VeriSign Trust Network Organizational Unit Terms of use at https://www.verisign.com/rpa (c)10 Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Certificate Authorities / www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 8F 07 93 3F 23 98 60 92 0F 2F D0 B4 BA EB FC 46 Validity 17.04.1997 - 25.10.2016 Issuer Properties: Organization VeriSign, Inc. Organizational Unit Class 3 Public Primary Certification Authority Country United States Subject Properties: Organization VeriSign Trust Network Organizational Unit VeriSign, Inc. Organizational Unit VeriSign International Server CA - Class 3 Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Baltimore CyberTrust Root ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number B9 00 00 02 Validity 12.05.2000 - 13.05.2025 Issuer Properties: Common Name Baltimore CyberTrust Root Organization Baltimore Organizational Unit CyberTrust Country Ireland Subject Properties: Common Name Baltimore CyberTrust Root Organization Baltimore Organizational Unit CyberTrust Country Ireland Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / CertPlus Class 2 Primary CA ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 23 44 A5 C3 5F D7 94 F6 69 E3 DA D8 F3 4B BD 85 00 Validity 07.07.1999 - 07.07.2019 Issuer Properties: Common Name Class 2 Primary CA Organization Certplus Country France Subject Properties: Common Name Class 2 Primary CA Organization Certplus Country France Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / DigiCert ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 39 30 F0 1B FC 60 E5 8F FE 46 D8 17 E5 E0 E7 0C Validity 10.11.2006 - 10.11.2031 Issuer Properties: Common Name DigiCert Assured ID Root CA Organization DigiCert Inc Organizational Unit www.digicert.com Country United States Subject Properties: Common Name DigiCert Assured ID Root CA Organization DigiCert Inc Organizational Unit www.digicert.com Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / DigiCert ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 4A C7 91 59 C9 6A 75 A1 B1 46 42 90 56 E0 3B 08 Validity 10.11.2006 - 10.11.2031 Issuer Properties: Common Name DigiCert Global Root CA Organization DigiCert Inc Organizational Unit www.digicert.com Country United States Subject Properties: Common Name DigiCert Global Root CA Organization DigiCert Inc Organizational Unit www.digicert.com Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / DigiCert ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 77 25 46 AE F2 79 0B 8F 9B 40 0B 6A 26 5C AC 02 Validity 10.11.2006 - 10.11.2031 Issuer Properties: Common Name DigiCert High Assurance EV Root CA Organization DigiCert Inc Organizational Unit www.digicert.com Country United States Subject Properties: Common Name DigiCert High Assurance EV Root CA Organization DigiCert Inc Organizational Unit www.digicert.com Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Disc Soft Ltd ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number E5 6D F9 82 4B 16 13 DB 8D 5F B9 9A 60 05 64 35 21 11 Validity 29.05.2012 - 30.05.2015 Issuer Properties: Common Name GlobalSign CodeSigning CA - G2 Organization GlobalSign nv-sa Country Belgium Subject Properties: Common Name Disc Soft Ltd Organization Disc Soft Ltd Country Belize Locality Name Belize city State/Province Belize E-mail Address finpr@disc-soft.com Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Entrust (2048) ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number F8 DE 63 38 Validity 24.12.1999 - 24.07.2029 Issuer Properties: Common Name Entrust.net Certification Authority (2048) Organization Entrust.net Organizational Unit www.entrust.net/CPS_2048 incorp. by ref. (limits liab.) Organizational Unit (c) 1999 Entrust.net Limited Subject Properties: Common Name Entrust.net Certification Authority (2048) Organization Entrust.net Organizational Unit www.entrust.net/CPS_2048 incorp. by ref. (limits liab.) Organizational Unit (c) 1999 Entrust.net Limited Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Entrust ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 43 D2 4A 37 Validity 25.05.1999 - 25.05.2019 Issuer Properties: Common Name Entrust.net Secure Server Certification Authority Organization Entrust.net Organizational Unit www.entrust.net/CPS incorp. by ref. (limits liab.) Organizational Unit (c) 1999 Entrust.net Limited Country United States Subject Properties: Common Name Entrust.net Secure Server Certification Authority Organization Entrust.net Organizational Unit www.entrust.net/CPS incorp. by ref. (limits liab.) Organizational Unit (c) 1999 Entrust.net Limited Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Entrust ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 54 50 6B 45 Validity 27.11.2006 - 27.11.2026 Issuer Properties: Common Name Entrust Root Certification Authority Organization Entrust, Inc. Organizational Unit www.entrust.net/CPS is incorporated by reference Organizational Unit (c) 2006 Entrust, Inc. Country United States Subject Properties: Common Name Entrust Root Certification Authority Organization Entrust, Inc. Organizational Unit www.entrust.net/CPS is incorporated by reference Organizational Unit (c) 2006 Entrust, Inc. Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / GeoTrust Global CA ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 56 34 02 Validity 21.05.2002 - 21.05.2022 Issuer Properties: Common Name GeoTrust Global CA Organization GeoTrust Inc. Country United States Subject Properties: Common Name GeoTrust Global CA Organization GeoTrust Inc. Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / GeoTrust ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number CF F4 DE 35 Validity 22.08.1998 - 22.08.2018 Issuer Properties: Organization Equifax Organizational Unit Equifax Secure Certificate Authority Country United States Subject Properties: Organization Equifax Organizational Unit Equifax Secure Certificate Authority Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / GlobalSign ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 94 C3 5A 4B 15 01 00 00 00 00 04 Validity 01.09.1998 - 28.01.2028 Issuer Properties: Common Name GlobalSign Root CA Organization GlobalSign nv-sa Organizational Unit Root CA Country Belgium Subject Properties: Common Name GlobalSign Root CA Organization GlobalSign nv-sa Organizational Unit Root CA Country Belgium Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Go Daddy Class 2 Certification Authority ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 00 Validity 29.06.2004 - 29.06.2034 Issuer Properties: Organization The Go Daddy Group, Inc. Organizational Unit Go Daddy Class 2 Certification Authority Country United States Subject Properties: Organization The Go Daddy Group, Inc. Organizational Unit Go Daddy Class 2 Certification Authority Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Go Daddy Root Certificate Authority – G2 ] Certificate Properties: Version V3 Signature Algorithm SHA256 RSA (1.2.840.113549.1.1.11) Serial Number 00 Validity 01.09.2009 - 01.01.2038 Issuer Properties: Common Name Go Daddy Root Certificate Authority - G2 Organization GoDaddy.com, Inc. Country United States Locality Name Scottsdale State/Province Arizona Subject Properties: Common Name Go Daddy Root Certificate Authority - G2 Organization GoDaddy.com, Inc. Country United States Locality Name Scottsdale State/Province Arizona Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / GTE CyberTrust Global Root ] Certificate Properties: Version V1 Signature Algorithm MD5 RSA (1.2.840.113549.1.1.4) Serial Number A5 01 Validity 13.08.1998 - 14.08.2018 Issuer Properties: Common Name GTE CyberTrust Global Root Organization GTE Corporation Organizational Unit GTE CyberTrust Solutions, Inc. Country United States Subject Properties: Common Name GTE CyberTrust Global Root Organization GTE Corporation Organizational Unit GTE CyberTrust Solutions, Inc. Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Microsoft Authenticode(tm) Root ] Certificate Properties: Version V3 Signature Algorithm MD5 RSA (1.2.840.113549.1.1.4) Serial Number 01 Validity 01.01.1995 - 01.01.2000 Issuer Properties: Common Name Microsoft Authenticode(tm) Root Authority Organization MSFT Country United States Subject Properties: Common Name Microsoft Authenticode(tm) Root Authority Organization MSFT Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Microsoft Root Authority ] Certificate Properties: Version V3 Signature Algorithm MD5 RSA (1.2.840.113549.1.1.4) Serial Number 40 DF EC 63 F6 3E D1 11 88 3C 3C 8B 00 C1 00 Validity 10.01.1997 - 31.12.2020 Issuer Properties: Common Name Microsoft Root Authority Organizational Unit Copyright (c) 1997 Microsoft Corp. Organizational Unit Microsoft Corporation Subject Properties: Common Name Microsoft Root Authority Organizational Unit Copyright (c) 1997 Microsoft Corp. Organizational Unit Microsoft Corporation Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Microsoft Root Certificate Authority 2010 ] Certificate Properties: Version V3 Signature Algorithm SHA256 RSA (1.2.840.113549.1.1.11) Serial Number AA 39 43 6B 58 9B 9A 44 AC 44 BA BF 25 3A CC 28 Validity 24.06.2010 - 24.06.2035 Issuer Properties: Common Name Microsoft Root Certificate Authority 2010 Organization Microsoft Corporation Country United States Locality Name Redmond State/Province Washington Subject Properties: Common Name Microsoft Root Certificate Authority 2010 Organization Microsoft Corporation Country United States Locality Name Redmond State/Province Washington Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Microsoft Root Certificate Authority 2011 ] Certificate Properties: Version V3 Signature Algorithm SHA256 RSA (1.2.840.113549.1.1.11) Serial Number 44 E1 42 6C D6 69 B5 43 96 B2 9F FC B5 C8 8B 3F Validity 23.03.2011 - 23.03.2036 Issuer Properties: Common Name Microsoft Root Certificate Authority 2011 Organization Microsoft Corporation Country United States Locality Name Redmond State/Province Washington Subject Properties: Common Name Microsoft Root Certificate Authority 2011 Organization Microsoft Corporation Country United States Locality Name Redmond State/Province Washington Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Microsoft Root Certificate Authority 2011 ] Certificate Properties: Version V3 Signature Algorithm SHA256 RSA (1.2.840.113549.1.1.11) Serial Number 44 E1 42 6C D6 69 B5 43 96 B2 9F FC B5 C8 8B 3F Validity 23.03.2011 - 23.03.2036 Issuer Properties: Common Name Microsoft Root Certificate Authority 2011 Organization Microsoft Corporation Country United States Locality Name Redmond State/Province Washington Subject Properties: Common Name Microsoft Root Certificate Authority 2011 Organization Microsoft Corporation Country United States Locality Name Redmond State/Province Washington Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Microsoft Root Certificate Authority ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 65 2E 13 07 F4 58 73 4C AD A5 A0 4A A1 16 AD 79 Validity 10.05.2001 - 10.05.2021 Issuer Properties: Common Name Microsoft Root Certificate Authority Subject Properties: Common Name Microsoft Root Certificate Authority Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Microsoft Timestamp Root ] Certificate Properties: Version V1 Signature Algorithm MD5 RSA (1.2.840.113549.1.1.4) Serial Number 01 Validity 13.05.1997 - 31.12.1999 Issuer Properties: Organization Microsoft Trust Network Organizational Unit Microsoft Corporation Organizational Unit Microsoft Time Stamping Service Root Subject Properties: Organization Microsoft Trust Network Organizational Unit Microsoft Corporation Organizational Unit Microsoft Time Stamping Service Root Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / QuoVadis Root CA 2 ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 09 05 Validity 24.11.2006 - 24.11.2031 Issuer Properties: Common Name QuoVadis Root CA 2 Organization QuoVadis Limited Country Bermuda Subject Properties: Common Name QuoVadis Root CA 2 Organization QuoVadis Limited Country Bermuda Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Skype Click to Call ] Certificate Properties: Version V3 Signature Algorithm SHA256 RSA (1.2.840.113549.1.1.11) Serial Number D3 33 57 27 86 0B 78 48 B2 5A CD 89 D7 B5 9D 38 Validity 26.12.2014 - 26.12.2034 Issuer Properties: Common Name localhost Organization Skype Click to Call Organizational Unit Skype Click to Call Subject Properties: Common Name localhost Organization Skype Click to Call Organizational Unit Skype Click to Call Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Starfield Class 2 Certification Authority ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 00 Validity 29.06.2004 - 29.06.2034 Issuer Properties: Organization Starfield Technologies, Inc. Organizational Unit Starfield Class 2 Certification Authority Country United States Subject Properties: Organization Starfield Technologies, Inc. Organizational Unit Starfield Class 2 Certification Authority Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Starfield Root Certificate Authority – G2 ] Certificate Properties: Version V3 Signature Algorithm SHA256 RSA (1.2.840.113549.1.1.11) Serial Number 00 Validity 01.09.2009 - 01.01.2038 Issuer Properties: Common Name Starfield Root Certificate Authority - G2 Organization Starfield Technologies, Inc. Country United States Locality Name Scottsdale State/Province Arizona Subject Properties: Common Name Starfield Root Certificate Authority - G2 Organization Starfield Technologies, Inc. Country United States Locality Name Scottsdale State/Province Arizona Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Starfield Technologies Inc. ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 00 Validity 02.06.2008 - 01.01.2030 Issuer Properties: Common Name Starfield Services Root Certificate Authority Organization Starfield Technologies, Inc. Organizational Unit http://certificates.starfieldtech.com/repository/ Country United States Locality Name Scottsdale State/Province Arizona Subject Properties: Common Name Starfield Services Root Certificate Authority Organization Starfield Technologies, Inc. Organizational Unit http://certificates.starfieldtech.com/repository/ Country United States Locality Name Scottsdale State/Province Arizona Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Starfield Technologies ] Certificate Properties: Version V1 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 01 Validity 26.06.1999 - 26.06.2019 Issuer Properties: Common Name http://www.valicert.com/ Organization ValiCert, Inc. Organizational Unit ValiCert Class 2 Policy Validation Authority Locality Name ValiCert Validation Network E-mail Address info@valicert.com Subject Properties: Common Name http://www.valicert.com/ Organization ValiCert, Inc. Organizational Unit ValiCert Class 2 Policy Validation Authority Locality Name ValiCert Validation Network E-mail Address info@valicert.com Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / StartCom Certification Authority ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 01 Validity 17.09.2006 - 17.09.2036 Issuer Properties: Common Name StartCom Certification Authority Organization StartCom Ltd. Organizational Unit Secure Digital Certificate Signing Country Israel Subject Properties: Common Name StartCom Certification Authority Organization StartCom Ltd. Organizational Unit Secure Digital Certificate Signing Country Israel Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Thawte Timestamping CA ] Certificate Properties: Version V3 Signature Algorithm MD5 RSA (1.2.840.113549.1.1.4) Serial Number 00 Validity 01.01.1997 - 01.01.2021 Issuer Properties: Common Name Thawte Timestamping CA Organization Thawte Organizational Unit Thawte Certification Country South Africa Locality Name Durbanville State/Province Western Cape Subject Properties: Common Name Thawte Timestamping CA Organization Thawte Organizational Unit Thawte Certification Country South Africa Locality Name Durbanville State/Province Western Cape Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / thawte ] Certificate Properties: Version V3 Signature Algorithm MD5 RSA (1.2.840.113549.1.1.4) Serial Number 01 Validity 01.08.1996 - 01.01.2021 Issuer Properties: Common Name Thawte Premium Server CA Organization Thawte Consulting cc Organizational Unit Certification Services Division Country South Africa Locality Name Cape Town State/Province Western Cape E-mail Address premium-server@thawte.com Subject Properties: Common Name Thawte Premium Server CA Organization Thawte Consulting cc Organizational Unit Certification Services Division Country South Africa Locality Name Cape Town State/Province Western Cape E-mail Address premium-server@thawte.com Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / thawte ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 6D 2B DB 37 CE 2F F4 49 EC ED D5 20 57 D5 4E 34 Validity 17.11.2006 - 17.07.2036 Issuer Properties: Common Name thawte Primary Root CA Organization thawte, Inc. Organizational Unit Certification Services Division Organizational Unit (c) 2006 thawte, Inc. - For authorized use only Country United States Subject Properties: Common Name thawte Primary Root CA Organization thawte, Inc. Organizational Unit Certification Services Division Organizational Unit (c) 2006 thawte, Inc. - For authorized use only Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / Trustwave ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number D0 59 18 27 EB F0 7F 42 AD A5 16 08 5C 8E F0 0C Validity 07.11.2006 - 31.12.2029 Issuer Properties: Common Name SecureTrust CA Organization SecureTrust Corporation Country United States Subject Properties: Common Name SecureTrust CA Organization SecureTrust Corporation Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / USERTrust ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 69 AD A9 06 68 2A D3 11 B4 21 00 50 8B 0C BE 44 Validity 24.06.1999 - 24.06.2019 Issuer Properties: Common Name UTN - DATACorp SGC Organization The USERTRUST Network Organizational Unit http://www.usertrust.com Country United States Locality Name Salt Lake City State/Province UT Subject Properties: Common Name UTN - DATACorp SGC Organization The USERTRUST Network Organizational Unit http://www.usertrust.com Country United States Locality Name Salt Lake City State/Province UT Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / USERTrust ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 1B 5F B3 E0 2D 36 D3 11 B4 24 00 50 8B 0C BE 44 Validity 09.07.1999 - 09.07.2019 Issuer Properties: Common Name UTN-USERFirst-Object Organization The USERTRUST Network Organizational Unit http://www.usertrust.com Country United States Locality Name Salt Lake City State/Province UT Subject Properties: Common Name UTN-USERFirst-Object Organization The USERTRUST Network Organizational Unit http://www.usertrust.com Country United States Locality Name Salt Lake City State/Province UT Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / USERTrust ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 01 Validity 30.05.2000 - 30.05.2020 Issuer Properties: Common Name AddTrust External CA Root Organization AddTrust AB Organizational Unit AddTrust External TTP Network Country Sweden Subject Properties: Common Name AddTrust External CA Root Organization AddTrust AB Organizational Unit AddTrust External TTP Network Country Sweden Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / VeriSign Class 3 Public Primary CA ] Certificate Properties: Version V1 Signature Algorithm MD2 RSA (1.2.840.113549.1.1.2) Serial Number BF BA CC 03 7B CA 38 B6 34 29 D9 10 1D E4 BA 70 Validity 29.01.1996 - 02.08.2028 Issuer Properties: Organization VeriSign, Inc. Organizational Unit Class 3 Public Primary Certification Authority Country United States Subject Properties: Organization VeriSign, Inc. Organizational Unit Class 3 Public Primary Certification Authority Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / VeriSign Class 3 Public Primary Certification Authority - G4 ] Certificate Properties: Version V3 Signature Algorithm 1.2.840.10045.4.3.3 Serial Number B3 AC 87 91 28 12 67 48 0F 22 0E 8C 23 FE 80 2F Validity 05.11.2007 - 19.01.2038 Issuer Properties: Common Name VeriSign Class 3 Public Primary Certification Authority - G4 Organization VeriSign, Inc. Organizational Unit VeriSign Trust Network Organizational Unit (c) 2007 VeriSign, Inc. - For authorized use only Country United States Subject Properties: Common Name VeriSign Class 3 Public Primary Certification Authority - G4 Organization VeriSign, Inc. Organizational Unit VeriSign Trust Network Organizational Unit (c) 2007 VeriSign, Inc. - For authorized use only Country United States Public Key Properties: Public Key Algorithm 1.2.840.10045.2.1 [ Root Certificates / VeriSign Time Stamping CA ] Certificate Properties: Version V1 Signature Algorithm MD5 RSA (1.2.840.113549.1.1.4) Serial Number A3 DC 5D 15 5F 73 5D A5 1C 59 82 8C 38 D2 19 4A Validity 12.05.1997 - 08.01.2004 Issuer Properties: Organization VeriSign Trust Network Organizational Unit VeriSign, Inc. Organizational Unit VeriSign Time Stamping Service Root Organizational Unit NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. Subject Properties: Organization VeriSign Trust Network Organizational Unit VeriSign, Inc. Organizational Unit VeriSign Time Stamping Service Root Organizational Unit NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) [ Root Certificates / VeriSign ] Certificate Properties: Version V3 Signature Algorithm SHA1 RSA (1.2.840.113549.1.1.5) Serial Number 4A 3B 6B CC CD 58 21 4A BB E8 7D 26 9E D1 DA 18 Validity 08.11.2006 - 17.07.2036 Issuer Properties: Common Name VeriSign Class 3 Public Primary Certification Authority - G5 Organization VeriSign, Inc. Organizational Unit VeriSign Trust Network Organizational Unit (c) 2006 VeriSign, Inc. - For authorized use only Country United States Subject Properties: Common Name VeriSign Class 3 Public Primary Certification Authority - G5 Organization VeriSign, Inc. Organizational Unit VeriSign Trust Network Organizational Unit (c) 2006 VeriSign, Inc. - For authorized use only Country United States Public Key Properties: Public Key Algorithm RSA (1.2.840.113549.1.1.1) --------[ UpTime ]------------------------------------------------------------------------------------------------------ Current Session: Last Shutdown Time 10.04.2015 19:37:08 Last Boot Time 10.04.2015 19:39:42 Current Time 10.04.2015 20:22:17 UpTime 2572 sec (0 days, 0 hours, 42 min, 52 sec) UpTime Statistics: First Boot Time 23.12.2014 22:12:23 First Shutdown Time 23.12.2014 22:16:24 Total UpTime 1884021 sec (21 days, 19 hours, 20 min, 21 sec) Total DownTime 7440590 sec (86 days, 2 hours, 49 min, 50 sec) Longest UpTime 84935 sec (0 days, 23 hours, 35 min, 35 sec) Longest DownTime 153505 sec (1 days, 18 hours, 38 min, 25 sec) Total Reboots 266 System Availability 20.20% Bluescreen Statistics: Total Bluescreens 0 Information: Information The above statistics are based on System Event Log entries --------[ Share ]------------------------------------------------------------------------------------------------------- Kick-Ass.2.2013.BRRip.XviD.AC3.RoSubbed-playXD Folder D:\BitComet\Downloads\Kick-Ass.2.2013.BRRip.XviD.AC3.RoSubbed-playXD Users Folder C:\Users [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] ADMIN$ Folder Remote Admin C:\Windows C$ Folder Default share C:\ [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] print$ Folder Printer Drivers C:\Windows\system32\spool\drivers IPC$ IPC Remote IPC --------[ Account Security ]-------------------------------------------------------------------------------------------- Account Security Properties: Computer Role Primary Domain Name ALEX-PC Primary Domain Controller Not Specified Forced Logoff Time Disabled Min / Max Password Age 0 / 42 days Minimum Password Length 0 chars Password History Length Disabled Lockout Threshold Disabled Lockout Duration 30 min Lockout Observation Window 30 min --------[ Logon ]------------------------------------------------------------------------------------------------------- ALEX ALEX-PC ALEX-PC ALEX ALEX-PC ALEX-PC --------[ Users ]------------------------------------------------------------------------------------------------------- [ Administrator ] User Properties: User Name Administrator Full Name Administrator Comment Built-in account for administering the computer/domain Member Of Groups HomeUsers; Administrators Logon Count 4 Disk Quota - User Features: Logon Script Executed Yes Account Disabled Yes Locked Out User No Home Folder Required No Password Required Yes Read-Only Password No Password Never Expires Yes [ ALEX ] User Properties: User Name ALEX Full Name ALEX Member Of Groups HomeUsers; Administrators Logon Count 263 Disk Quota - User Features: Logon Script Executed Yes Account Disabled No Locked Out User No Home Folder Required No Password Required No Read-Only Password No Password Never Expires Yes [ Guest ] User Properties: User Name Guest Full Name Guest Comment Built-in account for guest access to the computer/domain Member Of Groups Guests Logon Count 0 Disk Quota - User Features: Logon Script Executed Yes Account Disabled Yes Locked Out User No Home Folder Required No Password Required No Read-Only Password Yes Password Never Expires Yes [ HomeGroupUser$ ] User Properties: User Name HomeGroupUser$ Full Name HomeGroupUser$ Comment Built-in account for homegroup access to the computer Member Of Groups HomeUsers Logon Count 0 Disk Quota - User Features: Logon Script Executed Yes Account Disabled No Locked Out User No Home Folder Required No Password Required Yes Read-Only Password No Password Never Expires Yes --------[ Local Groups ]------------------------------------------------------------------------------------------------ [ Administrators ] Local Group Properties: Comment Administrators have complete and unrestricted access to the computer/domain Group Members: Administrator ALEX [ Backup Operators ] Local Group Properties: Comment Backup Operators can override security restrictions for the sole purpose of backing up or restoring files [ Cryptographic Operators ] Local Group Properties: Comment Members are authorized to perform cryptographic operations. [ Distributed COM Users ] Local Group Properties: Comment Members are allowed to launch, activate and use Distributed COM objects on this machine. [ Event Log Readers ] Local Group Properties: Comment Members of this group can read event logs from local machine [ Guests ] Local Group Properties: Comment Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted Group Members: Guest [ HomeUsers ] Local Group Properties: Comment HomeUsers Security Group Group Members: Administrator ALEX HomeGroupUser$ HomeGroupUser$ [ IIS_IUSRS ] Local Group Properties: Comment Built-in group used by Internet Information Services. Group Members: IUSR [ Network Configuration Operators ] Local Group Properties: Comment Members in this group can have some administrative privileges to manage configuration of networking features [ Performance Log Users ] Local Group Properties: Comment Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer [ Performance Monitor Users ] Local Group Properties: Comment Members of this group can access performance counter data locally and remotely [ Power Users ] Local Group Properties: Comment Power Users are included for backwards compatibility and possess limited administrative powers [ Remote Desktop Users ] Local Group Properties: Comment Members in this group are granted the right to logon remotely [ Replicator ] Local Group Properties: Comment Supports file replication in a domain [ Users ] Local Group Properties: Comment Users are prevented from making accidental or intentional system-wide changes and can run most applications Group Members: Authenticated Users INTERACTIVE --------[ Global Groups ]----------------------------------------------------------------------------------------------- [ None ] Global Group Properties: Comment Ordinary users Group Members: Administrator ALEX Guest HomeGroupUser$ HomeGroupUser$ --------[ Windows Video ]----------------------------------------------------------------------------------------------- [ NVIDIA GeForce 210 ] Video Adapter Properties: Device Description NVIDIA GeForce 210 Adapter String GeForce 210 BIOS String Version 70.18.5f.0.0 Chip Type GeForce 210 DAC Type Integrated RAMDAC Driver Date 03.02.2015 Driver Version 9.18.13.4144 - nVIDIA ForceWare 341.44 Driver Provider NVIDIA Memory Size 1 GB Installed Drivers: nvd3dum 9.18.13.4144 - nVIDIA ForceWare 341.44 nvwgf2um 9.18.13.4144 nvwgf2um 9.18.13.4144 Video Adapter Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ NVIDIA GeForce 210 ] Video Adapter Properties: Device Description NVIDIA GeForce 210 Adapter String GeForce 210 BIOS String Version 70.18.5f.0.0 Chip Type GeForce 210 DAC Type Integrated RAMDAC Driver Date 03.02.2015 Driver Version 9.18.13.4144 - nVIDIA ForceWare 341.44 Driver Provider NVIDIA Memory Size 1 GB Installed Drivers: nvd3dum 9.18.13.4144 - nVIDIA ForceWare 341.44 nvwgf2um 9.18.13.4144 nvwgf2um 9.18.13.4144 Video Adapter Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates --------[ PCI / AGP Video ]--------------------------------------------------------------------------------------------- nVIDIA GeForce 210 Video Adapter nVIDIA GeForce 210 3D Accelerator --------[ GPU ]--------------------------------------------------------------------------------------------------------- [ PCI Express 2.0 x16: nVIDIA GeForce 210 ] Graphics Processor Properties: Video Adapter nVIDIA GeForce 210 BIOS Version 70.18.5F.00 BIOS Date 11.05.2011 GPU Code Name GT218 PCI Device 10DE-0A65 / 0000-0000 (Rev B1) Transistors 260 million Process Technology 40 nm Die Size 57 mm2 Bus Type PCI Express 2.0 x16 @ 1.1 x16 Memory Size 1 GB GPU Clock (Geometric Domain) 589 MHz (original: 589 MHz) GPU Clock (Shader Domain) 1401 MHz (original: 1402 MHz) RAMDAC Clock 400 MHz Pixel Pipelines 4 Texture Mapping Units 8 Unified Shaders 16 (v4.1) DirectX Hardware Support DirectX v10.1 WDDM Version WDDM 1.1 Memory Bus Properties: Bus Type DDR3 Bus Width 64-bit Real Clock 499 MHz (DDR) (original: 500 MHz) Effective Clock 999 MHz Bandwidth [ TRIAL VERSION ] Architecture: Architecture nVIDIA Tesla Streaming Multiprocessors (SM) 2 L1 Texture Cache 24 KB per multiprocessor Local Data Share 16 KB Theoretical Peak Performance: Pixel Fillrate 2356 MPixel/s @ 589 MHz Texel Fillrate [ TRIAL VERSION ] Single-Precision FLOPS 44.8 GFLOPS @ 1401 MHz Double-Precision FLOPS [ TRIAL VERSION ] 24-bit Integer IOPS 44.8 GIOPS @ 1401 MHz 32-bit Integer IOPS 9.0 GIOPS @ 1401 MHz Utilization: GPU 12% Memory Controller 12% Video Engine 0% Dedicated Memory 101 MB Dynamic Memory 18 MB nVIDIA ForceWare Clocks: Standard 2D GPU: 135 MHz, Shader: 270 MHz, Memory: 135 MHz Low-Power 3D GPU: 405 MHz, Shader: 810 MHz, Memory: 324 MHz Performance 3D GPU: 589 MHz, Shader: 1402 MHz, Memory: 500 MHz Graphics Processor Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates nVIDIA GPU Registers: nv-000000 0A8280B1 nv-0010F0 00000000 nv-001218 00000000 nv-001538 00011111 nv-001540 F3010001 nv-0015F4 00000000 nv-0015F8 00000000 nv-0015FC 00000000 nv-001600 00000000 nv-001704 4003FFC4 nv-001714 00000000 nv-001850 00000000 nv-004000 18010115 nv-004004 0003250A nv-004008 80000000 nv-00400C 00000000 nv-004018 10005000 nv-00401C 00000000 nv-004020 00000000 nv-004024 00000000 nv-004028 00000000 nv-00402C 00000000 nv-004120 00063131 nv-004124 00063131 nv-004128 00063121 nv-004200 00010015 nv-004220 00010015 nv-00C040 20001000 nv-00E114 00000001 nv-00E118 00000000 nv-00E11C 00000001 nv-00E120 00000000 nv-00E728 00000000 nv-00E820 01010015 nv-00E8A0 01010015 nv-020008 C0083774 nv-020014 FA580387 nv-020400 0000003A nv-088000 0A6510DE nv-08A000 0BE310DE nv-100000 00000042 nv-100200 00223000 nv-10020C 40000000 nv-100214 00000000 nv-100228 05040707 nv-10022C 372D1206 nv-100230 14030D0D nv-100238 00610551 nv-10023C 0F060202 nv-100240 111D0700 nv-100474 00000000 nv-100714 F0000011 nv-100914 00000000 nv-101000 8040948A nv-10100C 8001B010 nv-300000 EB7DAA55 nv-310000 EB7DAA55 nv-700000 420097F1 nv-7E0000 EB7DAA55 [ nVIDIA SLI ] nVIDIA SLI: SLI Status Disabled --------[ Monitor ]----------------------------------------------------------------------------------------------------- [ LG L1718S ] Monitor Properties: Monitor Name LG L1718S Monitor ID GSM443C Model L1718S Monitor Type 17" LCD (SXGA) Manufacture Date Week 50 / 2006 Serial Number 165041367 Max. Visible Display Size 338 mm x 270 mm (17.0") Picture Aspect Ratio 5:4 Horizontal Frequency 30 - 83 kHz Vertical Frequency 50 - 75 Hz Maximum Pixel Clock 140 MHz Maximum Resolution 1280 x 1024 Gamma 2.20 DPMS Mode Support Standby, Suspend, Active-Off Supported Video Modes: 640 x 480 60 Hz 640 x 480 67 Hz 640 x 480 72 Hz 640 x 480 75 Hz 720 x 400 70 Hz 800 x 600 56 Hz 800 x 600 60 Hz 800 x 600 72 Hz 800 x 600 75 Hz 832 x 624 75 Hz 1024 x 768 60 Hz 1024 x 768 72 Hz 1024 x 768 75 Hz 1152 x 870 75 Hz 1280 x 1024 60 Hz 1280 x 1024 75 Hz 1280 x 1024 Pixel Clock: 108.00 MHz Monitor Manufacturer: Company Name LG Electronics Product Information http://www.lg.com/us/monitors Driver Download http://www.lg.com/us/support Driver Update http://www.aida64.com/driver-updates --------[ Desktop ]----------------------------------------------------------------------------------------------------- Desktop Properties: Device Technology Raster Display Resolution 1280 x 1024 Color Depth 32-bit Color Planes 1 Font Resolution 96 dpi Pixel Width / Height 36 / 36 Pixel Diagonal 51 Vertical Refresh Rate 60 Hz Desktop Wallpaper C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Desktop Effects: Combo-Box Animation Enabled Drop Shadow Effect Enabled Flat Menu Effect Enabled Font Smoothing Enabled ClearType Enabled Full Window Dragging Enabled Gradient Window Title Bars Enabled Hide Menu Access Keys Enabled Hot Tracking Effect Enabled Icon Title Wrapping Enabled List-Box Smooth Scrolling Enabled Menu Animation Enabled Menu Fade Effect Enabled Minimize/Restore Animation Enabled Mouse Cursor Shadow Enabled Selection Fade Effect Enabled ShowSounds Accessibility Feature Disabled ToolTip Animation Enabled ToolTip Fade Effect Enabled Windows Aero Enabled Windows Plus! Extension Disabled --------[ Multi-Monitor ]----------------------------------------------------------------------------------------------- \\.\DISPLAY1 Yes (0,0) (1280,1024) --------[ Video Modes ]------------------------------------------------------------------------------------------------- 640 x 480 8-bit 60 Hz 640 x 480 8-bit 72 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 640 x 480 16-bit 60 Hz 640 x 480 16-bit 72 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 640 x 480 32-bit 60 Hz 640 x 480 32-bit 72 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 480 8-bit 56 Hz 720 x 480 8-bit 56 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 480 8-bit 60 Hz 720 x 480 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 480 8-bit 72 Hz 720 x 480 8-bit 72 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 480 8-bit 75 Hz 720 x 480 8-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 480 16-bit 56 Hz 720 x 480 16-bit 56 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 480 16-bit 60 Hz 720 x 480 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 480 16-bit 72 Hz 720 x 480 16-bit 72 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 480 16-bit 75 Hz 720 x 480 16-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 480 32-bit 56 Hz 720 x 480 32-bit 56 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 480 32-bit 60 Hz 720 x 480 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 480 32-bit 72 Hz 720 x 480 32-bit 72 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 480 32-bit 75 Hz 720 x 480 32-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 576 8-bit 56 Hz 720 x 576 8-bit 56 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 576 8-bit 60 Hz 720 x 576 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 576 8-bit 72 Hz 720 x 576 8-bit 72 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 576 8-bit 75 Hz 720 x 576 8-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 576 16-bit 56 Hz 720 x 576 16-bit 56 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 576 16-bit 60 Hz 720 x 576 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 576 16-bit 72 Hz 720 x 576 16-bit 72 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 576 16-bit 75 Hz 720 x 576 16-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 576 32-bit 56 Hz 720 x 576 32-bit 56 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 576 32-bit 60 Hz 720 x 576 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 576 32-bit 72 Hz 720 x 576 32-bit 72 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 720 x 576 32-bit 75 Hz 720 x 576 32-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 800 x 600 8-bit 56 Hz 800 x 600 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 800 x 600 8-bit 75 Hz 800 x 600 16-bit 56 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 800 x 600 16-bit 72 Hz 800 x 600 16-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 800 x 600 32-bit 60 Hz 800 x 600 32-bit 72 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1024 x 768 8-bit 60 Hz 1024 x 768 8-bit 70 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1024 x 768 16-bit 60 Hz 1024 x 768 16-bit 70 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1024 x 768 32-bit 60 Hz 1024 x 768 32-bit 70 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1152 x 864 8-bit 60 Hz 1152 x 864 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1152 x 864 8-bit 75 Hz 1152 x 864 8-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1152 x 864 16-bit 60 Hz 1152 x 864 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1152 x 864 16-bit 75 Hz 1152 x 864 16-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1152 x 864 32-bit 60 Hz 1152 x 864 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1152 x 864 32-bit 75 Hz 1152 x 864 32-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 720 8-bit 60 Hz 1280 x 720 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 720 8-bit 75 Hz 1280 x 720 8-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 720 16-bit 60 Hz 1280 x 720 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 720 16-bit 75 Hz 1280 x 720 16-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 720 32-bit 60 Hz 1280 x 720 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 720 32-bit 75 Hz 1280 x 720 32-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 768 8-bit 60 Hz 1280 x 768 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 768 8-bit 75 Hz 1280 x 768 8-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 768 16-bit 60 Hz 1280 x 768 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 768 16-bit 75 Hz 1280 x 768 16-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 768 32-bit 60 Hz 1280 x 768 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 768 32-bit 75 Hz 1280 x 768 32-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 800 8-bit 60 Hz 1280 x 800 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 800 8-bit 75 Hz 1280 x 800 8-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 800 16-bit 60 Hz 1280 x 800 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 800 16-bit 75 Hz 1280 x 800 16-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 800 32-bit 60 Hz 1280 x 800 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 800 32-bit 75 Hz 1280 x 800 32-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 960 8-bit 60 Hz 1280 x 960 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 960 8-bit 75 Hz 1280 x 960 8-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 960 16-bit 60 Hz 1280 x 960 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 960 16-bit 75 Hz 1280 x 960 16-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 960 32-bit 60 Hz 1280 x 960 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 960 32-bit 75 Hz 1280 x 960 32-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 1024 8-bit 60 Hz 1280 x 1024 8-bit 75 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 1024 16-bit 75 Hz 1280 x 1024 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] --------[ OpenGL ]------------------------------------------------------------------------------------------------------ OpenGL Properties: Vendor NVIDIA Corporation Renderer GeForce 210/PCIe/SSE2 Version 3.3.0 Shading Language Version 3.30 NVIDIA via Cg compiler OpenGL DLL 6.1.7600.16385(win7_rtm.090713-1255) ICD Driver nvoglv32.dll (9.18.13.4144 - nVIDIA ForceWare 341.44) Multitexture Texture Units 4 Occlusion Query Counter Bits 32 Sub-Pixel Precision 8-bit Max Viewport Size 8192 x 8192 Max Cube Map Texture Size 8192 x 8192 Max Rectangle Texture Size 8192 x 8192 Max 3D Texture Size 2048 x 2048 x 2048 Max Anisotropy 16 Max Clipping Planes 8 Max Display-List Nesting Level 64 Max Draw Buffers 8 Max Evaluator Order 8 Max General Register Combiners 8 Max Light Sources 8 Max Pixel Map Table Size 65536 Min / Max Program Texel Offset -8 / 7 Max Texture Array Layers 512 Max Texture LOD Bias 15 Max Vertex Array Range Element Size 1048575 OpenGL Compliancy: OpenGL 1.1 Yes (100%) OpenGL 1.2 Yes (100%) OpenGL 1.3 Yes (100%) OpenGL 1.4 Yes (100%) OpenGL 1.5 Yes (100%) OpenGL 2.0 Yes (100%) OpenGL 2.1 Yes (100%) OpenGL 3.0 Yes (100%) OpenGL 3.1 Yes (100%) OpenGL 3.2 Yes (100%) OpenGL 3.3 Yes (100%) OpenGL 4.0 No (38%) OpenGL 4.1 No (57%) OpenGL 4.2 No (66%) OpenGL 4.3 No (69%) OpenGL 4.4 No (55%) OpenGL 4.5 No (0%) Max Stack Depth: Attribute Stack 16 Client Attribute Stack 16 Modelview Matrix Stack 32 Name Stack 128 Projection Matrix Stack 4 Texture Matrix Stack 10 Draw Range Elements: Max Index Count 1048576 Max Vertex Count 1048576 Extended Lighting Parameters: Max Shininess 128 Max Spot Exponent 128 Transform Feedback: Max Interleaved Components 64 Max Separate Attributes 4 Max Separate Components 4 Framebuffer Object: Max Color Attachments 8 Max Render Buffer Size 8192 x 8192 Imaging: Max Color Matrix Stack Depth 2 Max Convolution Width / Height 11 / 11 Vertex Shader: Max Uniform Vertex Components 4096 Max Varying Floats 60 Max Vertex Texture Image Units 32 Max Combined Texture Image Units 96 Geometry Shader: Max Geometry Texture Units 32 Max Varying Components 60 Max Geometry Varying Components 124 Max Vertex Varying Components 60 Max Geometry Uniform Components 2048 Max Geometry Output Vertices 1024 Max Geometry Total Output Components 1024 Fragment Shader: Max Uniform Fragment Components 2048 Vertex Program: Max Local Parameters 1024 Max Environment Parameters 256 Max Program Matrices 8 Max Program Matrix Stack Depth 1 Max Tracking Matrices 8 Max Tracking Matrix Stack Depth 1 Max Vertex Attributes 16 Max Instructions 16384 Max Native Instructions 16384 Max Temporaries 4096 Max Native Temporaries 4096 Max Parameters 1024 Max Native Parameters 1024 Max Attributes 16 Max Native Attributes 16 Max Address Registers 2 Max Native Address Registers 2 Fragment Program: Max Local Parameters 512 Max Environment Parameters 256 Max Texture Coordinates 8 Max Texture Image Units 32 Max Instructions 16384 Max Native Instructions 16384 Max Temporaries 4096 Max Native Temporaries 4096 Max Parameters 1024 Max Native Parameters 1024 Max Attributes 16 Max Native Attributes 16 Max Address Registers 1 Max Native Address Registers 1 Max ALU Instructions 16384 Max Native ALU Instructions 16384 Max Texture Instructions 16384 Max Native Texture Instructions 16384 Max Texture Indirections 16384 Max Native Texture Indirections 16384 Max Execution Instructions 16777216 Max Call Stack Depth 32 Max If Statement Depth 64 Max Loop Depth 64 Max Loop Count 16777216 OpenGL Extensions: Total / Supported Extensions 1007 / 274 GL_3DFX_multisample Not Supported GL_3DFX_tbuffer Not Supported GL_3DFX_texture_compression_FXT1 Not Supported GL_3DL_direct_texture_access2 Not Supported GL_3Dlabs_multisample_transparency_id Not Supported GL_3Dlabs_multisample_transparency_range Not Supported GL_AMD_blend_minmax_factor Not Supported GL_AMD_compressed_3DC_texture Not Supported GL_AMD_compressed_ATC_texture Not Supported GL_AMD_conservative_depth Not Supported GL_AMD_debug_output Not Supported GL_AMD_depth_clamp_separate Not Supported GL_AMD_draw_buffers_blend Not Supported GL_AMD_framebuffer_sample_positions Not Supported GL_AMD_gcn_shader Not Supported GL_AMD_gpu_shader_half_float Not Supported GL_AMD_gpu_shader_half_float2 Not Supported GL_AMD_gpu_shader_int64 Not Supported GL_AMD_interleaved_elements Not Supported GL_AMD_multi_draw_indirect Not Supported GL_AMD_name_gen_delete Not Supported GL_AMD_occlusion_query_event Not Supported GL_AMD_performance_monitor Not Supported GL_AMD_pinned_memory Not Supported GL_AMD_program_binary_Z400 Not Supported GL_AMD_query_buffer_object Not Supported GL_AMD_sample_positions Not Supported GL_AMD_seamless_cubemap_per_texture Not Supported GL_AMD_shader_atomic_counter_ops Not Supported GL_AMD_shader_stencil_export Not Supported GL_AMD_shader_stencil_value_export Not Supported GL_AMD_shader_trace Not Supported GL_AMD_shader_trinary_minmax Not Supported GL_AMD_sparse_texture Not Supported GL_AMD_sparse_texture_pool Not Supported GL_AMD_stencil_operation_extended Not Supported GL_AMD_texture_compression_dxt6 Not Supported GL_AMD_texture_compression_dxt7 Not Supported GL_AMD_texture_cube_map_array Not Supported GL_AMD_texture_texture4 Not Supported GL_AMD_texture_tile_pool Not Supported GL_AMD_transform_feedback3_lines_triangles Not Supported GL_AMD_transform_feedback4 Not Supported GL_AMD_vertex_shader_layer Not Supported GL_AMD_vertex_shader_tessellator Not Supported GL_AMD_vertex_shader_viewport_index Not Supported GL_AMDX_debug_output Not Supported GL_AMDX_name_gen_delete Not Supported GL_AMDX_random_access_target Not Supported GL_AMDX_vertex_shader_tessellator Not Supported GL_ANDROID_extension_pack_es31a Not Supported GL_ANGLE_depth_texture Not Supported GL_ANGLE_framebuffer_blit Not Supported GL_ANGLE_framebuffer_multisample Not Supported GL_ANGLE_instanced_arrays Not Supported GL_ANGLE_pack_reverse_row_order Not Supported GL_ANGLE_program_binary Not Supported GL_ANGLE_texture_compression_dxt1 Not Supported GL_ANGLE_texture_compression_dxt3 Not Supported GL_ANGLE_texture_compression_dxt5 Not Supported GL_ANGLE_texture_usage Not Supported GL_ANGLE_translated_shader_source Not Supported GL_APPLE_aux_depth_stencil Not Supported GL_APPLE_client_storage Not Supported GL_APPLE_copy_texture_levels Not Supported GL_APPLE_element_array Not Supported GL_APPLE_fence Not Supported GL_APPLE_float_pixels Not Supported GL_APPLE_flush_buffer_range Not Supported GL_APPLE_flush_render Not Supported GL_APPLE_framebuffer_multisample Not Supported GL_APPLE_object_purgeable Not Supported GL_APPLE_packed_pixel Not Supported GL_APPLE_packed_pixels Not Supported GL_APPLE_pixel_buffer Not Supported GL_APPLE_rgb_422 Not Supported GL_APPLE_row_bytes Not Supported GL_APPLE_specular_vector Not Supported GL_APPLE_sync Not Supported GL_APPLE_texture_2D_limited_npot Not Supported GL_APPLE_texture_format_BGRA8888 Not Supported GL_APPLE_texture_max_level Not Supported GL_APPLE_texture_range Not Supported GL_APPLE_transform_hint Not Supported GL_APPLE_vertex_array_object Not Supported GL_APPLE_vertex_array_range Not Supported GL_APPLE_vertex_point_size Not Supported GL_APPLE_vertex_program_evaluators Not Supported GL_APPLE_ycbcr_422 Not Supported GL_ARB_arrays_of_arrays Supported GL_ARB_base_instance Supported GL_ARB_bindless_texture Not Supported GL_ARB_blend_func_extended Supported GL_ARB_buffer_storage Not Supported GL_ARB_cl_event Not Supported GL_ARB_clear_buffer_object Supported GL_ARB_clear_texture Not Supported GL_ARB_clip_control Not Supported GL_ARB_color_buffer_float Supported GL_ARB_compatibility Supported GL_ARB_compressed_texture_pixel_storage Supported GL_ARB_compute_shader Not Supported GL_ARB_compute_variable_group_size Not Supported GL_ARB_conditional_render_inverted Not Supported GL_ARB_conservative_depth Supported GL_ARB_context_flush_control Not Supported GL_ARB_copy_buffer Supported GL_ARB_copy_image Supported GL_ARB_cull_distance Not Supported GL_ARB_debug_group Not Supported GL_ARB_debug_label Not Supported GL_ARB_debug_output Supported GL_ARB_debug_output2 Not Supported GL_ARB_depth_buffer_float Supported GL_ARB_depth_clamp Supported GL_ARB_depth_texture Supported GL_ARB_derivative_control Not Supported GL_ARB_direct_state_access Not Supported GL_ARB_draw_buffers Supported GL_ARB_draw_buffers_blend Supported GL_ARB_draw_elements_base_vertex Supported GL_ARB_draw_indirect Not Supported GL_ARB_draw_instanced Supported GL_ARB_enhanced_layouts Supported GL_ARB_ES2_compatibility Supported GL_ARB_ES3_1_compatibility Not Supported GL_ARB_ES3_compatibility Supported GL_ARB_explicit_attrib_location Supported GL_ARB_explicit_uniform_location Supported GL_ARB_fragment_coord_conventions Supported GL_ARB_fragment_layer_viewport Supported GL_ARB_fragment_program Supported GL_ARB_fragment_program_shadow Supported GL_ARB_fragment_shader Supported GL_ARB_framebuffer_no_attachments Supported GL_ARB_framebuffer_object Supported GL_ARB_framebuffer_sRGB Supported GL_ARB_geometry_shader4 Supported GL_ARB_get_program_binary Supported GL_ARB_get_texture_sub_image Not Supported GL_ARB_gpu_shader_fp64 Not Supported GL_ARB_gpu_shader5 Not Supported GL_ARB_half_float_pixel Supported GL_ARB_half_float_vertex Supported GL_ARB_imaging Supported GL_ARB_indirect_parameters Not Supported GL_ARB_instanced_arrays Supported GL_ARB_internalformat_query Supported GL_ARB_internalformat_query2 Supported GL_ARB_invalidate_subdata Supported GL_ARB_make_current_read Not Supported GL_ARB_map_buffer_alignment Supported GL_ARB_map_buffer_range Supported GL_ARB_matrix_palette Not Supported GL_ARB_multi_bind Supported GL_ARB_multi_draw_indirect Not Supported GL_ARB_multisample Supported GL_ARB_multitexture Supported GL_ARB_occlusion_query Supported GL_ARB_occlusion_query2 Supported GL_ARB_pipeline_statistics_query Not Supported GL_ARB_pixel_buffer_object Supported GL_ARB_point_parameters Supported GL_ARB_point_sprite Supported GL_ARB_program_interface_query Supported GL_ARB_provoking_vertex Supported GL_ARB_query_buffer_object Not Supported GL_ARB_robust_buffer_access_behavior Supported GL_ARB_robustness Supported GL_ARB_robustness_isolation Not Supported GL_ARB_sample_shading Supported GL_ARB_sampler_objects Supported GL_ARB_seamless_cube_map Supported GL_ARB_seamless_cubemap_per_texture Not Supported GL_ARB_separate_shader_objects Supported GL_ARB_shader_atomic_counters Not Supported GL_ARB_shader_bit_encoding Supported GL_ARB_shader_draw_parameters Not Supported GL_ARB_shader_group_vote Not Supported GL_ARB_shader_image_load_store Not Supported GL_ARB_shader_image_size Not Supported GL_ARB_shader_objects Supported GL_ARB_shader_precision Not Supported GL_ARB_shader_stencil_export Not Supported GL_ARB_shader_storage_buffer_object Not Supported GL_ARB_shader_subroutine Not Supported GL_ARB_shader_texture_image_samples Not Supported GL_ARB_shader_texture_lod Supported GL_ARB_shading_language_100 Supported GL_ARB_shading_language_120 Not Supported GL_ARB_shading_language_420pack Supported GL_ARB_shading_language_include Supported GL_ARB_shading_language_packing Supported GL_ARB_shadow Supported GL_ARB_shadow_ambient Not Supported GL_ARB_sparse_buffer Not Supported GL_ARB_sparse_texture Not Supported GL_ARB_stencil_texturing Supported GL_ARB_swap_buffers Not Supported GL_ARB_sync Supported GL_ARB_tessellation_shader Not Supported GL_ARB_texture_barrier Not Supported GL_ARB_texture_border_clamp Supported GL_ARB_texture_buffer_object Supported GL_ARB_texture_buffer_object_rgb32 Not Supported GL_ARB_texture_buffer_range Supported GL_ARB_texture_compression Supported GL_ARB_texture_compression_bptc Not Supported GL_ARB_texture_compression_rgtc Supported GL_ARB_texture_compression_rtgc Not Supported GL_ARB_texture_cube_map Supported GL_ARB_texture_cube_map_array Supported GL_ARB_texture_env_add Supported GL_ARB_texture_env_combine Supported GL_ARB_texture_env_crossbar Supported GL_ARB_texture_env_dot3 Supported GL_ARB_texture_float Supported GL_ARB_texture_gather Supported GL_ARB_texture_mirror_clamp_to_edge Supported GL_ARB_texture_mirrored_repeat Supported GL_ARB_texture_multisample Supported GL_ARB_texture_non_power_of_two Supported GL_ARB_texture_query_levels Supported GL_ARB_texture_query_lod Supported GL_ARB_texture_rectangle Supported GL_ARB_texture_rg Supported GL_ARB_texture_rgb10_a2ui Supported GL_ARB_texture_snorm Not Supported GL_ARB_texture_stencil8 Supported GL_ARB_texture_storage Supported GL_ARB_texture_storage_multisample Supported GL_ARB_texture_swizzle Supported GL_ARB_texture_view Supported GL_ARB_timer_query Supported GL_ARB_transform_feedback_instanced Supported GL_ARB_transform_feedback_overflow_query Not Supported GL_ARB_transform_feedback2 Supported GL_ARB_transform_feedback3 Not Supported GL_ARB_transpose_matrix Supported GL_ARB_uber_buffers Not Supported GL_ARB_uber_mem_image Not Supported GL_ARB_uber_vertex_array Not Supported GL_ARB_uniform_buffer_object Supported GL_ARB_vertex_array_bgra Supported GL_ARB_vertex_array_object Supported GL_ARB_vertex_attrib_64bit Not Supported GL_ARB_vertex_attrib_binding Supported GL_ARB_vertex_blend Not Supported GL_ARB_vertex_buffer_object Supported GL_ARB_vertex_program Supported GL_ARB_vertex_shader Supported GL_ARB_vertex_type_10f_11f_11f_rev Supported GL_ARB_vertex_type_2_10_10_10_rev Supported GL_ARB_viewport_array Supported GL_ARB_window_pos Supported GL_ARM_mali_program_binary Not Supported GL_ARM_mali_shader_binary Not Supported GL_ARM_rgba8 Not Supported GL_ARM_shader_framebuffer_fetch Not Supported GL_ARM_shader_framebuffer_fetch_depth_stencil Not Supported GL_ATI_array_rev_comps_in_4_bytes Not Supported GL_ATI_blend_equation_separate Not Supported GL_ATI_blend_weighted_minmax Not Supported GL_ATI_draw_buffers Supported GL_ATI_element_array Not Supported GL_ATI_envmap_bumpmap Not Supported GL_ATI_fragment_shader Not Supported GL_ATI_lock_texture Not Supported GL_ATI_map_object_buffer Not Supported GL_ATI_meminfo Not Supported GL_ATI_pixel_format_float Not Supported GL_ATI_pn_triangles Not Supported GL_ATI_point_cull_mode Not Supported GL_ATI_separate_stencil Not Supported GL_ATI_shader_texture_lod Not Supported GL_ATI_text_fragment_shader Not Supported GL_ATI_texture_compression_3dc Not Supported GL_ATI_texture_env_combine3 Not Supported GL_ATI_texture_float Supported GL_ATI_texture_mirror_once Supported GL_ATI_vertex_array_object Not Supported GL_ATI_vertex_attrib_array_object Not Supported GL_ATI_vertex_blend Not Supported GL_ATI_vertex_shader Not Supported GL_ATI_vertex_streams Not Supported GL_ATIX_pn_triangles Not Supported GL_ATIX_texture_env_combine3 Not Supported GL_ATIX_texture_env_route Not Supported GL_ATIX_vertex_shader_output_point_size Not Supported GL_Autodesk_facet_normal Not Supported GL_Autodesk_valid_back_buffer_hint Not Supported GL_CR_bounding_box Not Supported GL_CR_cursor_position Not Supported GL_CR_head_spu_name Not Supported GL_CR_performance_info Not Supported GL_CR_print_string Not Supported GL_CR_readback_barrier_size Not Supported GL_CR_saveframe Not Supported GL_CR_server_id_sharing Not Supported GL_CR_server_matrix Not Supported GL_CR_state_parameter Not Supported GL_CR_synchronization Not Supported GL_CR_tile_info Not Supported GL_CR_tilesort_info Not Supported GL_CR_window_size Not Supported GL_DIMD_YUV Not Supported GL_DMP_shader_binary Not Supported GL_EXT_422_pixels Not Supported GL_EXT_abgr Supported GL_EXT_bgra Supported GL_EXT_bindable_uniform Supported GL_EXT_blend_color Supported GL_EXT_blend_equation_separate Supported GL_EXT_blend_func_separate Supported GL_EXT_blend_logic_op Not Supported GL_EXT_blend_minmax Supported GL_EXT_blend_subtract Supported GL_EXT_Cg_shader Supported GL_EXT_clip_control Not Supported GL_EXT_clip_volume_hint Not Supported GL_EXT_cmyka Not Supported GL_EXT_color_buffer_float Not Supported GL_EXT_color_buffer_half_float Not Supported GL_EXT_color_matrix Not Supported GL_EXT_color_subtable Not Supported GL_EXT_color_table Not Supported GL_EXT_compiled_vertex_array Supported GL_EXT_convolution Not Supported GL_EXT_convolution_border_modes Not Supported GL_EXT_coordinate_frame Not Supported GL_EXT_copy_buffer Not Supported GL_EXT_copy_image Not Supported GL_EXT_copy_texture Not Supported GL_EXT_cull_vertex Not Supported GL_EXT_debug_label Not Supported GL_EXT_debug_marker Not Supported GL_EXT_depth_bounds_test Supported GL_EXT_depth_buffer_float Not Supported GL_EXT_direct_state_access Supported GL_EXT_discard_framebuffer Not Supported GL_EXT_disjoint_timer_query Not Supported GL_EXT_draw_buffers Not Supported GL_EXT_draw_buffers_indexed Not Supported GL_EXT_draw_buffers2 Supported GL_EXT_draw_indirect Not Supported GL_EXT_draw_instanced Supported GL_EXT_draw_range_elements Supported GL_EXT_fog_coord Supported GL_EXT_fog_function Not Supported GL_EXT_fog_offset Not Supported GL_EXT_frag_depth Not Supported GL_EXT_fragment_lighting Not Supported GL_EXT_framebuffer_blit Supported GL_EXT_framebuffer_multisample Supported GL_EXT_framebuffer_multisample_blit_scaled Supported GL_EXT_framebuffer_object Supported GL_EXT_framebuffer_sRGB Supported GL_EXT_generate_mipmap Not Supported GL_EXT_geometry_point_size Not Supported GL_EXT_geometry_shader Not Supported GL_EXT_geometry_shader4 Supported GL_EXT_glx_stereo_tree Not Supported GL_EXT_gpu_program_parameters Supported GL_EXT_gpu_shader_fp64 Not Supported GL_EXT_gpu_shader4 Supported GL_EXT_gpu_shader5 Not Supported GL_EXT_histogram Not Supported GL_EXT_import_sync_object Supported GL_EXT_index_array_formats Not Supported GL_EXT_index_func Not Supported GL_EXT_index_material Not Supported GL_EXT_index_texture Not Supported GL_EXT_instanced_arrays Not Supported GL_EXT_interlace Not Supported GL_EXT_light_texture Not Supported GL_EXT_map_buffer_range Not Supported GL_EXT_misc_attribute Not Supported GL_EXT_multi_draw_arrays Supported GL_EXT_multisample Not Supported GL_EXT_multisampled_render_to_texture Not Supported GL_EXT_multiview_draw_buffers Not Supported GL_EXT_occlusion_query_boolean Not Supported GL_EXT_packed_depth_stencil Supported GL_EXT_packed_float Supported GL_EXT_packed_pixels Supported GL_EXT_packed_pixels_12 Not Supported GL_EXT_paletted_texture Not Supported GL_EXT_pixel_buffer_object Supported GL_EXT_pixel_format Not Supported GL_EXT_pixel_texture Not Supported GL_EXT_pixel_transform Not Supported GL_EXT_pixel_transform_color_table Not Supported GL_EXT_point_parameters Supported GL_EXT_polygon_offset Not Supported GL_EXT_polygon_offset_clamp Not Supported GL_EXT_post_depth_coverage Not Supported GL_EXT_primitive_bounding_box Not Supported GL_EXT_provoking_vertex Supported GL_EXT_pvrtc_sRGB Not Supported GL_EXT_raster_multisample Not Supported GL_EXT_read_format_bgra Not Supported GL_EXT_rescale_normal Supported GL_EXT_robustness Not Supported GL_EXT_scene_marker Not Supported GL_EXT_secondary_color Supported GL_EXT_separate_shader_objects Supported GL_EXT_separate_specular_color Supported GL_EXT_shader_atomic_counters Not Supported GL_EXT_shader_framebuffer_fetch Not Supported GL_EXT_shader_image_load_formatted Not Supported GL_EXT_shader_image_load_store Not Supported GL_EXT_shader_implicit_conversions Not Supported GL_EXT_shader_integer_mix Supported GL_EXT_shader_io_blocks Not Supported GL_EXT_shader_pixel_local_storage Not Supported GL_EXT_shader_subroutine Not Supported GL_EXT_shader_texture_lod Not Supported GL_EXT_shadow_funcs Supported GL_EXT_shadow_samplers Not Supported GL_EXT_shared_texture_palette Not Supported GL_EXT_sparse_texture2 Not Supported GL_EXT_sRGB Not Supported GL_EXT_sRGB_write_control Not Supported GL_EXT_static_vertex_array Not Supported GL_EXT_stencil_clear_tag Not Supported GL_EXT_stencil_two_side Supported GL_EXT_stencil_wrap Supported GL_EXT_subtexture Not Supported GL_EXT_swap_control Not Supported GL_EXT_tessellation_point_size Not Supported GL_EXT_tessellation_shader Not Supported GL_EXT_texgen_reflection Not Supported GL_EXT_texture Not Supported GL_EXT_texture_array Supported GL_EXT_texture_border_clamp Not Supported GL_EXT_texture_buffer Not Supported GL_EXT_texture_buffer_object Supported GL_EXT_texture_buffer_object_rgb32 Not Supported GL_EXT_texture_color_table Not Supported GL_EXT_texture_compression_bptc Not Supported GL_EXT_texture_compression_dxt1 Supported GL_EXT_texture_compression_latc Supported GL_EXT_texture_compression_rgtc Supported GL_EXT_texture_compression_s3tc Supported GL_EXT_texture_cube_map Supported GL_EXT_texture_cube_map_array Not Supported GL_EXT_texture_edge_clamp Supported GL_EXT_texture_env Not Supported GL_EXT_texture_env_add Supported GL_EXT_texture_env_combine Supported GL_EXT_texture_env_dot3 Supported GL_EXT_texture_filter_anisotropic Supported GL_EXT_texture_filter_minmax Not Supported GL_EXT_texture_format_BGRA8888 Not Supported GL_EXT_texture_integer Supported GL_EXT_texture_lod Supported GL_EXT_texture_lod_bias Supported GL_EXT_texture_mirror_clamp Supported GL_EXT_texture_object Supported GL_EXT_texture_perturb_normal Not Supported GL_EXT_texture_rectangle Not Supported GL_EXT_texture_rg Not Supported GL_EXT_texture_shared_exponent Supported GL_EXT_texture_snorm Not Supported GL_EXT_texture_sRGB Supported GL_EXT_texture_sRGB_decode Supported GL_EXT_texture_storage Supported GL_EXT_texture_swizzle Supported GL_EXT_texture_type_2_10_10_10_REV Not Supported GL_EXT_texture_view Not Supported GL_EXT_texture3D Supported GL_EXT_texture4D Not Supported GL_EXT_timer_query Supported GL_EXT_transform_feedback Not Supported GL_EXT_transform_feedback2 Supported GL_EXT_transform_feedback3 Not Supported GL_EXT_unpack_subimage Not Supported GL_EXT_vertex_array Supported GL_EXT_vertex_array_bgra Supported GL_EXT_vertex_array_set Not Supported GL_EXT_vertex_array_setXXX Not Supported GL_EXT_vertex_attrib_64bit Not Supported GL_EXT_vertex_shader Not Supported GL_EXT_vertex_weighting Not Supported GL_EXT_x11_sync_object Not Supported GL_EXTX_framebuffer_mixed_formats Supported GL_EXTX_packed_depth_stencil Not Supported GL_FGL_lock_texture Not Supported GL_FJ_shader_binary_GCCSO Not Supported GL_GL2_geometry_shader Not Supported GL_GREMEDY_frame_terminator Not Supported GL_GREMEDY_string_marker Not Supported GL_HP_convolution_border_modes Not Supported GL_HP_image_transform Not Supported GL_HP_occlusion_test Not Supported GL_HP_texture_lighting Not Supported GL_I3D_argb Not Supported GL_I3D_color_clamp Not Supported GL_I3D_interlace_read Not Supported GL_IBM_clip_check Not Supported GL_IBM_cull_vertex Not Supported GL_IBM_load_named_matrix Not Supported GL_IBM_multi_draw_arrays Not Supported GL_IBM_multimode_draw_arrays Not Supported GL_IBM_occlusion_cull Not Supported GL_IBM_pixel_filter_hint Not Supported GL_IBM_rasterpos_clip Supported GL_IBM_rescale_normal Not Supported GL_IBM_static_data Not Supported GL_IBM_texture_clamp_nodraw Not Supported GL_IBM_texture_mirrored_repeat Supported GL_IBM_vertex_array_lists Not Supported GL_IBM_YCbCr Not Supported GL_IMG_multisampled_render_to_texture Not Supported GL_IMG_program_binary Not Supported GL_IMG_read_format Not Supported GL_IMG_sgx_binary Not Supported GL_IMG_shader_binary Not Supported GL_IMG_texture_compression_pvrtc Not Supported GL_IMG_texture_compression_pvrtc2 Not Supported GL_IMG_texture_env_enhanced_fixed_function Not Supported GL_IMG_texture_format_BGRA8888 Not Supported GL_IMG_user_clip_plane Not Supported GL_IMG_vertex_program Not Supported GL_INGR_blend_func_separate Not Supported GL_INGR_color_clamp Not Supported GL_INGR_interlace_read Not Supported GL_INGR_multiple_palette Not Supported GL_INTEL_compute_shader_lane_shift Not Supported GL_INTEL_conservative_rasterization Not Supported GL_INTEL_fragment_shader_ordering Not Supported GL_INTEL_fragment_shader_span_sharing Not Supported GL_INTEL_image_serialize Not Supported GL_INTEL_map_texture Not Supported GL_INTEL_multi_rate_fragment_shader Not Supported GL_INTEL_parallel_arrays Not Supported GL_INTEL_performance_queries Not Supported GL_INTEL_performance_query Not Supported GL_INTEL_texture_scissor Not Supported GL_KHR_blend_equation_advanced Not Supported GL_KHR_blend_equation_advanced_coherent Not Supported GL_KHR_context_flush_control Not Supported GL_KHR_debug Supported GL_KHR_robust_buffer_access_behavior Not Supported GL_KHR_robustness Not Supported GL_KHR_texture_compression_astc_hdr Not Supported GL_KHR_texture_compression_astc_ldr Not Supported GL_KTX_buffer_region Supported GL_MESA_pack_invert Not Supported GL_MESA_program_debug Not Supported GL_MESA_resize_buffers Not Supported GL_MESA_texture_array Not Supported GL_MESA_texture_signed_rgba Not Supported GL_MESA_window_pos Not Supported GL_MESA_ycbcr_texture Not Supported GL_MESAX_texture_float Not Supported GL_MESAX_texture_stack Not Supported GL_MTX_fragment_shader Not Supported GL_MTX_precision_dpi Not Supported GL_NV_3dvision_settings Not Supported GL_NV_alpha_test Not Supported GL_NV_bgr Not Supported GL_NV_bindless_multi_draw_indirect Not Supported GL_NV_bindless_multi_draw_indirect_count Not Supported GL_NV_bindless_texture Not Supported GL_NV_blend_equation_advanced Not Supported GL_NV_blend_equation_advanced_coherent Not Supported GL_NV_blend_minmax Not Supported GL_NV_blend_square Supported GL_NV_centroid_sample Not Supported GL_NV_command_list Not Supported GL_NV_complex_primitives Not Supported GL_NV_compute_program5 Not Supported GL_NV_conditional_render Supported GL_NV_conservative_raster Not Supported GL_NV_copy_buffer Not Supported GL_NV_copy_depth_to_color Supported GL_NV_copy_image Supported GL_NV_coverage_sample Not Supported GL_NV_deep_texture3D Not Supported GL_NV_depth_buffer_float Supported GL_NV_depth_clamp Supported GL_NV_depth_nonlinear Not Supported GL_NV_depth_range_unclamped Not Supported GL_NV_draw_buffers Not Supported GL_NV_draw_instanced Not Supported GL_NV_draw_texture Not Supported GL_NV_EGL_stream_consumer_external Not Supported GL_NV_ES1_1_compatibility Supported GL_NV_ES3_1_compatibility Not Supported GL_NV_evaluators Not Supported GL_NV_explicit_attrib_location Not Supported GL_NV_explicit_multisample Supported GL_NV_fbo_color_attachments Not Supported GL_NV_fence Supported GL_NV_fill_rectangle Not Supported GL_NV_float_buffer Supported GL_NV_fog_distance Supported GL_NV_fragdepth Not Supported GL_NV_fragment_coverage_to_color Not Supported GL_NV_fragment_program Supported GL_NV_fragment_program_option Supported GL_NV_fragment_program2 Supported GL_NV_fragment_program4 Not Supported GL_NV_fragment_shader_interlock Not Supported GL_NV_framebuffer_blit Not Supported GL_NV_framebuffer_mixed_samples Not Supported GL_NV_framebuffer_multisample Not Supported GL_NV_framebuffer_multisample_coverage Supported GL_NV_framebuffer_multisample_ex Not Supported GL_NV_generate_mipmap_sRGB Not Supported GL_NV_geometry_program4 Not Supported GL_NV_geometry_shader_passthrough Not Supported GL_NV_geometry_shader4 Supported GL_NV_gpu_program_fp64 Not Supported GL_NV_gpu_program4 Supported GL_NV_gpu_program4_1 Supported GL_NV_gpu_program5 Not Supported GL_NV_gpu_program5_mem_extended Not Supported GL_NV_gpu_shader5 Not Supported GL_NV_half_float Supported GL_NV_instanced_arrays Not Supported GL_NV_internalformat_sample_query Not Supported GL_NV_light_max_exponent Supported GL_NV_multisample_coverage Supported GL_NV_multisample_filter_hint Supported GL_NV_non_square_matrices Not Supported GL_NV_occlusion_query Supported GL_NV_pack_subimage Not Supported GL_NV_packed_depth_stencil Supported GL_NV_packed_float Not Supported GL_NV_packed_float_linear Not Supported GL_NV_parameter_buffer_object Supported GL_NV_parameter_buffer_object2 Supported GL_NV_path_rendering Supported GL_NV_path_rendering_shared_edge Not Supported GL_NV_pixel_buffer_object Not Supported GL_NV_pixel_data_range Supported GL_NV_platform_binary Not Supported GL_NV_point_sprite Supported GL_NV_present_video Not Supported GL_NV_primitive_restart Supported GL_NV_read_buffer Not Supported GL_NV_read_buffer_front Not Supported GL_NV_read_depth Not Supported GL_NV_read_depth_stencil Not Supported GL_NV_read_stencil Not Supported GL_NV_register_combiners Supported GL_NV_register_combiners2 Supported GL_NV_sample_locations Not Supported GL_NV_sample_mask_override_coverage Not Supported GL_NV_shader_atomic_counters Not Supported GL_NV_shader_atomic_float Not Supported GL_NV_shader_atomic_fp16_vector Not Supported GL_NV_shader_atomic_int64 Not Supported GL_NV_shader_buffer_load Supported GL_NV_shader_buffer_store Not Supported GL_NV_shader_storage_buffer_object Not Supported GL_NV_shader_thread_group Not Supported GL_NV_shader_thread_shuffle Not Supported GL_NV_shadow_samplers_array Not Supported GL_NV_shadow_samplers_cube Not Supported GL_NV_sRGB_formats Not Supported GL_NV_tessellation_program5 Not Supported GL_NV_texgen_emboss Not Supported GL_NV_texgen_reflection Supported GL_NV_texture_array Not Supported GL_NV_texture_barrier Supported GL_NV_texture_border_clamp Not Supported GL_NV_texture_compression_latc Not Supported GL_NV_texture_compression_s3tc Not Supported GL_NV_texture_compression_s3tc_update Not Supported GL_NV_texture_compression_vtc Supported GL_NV_texture_env_combine4 Supported GL_NV_texture_expand_normal Supported GL_NV_texture_lod_clamp Not Supported GL_NV_texture_multisample Supported GL_NV_texture_npot_2D_mipmap Not Supported GL_NV_texture_rectangle Supported GL_NV_texture_shader Supported GL_NV_texture_shader2 Supported GL_NV_texture_shader3 Supported GL_NV_timer_query Not Supported GL_NV_transform_feedback Supported GL_NV_transform_feedback2 Supported GL_NV_uniform_buffer_unified_memory Not Supported GL_NV_vdpau_interop Not Supported GL_NV_vertex_array_range Supported GL_NV_vertex_array_range2 Supported GL_NV_vertex_attrib_64bit Not Supported GL_NV_vertex_attrib_integer_64bit Not Supported GL_NV_vertex_buffer_unified_memory Supported GL_NV_vertex_program Supported GL_NV_vertex_program1_1 Supported GL_NV_vertex_program2 Supported GL_NV_vertex_program2_option Supported GL_NV_vertex_program3 Supported GL_NV_vertex_program4 Not Supported GL_NV_video_capture Not Supported GL_NV_viewport_array2 Not Supported GL_NVX_conditional_render Supported GL_NVX_flush_hold Not Supported GL_NVX_gpu_memory_info Supported GL_NVX_instanced_arrays Not Supported GL_NVX_nvenc_interop Not Supported GL_NVX_shader_thread_group Not Supported GL_NVX_shader_thread_shuffle Not Supported GL_NVX_shared_sync_object Not Supported GL_NVX_sysmem_buffer Not Supported GL_NVX_ycrcb Not Supported GL_OES_blend_equation_separate Not Supported GL_OES_blend_func_separate Not Supported GL_OES_blend_subtract Not Supported GL_OES_byte_coordinates Not Supported GL_OES_compressed_EAC_R11_signed_texture Not Supported GL_OES_compressed_EAC_R11_unsigned_texture Not Supported GL_OES_compressed_EAC_RG11_signed_texture Not Supported GL_OES_compressed_EAC_RG11_unsigned_texture Not Supported GL_OES_compressed_ETC1_RGB8_texture Not Supported GL_OES_compressed_ETC2_punchthroughA_RGBA8_textureNot Supported GL_OES_compressed_ETC2_punchthroughA_sRGB8_alpha_textureNot Supported GL_OES_compressed_ETC2_RGB8_texture Not Supported GL_OES_compressed_ETC2_RGBA8_texture Not Supported GL_OES_compressed_ETC2_sRGB8_alpha8_texture Not Supported GL_OES_compressed_ETC2_sRGB8_texture Not Supported GL_OES_compressed_paletted_texture Not Supported GL_OES_conditional_query Not Supported GL_OES_depth_texture Not Supported GL_OES_depth_texture_cube_map Not Supported GL_OES_depth24 Not Supported GL_OES_depth32 Not Supported GL_OES_draw_texture Not Supported GL_OES_EGL_image Not Supported GL_OES_EGL_image_external Not Supported GL_OES_EGL_sync Not Supported GL_OES_element_index_uint Not Supported GL_OES_extended_matrix_palette Not Supported GL_OES_fbo_render_mipmap Not Supported GL_OES_fixed_point Not Supported GL_OES_fragment_precision_high Not Supported GL_OES_framebuffer_object Not Supported GL_OES_get_program_binary Not Supported GL_OES_mapbuffer Not Supported GL_OES_matrix_get Not Supported GL_OES_matrix_palette Not Supported GL_OES_packed_depth_stencil Not Supported GL_OES_point_size_array Not Supported GL_OES_point_sprite Not Supported GL_OES_query_matrix Not Supported GL_OES_read_format Not Supported GL_OES_required_internalformat Not Supported GL_OES_rgb8_rgba8 Not Supported GL_OES_sample_shading Not Supported GL_OES_sample_variables Not Supported GL_OES_shader_image_atomic Not Supported GL_OES_shader_multisample_interpolation Not Supported GL_OES_single_precision Not Supported GL_OES_standard_derivatives Not Supported GL_OES_stencil_wrap Not Supported GL_OES_stencil1 Not Supported GL_OES_stencil4 Not Supported GL_OES_stencil8 Not Supported GL_OES_surfaceless_context Not Supported GL_OES_texture_3D Not Supported GL_OES_texture_compression_astc Not Supported GL_OES_texture_cube_map Not Supported GL_OES_texture_env_crossbar Not Supported GL_OES_texture_float Not Supported GL_OES_texture_float_linear Not Supported GL_OES_texture_half_float Not Supported GL_OES_texture_half_float_linear Not Supported GL_OES_texture_mirrored_repeat Not Supported GL_OES_texture_npot Not Supported GL_OES_texture_stencil8 Not Supported GL_OES_texture_storage_multisample_2d_array Not Supported GL_OES_vertex_array_object Not Supported GL_OES_vertex_half_float Not Supported GL_OES_vertex_type_10_10_10_2 Not Supported GL_OML_interlace Not Supported GL_OML_resample Not Supported GL_OML_subsample Not Supported GL_PGI_misc_hints Not Supported GL_PGI_vertex_hints Not Supported GL_QCOM_alpha_test Not Supported GL_QCOM_binning_control Not Supported GL_QCOM_driver_control Not Supported GL_QCOM_extended_get Not Supported GL_QCOM_extended_get2 Not Supported GL_QCOM_perfmon_global_mode Not Supported GL_QCOM_tiled_rendering Not Supported GL_QCOM_writeonly_rendering Not Supported GL_REND_screen_coordinates Not Supported GL_S3_performance_analyzer Not Supported GL_S3_s3tc Supported GL_SGI_color_matrix Not Supported GL_SGI_color_table Not Supported GL_SGI_compiled_vertex_array Not Supported GL_SGI_cull_vertex Not Supported GL_SGI_index_array_formats Not Supported GL_SGI_index_func Not Supported GL_SGI_index_material Not Supported GL_SGI_index_texture Not Supported GL_SGI_make_current_read Not Supported GL_SGI_texture_add_env Not Supported GL_SGI_texture_color_table Not Supported GL_SGI_texture_edge_clamp Not Supported GL_SGI_texture_lod Not Supported GL_SGIS_color_range Not Supported GL_SGIS_detail_texture Not Supported GL_SGIS_fog_function Not Supported GL_SGIS_generate_mipmap Supported GL_SGIS_multisample Not Supported GL_SGIS_multitexture Not Supported GL_SGIS_pixel_texture Not Supported GL_SGIS_point_line_texgen Not Supported GL_SGIS_sharpen_texture Not Supported GL_SGIS_texture_border_clamp Not Supported GL_SGIS_texture_color_mask Not Supported GL_SGIS_texture_edge_clamp Not Supported GL_SGIS_texture_filter4 Not Supported GL_SGIS_texture_lod Supported GL_SGIS_texture_select Not Supported GL_SGIS_texture4D Not Supported GL_SGIX_async Not Supported GL_SGIX_async_histogram Not Supported GL_SGIX_async_pixel Not Supported GL_SGIX_blend_alpha_minmax Not Supported GL_SGIX_clipmap Not Supported GL_SGIX_convolution_accuracy Not Supported GL_SGIX_depth_pass_instrument Not Supported GL_SGIX_depth_texture Supported GL_SGIX_flush_raster Not Supported GL_SGIX_fog_offset Not Supported GL_SGIX_fog_texture Not Supported GL_SGIX_fragment_specular_lighting Not Supported GL_SGIX_framezoom Not Supported GL_SGIX_instruments Not Supported GL_SGIX_interlace Not Supported GL_SGIX_ir_instrument1 Not Supported GL_SGIX_list_priority Not Supported GL_SGIX_pbuffer Not Supported GL_SGIX_pixel_texture Not Supported GL_SGIX_pixel_texture_bits Not Supported GL_SGIX_reference_plane Not Supported GL_SGIX_resample Not Supported GL_SGIX_shadow Supported GL_SGIX_shadow_ambient Not Supported GL_SGIX_sprite Not Supported GL_SGIX_subsample Not Supported GL_SGIX_tag_sample_buffer Not Supported GL_SGIX_texture_add_env Not Supported GL_SGIX_texture_coordinate_clamp Not Supported GL_SGIX_texture_lod_bias Not Supported GL_SGIX_texture_multi_buffer Not Supported GL_SGIX_texture_range Not Supported GL_SGIX_texture_scale_bias Not Supported GL_SGIX_vertex_preclip Not Supported GL_SGIX_vertex_preclip_hint Not Supported GL_SGIX_ycrcb Not Supported GL_SGIX_ycrcb_subsample Not Supported GL_SUN_convolution_border_modes Not Supported GL_SUN_global_alpha Not Supported GL_SUN_mesh_array Not Supported GL_SUN_multi_draw_arrays Not Supported GL_SUN_read_video_pixels Not Supported GL_SUN_slice_accum Supported GL_SUN_triangle_list Not Supported GL_SUN_vertex Not Supported GL_SUNX_constant_data Not Supported GL_VIV_shader_binary Not Supported GL_WGL_ARB_extensions_string Not Supported GL_WGL_EXT_extensions_string Not Supported GL_WGL_EXT_swap_control Not Supported GL_WIN_phong_shading Not Supported GL_WIN_specular_fog Not Supported GL_WIN_swap_hint Supported GLU_EXT_nurbs_tessellator Not Supported GLU_EXT_object_space_tess Not Supported GLU_SGI_filter4_parameters Not Supported GLX_AMD_gpu_association Not Supported GLX_ARB_create_context Not Supported GLX_ARB_create_context_profile Not Supported GLX_ARB_create_context_robustness Not Supported GLX_ARB_fbconfig_float Not Supported GLX_ARB_framebuffer_sRGB Not Supported GLX_ARB_get_proc_address Not Supported GLX_ARB_multisample Not Supported GLX_ARB_robustness_application_isolation Not Supported GLX_ARB_robustness_share_group_isolation Not Supported GLX_ARB_vertex_buffer_object Not Supported GLX_EXT_buffer_age Not Supported GLX_EXT_create_context_es_profile Not Supported GLX_EXT_create_context_es2_profile Not Supported GLX_EXT_fbconfig_packed_float Not Supported GLX_EXT_framebuffer_sRGB Not Supported GLX_EXT_import_context Not Supported GLX_EXT_scene_marker Not Supported GLX_EXT_swap_control Not Supported GLX_EXT_swap_control_tear Not Supported GLX_EXT_texture_from_pixmap Not Supported GLX_EXT_visual_info Not Supported GLX_EXT_visual_rating Not Supported GLX_INTEL_swap_event Not Supported GLX_MESA_agp_offset Not Supported GLX_MESA_copy_sub_buffer Not Supported GLX_MESA_multithread_makecurrent Not Supported GLX_MESA_pixmap_colormap Not Supported GLX_MESA_query_renderer Not Supported GLX_MESA_release_buffers Not Supported GLX_MESA_set_3dfx_mode Not Supported GLX_MESA_swap_control Not Supported GLX_NV_copy_image Not Supported GLX_NV_delay_before_swap Not Supported GLX_NV_float_buffer Not Supported GLX_NV_multisample_coverage Not Supported GLX_NV_present_video Not Supported GLX_NV_swap_group Not Supported GLX_NV_video_capture Not Supported GLX_NV_video_out Not Supported GLX_NV_video_output Not Supported GLX_OML_interlace Not Supported GLX_OML_swap_method Not Supported GLX_OML_sync_control Not Supported GLX_SGI_cushion Not Supported GLX_SGI_make_current_read Not Supported GLX_SGI_swap_control Not Supported GLX_SGI_video_sync Not Supported GLX_SGIS_blended_overlay Not Supported GLX_SGIS_color_range Not Supported GLX_SGIS_multisample Not Supported GLX_SGIX_dm_buffer Not Supported GLX_SGIX_fbconfig Not Supported GLX_SGIX_hyperpipe Not Supported GLX_SGIX_pbuffer Not Supported GLX_SGIX_swap_barrier Not Supported GLX_SGIX_swap_group Not Supported GLX_SGIX_video_resize Not Supported GLX_SGIX_video_source Not Supported GLX_SGIX_visual_select_group Not Supported GLX_SUN_get_transparent_index Not Supported GLX_SUN_video_resize Not Supported WGL_3DFX_gamma_control Not Supported WGL_3DFX_multisample Not Supported WGL_3DL_stereo_control Not Supported WGL_AMD_gpu_association Not Supported WGL_AMDX_gpu_association Not Supported WGL_ARB_buffer_region Supported WGL_ARB_context_flush_control Not Supported WGL_ARB_create_context Supported WGL_ARB_create_context_profile Supported WGL_ARB_create_context_robustness Supported WGL_ARB_extensions_string Supported WGL_ARB_framebuffer_sRGB Not Supported WGL_ARB_make_current_read Supported WGL_ARB_multisample Supported WGL_ARB_pbuffer Supported WGL_ARB_pixel_format Supported WGL_ARB_pixel_format_float Supported WGL_ARB_render_texture Supported WGL_ARB_robustness_application_isolation Not Supported WGL_ARB_robustness_share_group_isolation Not Supported WGL_ATI_pbuffer_memory_hint Not Supported WGL_ATI_pixel_format_float Supported WGL_ATI_render_texture_rectangle Not Supported WGL_EXT_buffer_region Not Supported WGL_EXT_create_context_es_profile Supported WGL_EXT_create_context_es2_profile Supported WGL_EXT_depth_float Not Supported WGL_EXT_display_color_table Not Supported WGL_EXT_extensions_string Supported WGL_EXT_framebuffer_sRGB Supported WGL_EXT_framebuffer_sRGBWGL_ARB_create_context Not Supported WGL_EXT_gamma_control Not Supported WGL_EXT_make_current_read Not Supported WGL_EXT_multisample Not Supported WGL_EXT_pbuffer Not Supported WGL_EXT_pixel_format Not Supported WGL_EXT_pixel_format_packed_float Supported WGL_EXT_render_texture Not Supported WGL_EXT_swap_control Supported WGL_EXT_swap_control_tear Supported WGL_EXT_swap_interval Not Supported WGL_I3D_digital_video_control Not Supported WGL_I3D_gamma Not Supported WGL_I3D_genlock Not Supported WGL_I3D_image_buffer Not Supported WGL_I3D_swap_frame_lock Not Supported WGL_I3D_swap_frame_usage Not Supported WGL_MTX_video_preview Not Supported WGL_NV_copy_image Not Supported WGL_NV_delay_before_swap Supported WGL_NV_DX_interop Supported WGL_NV_DX_interop2 Supported WGL_NV_float_buffer Supported WGL_NV_gpu_affinity Not Supported WGL_NV_multisample_coverage Supported WGL_NV_present_video Not Supported WGL_NV_render_depth_texture Supported WGL_NV_render_texture_rectangle Supported WGL_NV_swap_group Not Supported WGL_NV_texture_rectangle Not Supported WGL_NV_vertex_array_range Not Supported WGL_NV_video_capture Not Supported WGL_NV_video_output Not Supported WGL_NVX_DX_interop Supported WGL_OML_sync_control Not Supported WGL_S3_cl_sharingWGL_ARB_create_context_profile Not Supported Supported Compressed Texture Formats: RGB DXT1 Supported RGBA DXT1 Not Supported RGBA DXT3 Supported RGBA DXT5 Supported RGB FXT1 Not Supported RGBA FXT1 Not Supported 3Dc Not Supported Video Adapter Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates --------[ GPGPU ]------------------------------------------------------------------------------------------------------- [ CUDA: nVIDIA GeForce 210 (GT218) ] Device Properties: Device Name GeForce 210 GPU Code Name GT218 PCI Domain / Bus / Device 0 / 5 / 0 Clock Rate 1402 MHz Asynchronous Engines 1 Multiprocessors / Cores 2 / 16 Max Threads Per Multiprocessor 1024 Max Threads Per Block 512 Max Registers Per Block 16384 Max 32-bit Registers Per Multiprocessor 16384 Max Instructions Per Kernel 2 million Warp Size 32 threads Max Block Size 512 x 512 x 64 Max Grid Size 65535 x 65535 x 1 Max 1D Texture Width 8192 Max 2D Texture Size 65536 x 32768 Max 3D Texture Size 2048 x 2048 x 2048 Max 1D Linear Texture Width 134217728 Max 2D Linear Texture Size 65000 x 65000 Max 2D Linear Texture Pitch 1048544 bytes Max 1D Layered Texture Width 8192 Max 1D Layered Texture Layers 512 Max Mipmapped 1D Texture Width 8192 Max Mipmapped 2D Texture Size 8192 x 8192 Max Cubemap Texture Size 8192 x 8192 Max Texture Array Size 8192 x 8192 Max Texture Array Slices 512 Max 1D Surface Width 4096 Max 2D Surface Size 4096 x 65536 Compute Mode Default: Multiple contexts allowed per device Compute Capability 1.2 CUDA DLL nvcuda.dll (8.17.13.4144 - nVIDIA ForceWare 341.44) Memory Properties: Memory Clock 500 MHz Global Memory Bus Width 64-bit Total Memory 1 GB Total Constant Memory 64 KB Max Shared Memory Per Block 16 KB Max Shared Memory Per Multiprocessor 16 KB Max Memory Pitch 2147483647 bytes Texture Alignment 256 bytes Texture Pitch Alignment 32 bytes Surface Alignment 256 bytes Device Features: 32-bit Floating-Point Atomic Addition Not Supported 32-bit Integer Atomic Operations Supported 64-bit Integer Atomic Operations Supported Caching Globals in L1 Cache Not Supported Caching Locals in L1 Cache Not Supported Concurrent Kernel Execution Not Supported Concurrent Memory Copy & Execute Supported Double-Precision Floating-Point Not Supported ECC Disabled Funnel Shift Not Supported Host Memory Mapping Supported Integrated Device No Managed Memory Not Supported Multi-GPU Board No Stream Priorities Not Supported Surface Functions Not Supported TCC Driver No Warp Vote Functions Supported __ballot() Not Supported __syncthreads_and() Not Supported __syncthreads_count() Not Supported __syncthreads_or() Not Supported __threadfence_system() Not Supported Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ OpenCL: nVIDIA GeForce 210 (GT218) ] OpenCL Properties: Platform Name NVIDIA CUDA Platform Vendor NVIDIA Corporation Platform Version OpenCL 1.1 CUDA 6.5.45 Platform Profile Full Device Properties: Device Name GeForce 210 GPU Code Name GT218 Device Type GPU Device Vendor NVIDIA Corporation Device Version OpenCL 1.0 CUDA Device Profile Full Driver Version 341.44 OpenCL C Version OpenCL C 1.1 Clock Rate 1402 MHz Compute Units / Cores 2 / 16 Address Space Size 32-bit Max 2D Image Size 4096 x 16383 Max 3D Image Size 2048 x 2048 x 2048 Max Image Buffer Size 134217728 Max Samplers 16 Max Work-Item Size 512 x 512 x 64 Max Work-Group Size 512 Max Argument Size 4352 bytes Max Constant Buffer Size 64 KB Max Constant Arguments 9 Native ISA Vector Widths char1, short1, int1, float1 Preferred Native Vector Widths char1, short1, int1, long1, float1 Profiling Timer Resolution 1000 ns CUDA Compute Capability 1.2 Max Registers Per Block 16384 Warp Size 32 threads Asynchronous Engines 1 PCI Bus / Device 5 / 0 OpenCL DLL opencl.dll (1.0.0) Memory Properties: Global Memory 1 GB Local Memory 15 KB Max Memory Object Allocation Size 256 MB Memory Base Address Alignment 2048-bit Min Data Type Alignment 128 bytes OpenCL Compliancy: OpenCL 1.1 Yes (100%) OpenCL 1.2 Yes (100%) OpenCL 2.0 No (62%) Device Features: Command-Queue Out Of Order Execution Enabled Command-Queue Profiling Enabled Compiler Available Yes Error Correction Not Supported Images Supported Kernel Execution Supported Linker Available No Little-Endian Device Yes Native Kernel Execution Not Supported SVM Atomics Not Supported SVM Coarse Grain Buffer Not Supported SVM Fine Grain Buffer Not Supported SVM Fine Grain System Not Supported Thread Trace Not Supported Unified Memory No Half-Precision Floating-Point Capabilities: Correctly Rounded Divide and Sqrt Not Supported Denorms Not Supported IEEE754-2008 FMA Not Supported INF and NaNs Not Supported Rounding to Infinity Not Supported Rounding to Nearest Even Not Supported Rounding to Zero Not Supported Software Basic Floating-Point Operations No Single-Precision Floating-Point Capabilities: Correctly Rounded Divide and Sqrt Not Supported Denorms Not Supported IEEE754-2008 FMA Supported INF and NaNs Supported Rounding to Infinity Supported Rounding to Nearest Even Supported Rounding to Zero Supported Software Basic Floating-Point Operations No Double-Precision Floating-Point Capabilities: Correctly Rounded Divide and Sqrt Not Supported Denorms Not Supported IEEE754-2008 FMA Not Supported INF and NaNs Not Supported Rounding to Infinity Not Supported Rounding to Nearest Even Not Supported Rounding to Zero Not Supported Software Basic Floating-Point Operations No Device Extensions: Total / Supported Extensions 88 / 15 cl_altera_compiler_mode Not Supported cl_altera_device_temperature Not Supported cl_altera_live_object_tracking Not Supported cl_amd_bus_addressable_memory Not Supported cl_amd_c1x_atomics Not Supported cl_amd_compile_options Not Supported cl_amd_core_id Not Supported cl_amd_d3d10_interop Not Supported cl_amd_d3d9_interop Not Supported cl_amd_device_attribute_query Not Supported cl_amd_device_board_name Not Supported cl_amd_device_memory_flags Not Supported cl_amd_device_persistent_memory Not Supported cl_amd_device_profiling_timer_offset Not Supported cl_amd_device_topology Not Supported cl_amd_event_callback Not Supported cl_amd_fp64 Not Supported cl_amd_hsa Not Supported cl_amd_image2d_from_buffer_read_only Not Supported cl_amd_media_ops Not Supported cl_amd_media_ops2 Not Supported cl_amd_offline_devices Not Supported cl_amd_popcnt Not Supported cl_amd_predefined_macros Not Supported cl_amd_printf Not Supported cl_amd_svm Not Supported cl_amd_vec3 Not Supported cl_apple_contextloggingfunctions Not Supported cl_apple_gl_sharing Not Supported cl_apple_setmemobjectdestructor Not Supported cl_arm_core_id Not Supported cl_arm_printf Not Supported cl_ext_atomic_counters_32 Not Supported cl_ext_atomic_counters_64 Not Supported cl_ext_device_fission Not Supported cl_ext_migrate_memobject Not Supported cl_intel_accelerator Not Supported cl_intel_advanced_motion_estimation Not Supported cl_intel_ctz Not Supported cl_intel_d3d11_nv12_media_sharing Not Supported cl_intel_device_partition_by_names Not Supported cl_intel_dx9_media_sharing Not Supported cl_intel_exec_by_local_thread Not Supported cl_intel_motion_estimation Not Supported cl_intel_printf Not Supported cl_intel_simultaneous_sharing Not Supported cl_intel_subgroups Not Supported cl_intel_thread_local_exec Not Supported cl_khr_3d_image_writes Not Supported cl_khr_byte_addressable_store Supported cl_khr_context_abort Not Supported cl_khr_d3d10_sharing Supported cl_khr_d3d11_sharing Not Supported cl_khr_depth_images Not Supported cl_khr_dx9_media_sharing Not Supported cl_khr_egl_event Not Supported cl_khr_egl_image Not Supported cl_khr_fp16 Not Supported cl_khr_fp64 Not Supported cl_khr_gl_depth_images Not Supported cl_khr_gl_event Not Supported cl_khr_gl_msaa_sharing Not Supported cl_khr_gl_sharing Supported cl_khr_global_int32_base_atomics Supported cl_khr_global_int32_extended_atomics Supported cl_khr_icd Supported cl_khr_image2d_from_buffer Not Supported cl_khr_initialize_memory Not Supported cl_khr_int64_base_atomics Not Supported cl_khr_int64_extended_atomics Not Supported cl_khr_local_int32_base_atomics Supported cl_khr_local_int32_extended_atomics Supported cl_khr_mipmap_image Not Supported cl_khr_mipmap_image_writes Not Supported cl_khr_select_fprounding_mode Not Supported cl_khr_spir Not Supported cl_khr_srgb_image_writes Not Supported cl_khr_subgroups Not Supported cl_khr_terminate_context Not Supported cl_nv_compiler_options Supported cl_nv_copy_opts Supported cl_nv_d3d10_sharing Supported cl_nv_d3d11_sharing Supported cl_nv_d3d9_sharing Supported cl_nv_device_attribute_query Supported cl_nv_pragma_unroll Supported cl_qcom_ext_host_ptr Not Supported cl_qcom_ion_host_ptr Not Supported Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates --------[ Fonts ]------------------------------------------------------------------------------------------------------- @Arial Unicode MS Swiss Regular Arabic 14 x 43 40 % @Arial Unicode MS Swiss Regular Baltic 14 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 % @Arial Unicode MS Swiss Regular CHINESE_BIG5 14 x 43 40 % @Arial Unicode MS Swiss Regular CHINESE_GB2312 14 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 % @Arial Unicode MS Swiss Regular Greek 14 x 43 40 % @Arial Unicode MS Swiss Regular Hangul(Johab) 14 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 % @Arial Unicode MS Swiss Regular Hebrew 14 x 43 40 % @Arial Unicode MS Swiss Regular Japanese 14 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 % @Arial Unicode MS Swiss Regular Turkish 14 x 43 40 % @Arial Unicode MS Swiss Regular Vietnamese 14 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 % @Batang Roman Regular Baltic 16 x 32 40 % @Batang Roman Regular Central European 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @Batang Roman Regular Greek 16 x 32 40 % @Batang Roman Regular Hangul 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @Batang Roman Regular Western 16 x 32 40 % @BatangChe Modern Regular Baltic 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @BatangChe Modern Regular Cyrillic 16 x 32 40 % @BatangChe Modern Regular Greek 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @BatangChe Modern Regular Turkish 16 x 32 40 % @BatangChe Modern Regular Western 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @DFKai-SB Script Regular Western 16 x 32 40 % @Dotum Swiss Regular Baltic 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @Dotum Swiss Regular Cyrillic 16 x 32 40 % @Dotum Swiss Regular Greek 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @Dotum Swiss Regular Turkish 16 x 32 40 % @Dotum Swiss Regular Western 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @DotumChe Modern Regular Central European 16 x 32 40 % @DotumChe Modern Regular Cyrillic 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @DotumChe Modern Regular Hangul 16 x 32 40 % @DotumChe Modern Regular Turkish 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @FangSong Modern Regular CHINESE_GB2312 16 x 32 40 % @FangSong Modern Regular Western 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @Gulim Swiss Regular Central European 16 x 32 40 % @Gulim Swiss Regular Cyrillic 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @Gulim Swiss Regular Hangul 16 x 32 40 % @Gulim Swiss Regular Turkish 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @GulimChe Modern Regular Baltic 16 x 32 40 % @GulimChe Modern Regular Central European 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @GulimChe Modern Regular Greek 16 x 32 40 % @GulimChe Modern Regular Hangul 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @GulimChe Modern Regular Western 16 x 32 40 % @Gungsuh Roman Regular Baltic 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @Gungsuh Roman Regular Cyrillic 16 x 32 40 % @Gungsuh Roman Regular Greek 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @Gungsuh Roman Regular Turkish 16 x 32 40 % @Gungsuh Roman Regular Western 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @GungsuhChe Modern Regular Central European 16 x 32 40 % @GungsuhChe Modern Regular Cyrillic 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @GungsuhChe Modern Regular Hangul 16 x 32 40 % @GungsuhChe Modern Regular Turkish 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @KaiTi Modern Regular CHINESE_GB2312 16 x 32 40 % @KaiTi Modern Regular Western 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 43 40 % @Malgun Gothic Swiss Regular Western 15 x 43 40 % @Meiryo UI Swiss Regular Baltic 17 x 41 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 41 40 % @Meiryo UI Swiss Regular Cyrillic 17 x 41 40 % @Meiryo UI Swiss Regular Greek 17 x 41 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 41 40 % @Meiryo UI Swiss Regular Turkish 17 x 41 40 % @Meiryo UI Swiss Regular Western 17 x 41 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 48 40 % @Meiryo Swiss Regular Central European 31 x 48 40 % @Meiryo Swiss Regular Cyrillic 31 x 48 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 48 40 % @Meiryo Swiss Regular Japanese 31 x 48 40 % @Meiryo Swiss Regular Turkish 31 x 48 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 48 40 % @Microsoft JhengHei Swiss Regular CHINESE_BIG5 15 x 43 40 % @Microsoft JhengHei Swiss Regular Greek 15 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 43 40 % @Microsoft YaHei Swiss Regular Central European 15 x 42 40 % @Microsoft YaHei Swiss Regular CHINESE_GB2312 15 x 42 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 42 40 % @Microsoft YaHei Swiss Regular Greek 15 x 42 40 % @Microsoft YaHei Swiss Regular Turkish 15 x 42 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 42 40 % @MingLiU_HKSCS Roman Regular CHINESE_BIG5 16 x 32 40 % @MingLiU_HKSCS Roman Regular Western 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @MingLiU_HKSCS-ExtB Roman Regular Western 16 x 32 40 % @MingLiU Modern Regular CHINESE_BIG5 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @MingLiU-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 % @MingLiU-ExtB Roman Regular Western 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @MS Gothic Modern Regular Central European 16 x 32 40 % @MS Gothic Modern Regular Cyrillic 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @MS Gothic Modern Regular Japanese 16 x 32 40 % @MS Gothic Modern Regular Turkish 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @MS Mincho Modern Regular Baltic 16 x 32 40 % @MS Mincho Modern Regular Central European 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @MS Mincho Modern Regular Greek 16 x 32 40 % @MS Mincho Modern Regular Japanese 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @MS Mincho Modern Regular Western 16 x 32 40 % @MS PGothic Swiss Regular Baltic 13 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 % @MS PGothic Swiss Regular Cyrillic 13 x 32 40 % @MS PGothic Swiss Regular Greek 13 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 % @MS PGothic Swiss Regular Turkish 13 x 32 40 % @MS PGothic Swiss Regular Western 13 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 % @MS PMincho Roman Regular Central European 13 x 32 40 % @MS PMincho Roman Regular Cyrillic 13 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 % @MS PMincho Roman Regular Japanese 13 x 32 40 % @MS PMincho Roman Regular Turkish 13 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 % @MS UI Gothic Swiss Regular Baltic 13 x 32 40 % @MS UI Gothic Swiss Regular Central European 13 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 % @MS UI Gothic Swiss Regular Greek 13 x 32 40 % @MS UI Gothic Swiss Regular Japanese 13 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 % @MS UI Gothic Swiss Regular Western 13 x 32 40 % @NSimSun Modern Regular CHINESE_GB2312 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @PMingLiU Roman Regular CHINESE_BIG5 16 x 32 40 % @PMingLiU Roman Regular Western 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @PMingLiU-ExtB Roman Regular Western 16 x 32 40 % @SimHei Modern Regular CHINESE_GB2312 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @SimSun Special Regular CHINESE_GB2312 16 x 32 40 % @SimSun Special Regular Western 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % @SimSun-ExtB Modern Regular Western 16 x 32 40 % Agency FB Swiss Bold Western 11 x 37 70 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 32 70 % Algerian Decorative Regular Western 17 x 36 40 % Andalus Roman Regular Arabic 15 x 49 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 49 40 % Angsana New Roman Regular Thai 8 x 43 40 % Angsana New Roman Regular Western 8 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 8 x 43 40 % AngsanaUPC Roman Regular Western 8 x 43 40 % Aparajita Swiss Regular Western 16 x 38 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 36 40 % Arabic Typesetting Script Regular Baltic 9 x 36 40 % Arabic Typesetting Script Regular Central European 9 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 36 40 % Arabic Typesetting Script Regular Western 9 x 36 40 % Ariac Swiss Regular Baltic 12 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 12 x 36 40 % Ariac Swiss Regular Cyrillic 12 x 36 40 % Ariac Swiss Regular Greek 12 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 12 x 36 40 % Ariac Swiss Regular Western 12 x 36 40 % Arial Black Swiss Regular Baltic 18 x 45 90 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 45 90 % Arial Black Swiss Regular Cyrillic 18 x 45 90 % Arial Black Swiss Regular Greek 18 x 45 90 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 45 90 % Arial Black Swiss Regular Western 18 x 45 90 % Arial Narrow Swiss Regular Baltic 12 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 12 x 36 40 % Arial Narrow Swiss Regular Cyrillic 12 x 36 40 % Arial Narrow Swiss Regular Greek 12 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 12 x 36 40 % Arial Narrow Swiss Regular Western 12 x 36 40 % Arial Rounded MT Bold Swiss Regular Western 15 x 37 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 % Arial Unicode MS Swiss Regular Baltic 14 x 43 40 % Arial Unicode MS Swiss Regular Central European 14 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 % Arial Unicode MS Swiss Regular CHINESE_GB2312 14 x 43 40 % Arial Unicode MS Swiss Regular Cyrillic 14 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 % Arial Unicode MS Swiss Regular Hangul(Johab) 14 x 43 40 % Arial Unicode MS Swiss Regular Hangul 14 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 % Arial Unicode MS Swiss Regular Japanese 14 x 43 40 % Arial Unicode MS Swiss Regular Thai 14 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 % Arial Unicode MS Swiss Regular Vietnamese 14 x 43 40 % Arial Unicode MS Swiss Regular Western 14 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 % Arial Swiss Regular Baltic 14 x 36 40 % Arial Swiss Regular Central European 14 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 % Arial Swiss Regular Greek 14 x 36 40 % Arial Swiss Regular Hebrew 14 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 % Arial Swiss Regular Vietnamese 14 x 36 40 % Arial Swiss Regular Western 14 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 37 40 % Batang Roman Regular Baltic 16 x 32 40 % Batang Roman Regular Central European 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % Batang Roman Regular Greek 16 x 32 40 % Batang Roman Regular Hangul 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % Batang Roman Regular Western 16 x 32 40 % BatangChe Modern Regular Baltic 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % BatangChe Modern Regular Cyrillic 16 x 32 40 % BatangChe Modern Regular Greek 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % BatangChe Modern Regular Turkish 16 x 32 40 % BatangChe Modern Regular Western 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 % Bell MT Roman Regular Western 13 x 35 40 % Berlin Sans FB Demi Swiss Bold Western 14 x 36 70 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 36 70 % Bernard MT Condensed Roman Regular Western 12 x 38 40 % Blackadder ITC Decorative Regular Western 10 x 41 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 37 90 % Bodoni MT Condensed Roman Regular Western 9 x 38 40 % Bodoni MT Poster Compressed Roman Regular Turkish 8 x 37 30 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 8 x 37 30 % Bodoni MT Roman Regular Western 13 x 38 40 % Book Antiqua Roman Regular Baltic 14 x 40 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 40 40 % Book Antiqua Roman Regular Cyrillic 14 x 40 40 % Book Antiqua Roman Regular Greek 14 x 40 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 40 40 % Book Antiqua Roman Regular Western 14 x 40 40 % Bookman Old Style Roman Regular Baltic 16 x 36 30 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 36 30 % Bookman Old Style Roman Regular Cyrillic 16 x 36 30 % Bookman Old Style Roman Regular Greek 16 x 36 30 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 36 30 % Bookman Old Style Roman Regular Western 16 x 36 30 % Bookshelf Symbol 7 Special Regular Symbol 21 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 40 40 % Britannic Bold Swiss Regular Western 14 x 35 40 % Broadway Decorative Regular Western 17 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 40 40 % Browallia New Swiss Regular Western 9 x 40 40 % BrowalliaUPC Swiss Regular Thai 9 x 40 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 40 40 % Brush Script MT Script Italic Western 10 x 39 40 % Calibri Light Swiss Italic Baltic 17 x 39 30 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 30 % Calibri Light Swiss Italic Cyrillic 17 x 39 30 % Calibri Light Swiss Italic Greek 17 x 39 30 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 30 % Calibri Light Swiss Italic Vietnamese 17 x 39 30 % Calibri Light Swiss Italic Western 17 x 39 30 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 % Calibri Swiss Regular Central European 17 x 39 40 % Calibri Swiss Regular Cyrillic 17 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 % Calibri Swiss Regular Turkish 17 x 39 40 % Calibri Swiss Regular Vietnamese 17 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 % Californian FB Roman Regular Western 13 x 36 40 % Calisto MT Roman Regular Western 13 x 37 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 20 x 179 40 % Cambria Math Roman Regular Central European 20 x 179 40 % Cambria Math Roman Regular Cyrillic 20 x 179 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 20 x 179 40 % Cambria Math Roman Regular Turkish 20 x 179 40 % Cambria Math Roman Regular Vietnamese 20 x 179 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 20 x 179 40 % Cambria Roman Regular Baltic 20 x 38 40 % Cambria Roman Regular Central European 20 x 38 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 20 x 38 40 % Cambria Roman Regular Greek 20 x 38 40 % Cambria Roman Regular Turkish 20 x 38 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 20 x 38 40 % Cambria Roman Regular Western 20 x 38 40 % Candara Swiss Regular Baltic 17 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 % Candara Swiss Regular Cyrillic 17 x 39 40 % Candara Swiss Regular Greek 17 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 % Candara Swiss Regular Vietnamese 17 x 39 40 % Candara Swiss Regular Western 17 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 21 x 39 40 % Centaur Roman Regular Western 12 x 36 40 % Century Gothic Swiss Regular Baltic 16 x 38 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 38 40 % Century Gothic Swiss Regular Cyrillic 16 x 38 40 % Century Gothic Swiss Regular Greek 16 x 38 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 38 40 % Century Gothic Swiss Regular Western 16 x 38 40 % Century Schoolbook Roman Regular Baltic 15 x 38 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 38 40 % Century Schoolbook Roman Regular Cyrillic 15 x 38 40 % Century Schoolbook Roman Regular Greek 15 x 38 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 38 40 % Century Schoolbook Roman Regular Western 15 x 38 40 % Century Roman Regular Baltic 15 x 38 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 38 40 % Century Roman Regular Cyrillic 15 x 38 40 % Century Roman Regular Greek 15 x 38 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 38 40 % Century Roman Regular Western 15 x 38 40 % Chiller Decorative Regular Western 9 x 37 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 34 40 % Comic Sans MS Script Regular Baltic 15 x 45 40 % Comic Sans MS Script Regular Central European 15 x 45 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 45 40 % Comic Sans MS Script Regular Greek 15 x 45 40 % Comic Sans MS Script Regular Turkish 15 x 45 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 45 40 % Consolas Modern Regular Baltic 18 x 37 40 % Consolas Modern Regular Central European 18 x 37 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 37 40 % Consolas Modern Regular Greek 18 x 37 40 % Consolas Modern Regular Turkish 18 x 37 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 37 40 % Consolas Modern Regular Western 18 x 37 40 % Constantia Roman Regular Baltic 17 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 % Constantia Roman Regular Cyrillic 17 x 39 40 % Constantia Roman Regular Greek 17 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 % Constantia Roman Regular Vietnamese 17 x 39 40 % Constantia Roman Regular Western 17 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 37 40 % Copperplate Gothic Bold Swiss Regular Western 19 x 36 40 % Copperplate Gothic Light Swiss Regular Western 18 x 35 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 % Corbel Swiss Regular Central European 17 x 39 40 % Corbel Swiss Regular Cyrillic 17 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 % Corbel Swiss Regular Turkish 17 x 39 40 % Corbel Swiss Regular Vietnamese 17 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 % Cordia New Swiss Regular Thai 9 x 44 40 % Cordia New Swiss Regular Western 9 x 44 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 44 40 % CordiaUPC Swiss Regular Western 9 x 44 40 % Courier New Modern Regular Arabic 19 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 36 40 % Courier New Modern Regular Central European 19 x 36 40 % Courier New Modern Regular Cyrillic 19 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 36 40 % Courier New Modern Regular Hebrew 19 x 36 40 % Courier New Modern Regular Turkish 19 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 36 40 % Courier New Modern Regular Western 19 x 36 40 % Courier Roman Central European 8 x 13 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 12 x 42 40 % DaunPenh Special Regular Western 12 x 43 40 % David Swiss Regular Hebrew 13 x 31 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % DFKai-SB Script Regular Western 16 x 32 40 % DilleniaUPC Roman Regular Thai 9 x 42 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 42 40 % DokChampa Swiss Regular Thai 19 x 62 40 % DokChampa Swiss Regular Western 19 x 62 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % Dotum Swiss Regular Central European 16 x 32 40 % Dotum Swiss Regular Cyrillic 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % Dotum Swiss Regular Hangul 16 x 32 40 % Dotum Swiss Regular Turkish 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % DotumChe Modern Regular Baltic 16 x 32 40 % DotumChe Modern Regular Central European 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % DotumChe Modern Regular Greek 16 x 32 40 % DotumChe Modern Regular Hangul 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % DotumChe Modern Regular Western 16 x 32 40 % Ebrima Special Regular Baltic 19 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 43 40 % Ebrima Special Regular Turkish 19 x 43 40 % Ebrima Special Regular Western 19 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 8 x 38 40 % Elephant Roman Regular Western 16 x 41 40 % Engravers MT Roman Regular Western 25 x 37 50 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 37 40 % Eras Demi ITC Swiss Regular Western 15 x 36 40 % Eras Light ITC Swiss Regular Western 13 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 % Estrangelo Edessa Script Regular Western 16 x 36 40 % EucrosiaUPC Roman Regular Thai 9 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 39 40 % Euphemia Swiss Regular Western 22 x 42 40 % FangSong Modern Regular CHINESE_GB2312 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % Felix Titling Decorative Regular Western 19 x 37 40 % Fixedsys Swiss Central European 8 x 15 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 34 30 % Forte Script Regular Western 14 x 35 40 % Franklin Gothic Book Swiss Regular Baltic 13 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 36 40 % Franklin Gothic Book Swiss Regular Cyrillic 13 x 36 40 % Franklin Gothic Book Swiss Regular Greek 13 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 36 40 % Franklin Gothic Book Swiss Regular Western 13 x 36 40 % Franklin Gothic Demi Cond Swiss Regular Baltic 12 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 12 x 36 40 % Franklin Gothic Demi Cond Swiss Regular Cyrillic 12 x 36 40 % Franklin Gothic Demi Cond Swiss Regular Greek 12 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 12 x 36 40 % Franklin Gothic Demi Cond Swiss Regular Western 12 x 36 40 % Franklin Gothic Demi Swiss Regular Baltic 14 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 % Franklin Gothic Demi Swiss Regular Cyrillic 14 x 36 40 % Franklin Gothic Demi Swiss Regular Greek 14 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 % Franklin Gothic Demi Swiss Regular Western 14 x 36 40 % Franklin Gothic Heavy Swiss Regular Baltic 15 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 36 40 % Franklin Gothic Heavy Swiss Regular Cyrillic 15 x 36 40 % Franklin Gothic Heavy Swiss Regular Greek 15 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 36 40 % Franklin Gothic Heavy Swiss Regular Western 15 x 36 40 % Franklin Gothic Medium Cond Swiss Regular Baltic 12 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 12 x 36 40 % Franklin Gothic Medium Cond Swiss Regular Cyrillic 12 x 36 40 % Franklin Gothic Medium Cond Swiss Regular Greek 12 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 12 x 36 40 % Franklin Gothic Medium Cond Swiss Regular Western 12 x 36 40 % Franklin Gothic Medium Swiss Regular Baltic 14 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 % Franklin Gothic Medium Swiss Regular Cyrillic 14 x 36 40 % Franklin Gothic Medium Swiss Regular Greek 14 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 % Franklin Gothic Medium Swiss Regular Western 14 x 36 40 % FrankRuehl Swiss Regular Hebrew 13 x 30 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 38 40 % FreesiaUPC Swiss Regular Western 9 x 38 40 % Freestyle Script Script Regular Western 8 x 38 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 36 40 % Gabriola Decorative Regular Baltic 16 x 59 40 % Gabriola Decorative Regular Central European 16 x 59 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 59 40 % Gabriola Decorative Regular Greek 16 x 59 40 % Gabriola Decorative Regular Turkish 16 x 59 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 59 40 % Garamond Roman Regular Baltic 12 x 36 40 % Garamond Roman Regular Central European 12 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 12 x 36 40 % Garamond Roman Regular Greek 12 x 36 40 % Garamond Roman Regular Turkish 12 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 12 x 36 40 % Gautami Swiss Regular Western 18 x 56 40 % Georgia Roman Regular Baltic 14 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 % Georgia Roman Regular Cyrillic 14 x 36 40 % Georgia Roman Regular Greek 14 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 % Georgia Roman Regular Western 14 x 36 40 % Gigi Decorative Regular Western 13 x 44 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 10 x 39 40 % Gill Sans MT Condensed Swiss Regular Western 10 x 39 40 % Gill Sans MT Ext Condensed Bold Swiss Regular Central European 7 x 38 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 7 x 38 40 % Gill Sans MT Swiss Regular Central European 13 x 37 40 % Gill Sans MT Swiss Regular Western 13 x 37 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 40 40 % Gill Sans Ultra Bold Condensed Swiss Regular Western 14 x 40 40 % Gill Sans Ultra Bold Swiss Regular Central European 20 x 40 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 20 x 40 40 % Gisha Swiss Regular Hebrew 16 x 38 40 % Gisha Swiss Regular Western 16 x 38 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 37 40 % Goudy Old Style Roman Regular Western 13 x 36 40 % Goudy Stout Roman Regular Western 36 x 44 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % Gulim Swiss Regular Central European 16 x 32 40 % Gulim Swiss Regular Cyrillic 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % Gulim Swiss Regular Hangul 16 x 32 40 % Gulim Swiss Regular Turkish 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % GulimChe Modern Regular Baltic 16 x 32 40 % GulimChe Modern Regular Central European 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % GulimChe Modern Regular Greek 16 x 32 40 % GulimChe Modern Regular Hangul 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % GulimChe Modern Regular Western 16 x 32 40 % Gungsuh Roman Regular Baltic 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % Gungsuh Roman Regular Cyrillic 16 x 32 40 % Gungsuh Roman Regular Greek 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % Gungsuh Roman Regular Turkish 16 x 32 40 % Gungsuh Roman Regular Western 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % GungsuhChe Modern Regular Central European 16 x 32 40 % GungsuhChe Modern Regular Cyrillic 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % GungsuhChe Modern Regular Hangul 16 x 32 40 % GungsuhChe Modern Regular Turkish 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % Haettenschweiler Swiss Regular Baltic 10 x 33 40 % Haettenschweiler Swiss Regular Central European 10 x 33 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 10 x 33 40 % Haettenschweiler Swiss Regular Greek 10 x 33 40 % Haettenschweiler Swiss Regular Turkish 10 x 33 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 10 x 33 40 % Harlow Solid Italic Decorative Italic Western 12 x 40 40 % Harrington Decorative Regular Western 14 x 38 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 37 40 % Impact Swiss Regular Baltic 13 x 39 40 % Impact Swiss Regular Central European 13 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 39 40 % Impact Swiss Regular Greek 13 x 39 40 % Impact Swiss Regular Turkish 13 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 39 40 % Imprint MT Shadow Decorative Regular Western 13 x 38 40 % Informal Roman Script Regular Western 12 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 40 40 % IrisUPC Swiss Regular Western 9 x 40 40 % Iskoola Pota Swiss Regular Western 22 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 34 40 % JasmineUPC Roman Regular Western 9 x 34 40 % Jokerman Decorative Regular Western 16 x 48 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 36 40 % KaiTi Modern Regular CHINESE_GB2312 16 x 32 40 % KaiTi Modern Regular Western 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 48 40 % Kartika Roman Regular Western 27 x 46 40 % Khmer UI Swiss Regular Western 21 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 31 40 % KodchiangUPC Roman Regular Western 9 x 31 40 % Kokila Swiss Regular Western 13 x 37 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 44 40 % Kunstler Script Script Regular Western 8 x 35 40 % Lao UI Swiss Regular Western 18 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 23 x 44 40 % Leelawadee Swiss Regular Thai 17 x 38 40 % Leelawadee Swiss Regular Western 17 x 38 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 42 40 % LilyUPC Swiss Regular Thai 9 x 30 40 % LilyUPC Swiss Regular Western 9 x 30 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 36 40 % Lucida Calligraphy Script Italic Western 17 x 40 40 % Lucida Console Modern Regular Central European 19 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 32 40 % Lucida Console Modern Regular Greek 19 x 32 40 % Lucida Console Modern Regular Turkish 19 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 32 40 % Lucida Fax Roman Regular Western 16 x 37 40 % Lucida Handwriting Script Italic Western 18 x 41 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 36 40 % Lucida Sans Unicode Swiss Regular Baltic 16 x 49 40 % Lucida Sans Unicode Swiss Regular Central European 16 x 49 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 49 40 % Lucida Sans Unicode Swiss Regular Greek 16 x 49 40 % Lucida Sans Unicode Swiss Regular Hebrew 16 x 49 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 49 40 % Lucida Sans Unicode Swiss Regular Western 16 x 49 40 % Lucida Sans Swiss Regular Western 16 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 39 70 % Maiandra GD Swiss Regular Western 14 x 38 40 % Malgun Gothic Swiss Regular Hangul 15 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 43 40 % Mangal Roman Regular Western 19 x 54 40 % Marlett Special Regular Symbol 31 x 32 50 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 % Meiryo UI Swiss Regular Baltic 17 x 41 40 % Meiryo UI Swiss Regular Central European 17 x 41 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 41 40 % Meiryo UI Swiss Regular Greek 17 x 41 40 % Meiryo UI Swiss Regular Japanese 17 x 41 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 41 40 % Meiryo UI Swiss Regular Western 17 x 41 40 % Meiryo Swiss Regular Baltic 31 x 48 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 48 40 % Meiryo Swiss Regular Cyrillic 31 x 48 40 % Meiryo Swiss Regular Greek 31 x 48 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 48 40 % Meiryo Swiss Regular Turkish 31 x 48 40 % Meiryo Swiss Regular Western 31 x 48 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 % Microsoft JhengHei Swiss Regular CHINESE_BIG5 15 x 43 40 % Microsoft JhengHei Swiss Regular Greek 15 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 43 40 % Microsoft New Tai Lue Swiss Regular Western 19 x 42 40 % Microsoft PhagsPa Swiss Regular Western 24 x 41 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 % Microsoft Sans Serif Swiss Regular Baltic 14 x 36 40 % Microsoft Sans Serif Swiss Regular Central European 14 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 % Microsoft Sans Serif Swiss Regular Greek 14 x 36 40 % Microsoft Sans Serif Swiss Regular Hebrew 14 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 % Microsoft Sans Serif Swiss Regular Turkish 14 x 36 40 % Microsoft Sans Serif Swiss Regular Vietnamese 14 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 % Microsoft Tai Le Swiss Regular Western 19 x 41 40 % Microsoft Uighur Special Regular Arabic 13 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 % Microsoft YaHei Swiss Regular Central European 15 x 42 40 % Microsoft YaHei Swiss Regular CHINESE_GB2312 15 x 42 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 42 40 % Microsoft YaHei Swiss Regular Greek 15 x 42 40 % Microsoft YaHei Swiss Regular Turkish 15 x 42 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 42 40 % Microsoft Yi Baiti Script Regular Western 21 x 32 40 % MingLiU_HKSCS Roman Regular CHINESE_BIG5 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % MingLiU_HKSCS-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 % MingLiU_HKSCS-ExtB Roman Regular Western 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % MingLiU Modern Regular Western 16 x 32 40 % MingLiU-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % Miriam Fixed Modern Regular Hebrew 19 x 32 40 % Miriam Swiss Regular Hebrew 13 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 10 x 39 40 % Mistral Script Regular Central European 10 x 39 40 % Mistral Script Regular Cyrillic 10 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 10 x 39 40 % Mistral Script Regular Turkish 10 x 39 40 % Mistral Script Regular Western 10 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 33 40 % Modern Modern OEM/DOS 19 x 37 40 % Mongolian Baiti Script Regular Western 14 x 34 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 11 x 35 40 % Monotype Corsiva Script Regular Central European 11 x 35 40 % Monotype Corsiva Script Regular Cyrillic 11 x 35 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 11 x 35 40 % Monotype Corsiva Script Regular Turkish 11 x 35 40 % Monotype Corsiva Script Regular Western 11 x 35 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 43 40 % MS Gothic Modern Regular Baltic 16 x 32 40 % MS Gothic Modern Regular Central European 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % MS Gothic Modern Regular Greek 16 x 32 40 % MS Gothic Modern Regular Japanese 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % MS Gothic Modern Regular Western 16 x 32 40 % MS Mincho Modern Regular Baltic 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % MS Mincho Modern Regular Cyrillic 16 x 32 40 % MS Mincho Modern Regular Greek 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % MS Mincho Modern Regular Turkish 16 x 32 40 % MS Mincho Modern Regular Western 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 33 40 % MS PGothic Swiss Regular Baltic 13 x 32 40 % MS PGothic Swiss Regular Central European 13 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 % MS PGothic Swiss Regular Greek 13 x 32 40 % MS PGothic Swiss Regular Japanese 13 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 % MS PGothic Swiss Regular Western 13 x 32 40 % MS PMincho Roman Regular Baltic 13 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 % MS PMincho Roman Regular Cyrillic 13 x 32 40 % MS PMincho Roman Regular Greek 13 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 % MS PMincho Roman Regular Turkish 13 x 32 40 % MS PMincho Roman Regular Western 13 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 39 40 % MS Reference Sans Serif Swiss Regular Central European 16 x 39 40 % MS Reference Sans Serif Swiss Regular Cyrillic 16 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 39 40 % MS Reference Sans Serif Swiss Regular Turkish 16 x 39 40 % MS Reference Sans Serif Swiss Regular Vietnamese 16 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 39 40 % MS Reference Specialty Special Regular Symbol 23 x 39 40 % MS Sans Serif Swiss Central European 5 x 13 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 5 x 13 40 % MS UI Gothic Swiss Regular Baltic 13 x 32 40 % MS UI Gothic Swiss Regular Central European 13 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 % MS UI Gothic Swiss Regular Greek 13 x 32 40 % MS UI Gothic Swiss Regular Japanese 13 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 % MS UI Gothic Swiss Regular Western 13 x 32 40 % MT Extra Roman Regular Symbol 20 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 52 40 % Narkisim Swiss Regular Hebrew 12 x 32 40 % Niagara Engraved Decorative Regular Western 8 x 34 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 8 x 34 40 % NSimSun Modern Regular CHINESE_GB2312 16 x 32 40 % NSimSun Modern Regular Western 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 33 40 % Nyala Special Regular Central European 18 x 33 40 % Nyala Special Regular Turkish 18 x 33 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 33 40 % OCR A Extended Modern Regular Western 19 x 33 40 % Old English Text MT Script Regular Western 12 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 8 x 37 40 % Palace Script MT Script Regular Western 7 x 30 40 % Palatino Linotype Roman Regular Baltic 14 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 % Palatino Linotype Roman Regular Cyrillic 14 x 43 40 % Palatino Linotype Roman Regular Greek 14 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 % Palatino Linotype Roman Regular Vietnamese 14 x 43 40 % Palatino Linotype Roman Regular Western 14 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 50 40 % Parchment Script Regular Western 6 x 34 40 % Perpetua Titling MT Roman Bold Western 21 x 39 70 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 12 x 37 40 % Plantagenet Cherokee Roman Regular Western 14 x 41 40 % Playbill Decorative Regular Western 8 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % PMingLiU Roman Regular Western 16 x 32 40 % PMingLiU-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % Poor Richard Roman Regular Western 12 x 36 40 % Pristina Script Regular Western 10 x 42 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 53 40 % Rage Italic Script Regular Western 11 x 40 40 % Ravie Decorative Regular Western 22 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 11 x 38 40 % Rockwell Extra Bold Roman Regular Western 19 x 38 80 % Rockwell Roman Regular Western 15 x 38 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 31 40 % Roman Roman OEM/DOS 22 x 37 40 % Sakkal Majalla Special Regular Arabic 16 x 45 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 45 40 % Sakkal Majalla Special Regular Central European 16 x 45 40 % Sakkal Majalla Special Regular Turkish 16 x 45 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 45 40 % Script MT Bold Script Regular Western 13 x 39 70 % Script Script OEM/DOS 16 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 21 x 56 40 % Segoe Print Special Regular Central European 21 x 56 40 % Segoe Print Special Regular Cyrillic 21 x 56 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 21 x 56 40 % Segoe Print Special Regular Turkish 21 x 56 40 % Segoe Print Special Regular Western 21 x 56 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 22 x 51 40 % Segoe Script Swiss Regular Central European 22 x 51 40 % Segoe Script Swiss Regular Cyrillic 22 x 51 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 22 x 51 40 % Segoe Script Swiss Regular Turkish 22 x 51 40 % Segoe Script Swiss Regular Western 22 x 51 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 30 % Segoe UI Light Swiss Regular Central European 17 x 43 30 % Segoe UI Light Swiss Regular Cyrillic 17 x 43 30 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 30 % Segoe UI Light Swiss Regular Turkish 17 x 43 30 % Segoe UI Light Swiss Regular Vietnamese 17 x 43 30 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 30 % Segoe UI Semibold Swiss Regular Baltic 18 x 43 60 % Segoe UI Semibold Swiss Regular Central European 18 x 43 60 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 43 60 % Segoe UI Semibold Swiss Regular Greek 18 x 43 60 % Segoe UI Semibold Swiss Regular Turkish 18 x 43 60 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 43 60 % Segoe UI Semibold Swiss Regular Western 18 x 43 60 % Segoe UI Symbol Swiss Regular Western 23 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 40 % Segoe UI Swiss Regular Baltic 17 x 43 40 % Segoe UI Swiss Regular Central European 17 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 40 % Segoe UI Swiss Regular Greek 17 x 43 40 % Segoe UI Swiss Regular Turkish 17 x 43 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 40 % Segoe UI Swiss Regular Western 17 x 43 40 % Shonar Bangla Swiss Regular Western 16 x 41 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 40 40 % Shruti Swiss Regular Western 14 x 54 40 % SimHei Modern Regular CHINESE_GB2312 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % Simplified Arabic Fixed Modern Regular Arabic 19 x 35 40 % Simplified Arabic Fixed Modern Regular Western 19 x 35 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 53 40 % Simplified Arabic Roman Regular Western 13 x 53 40 % SimSun Special Regular CHINESE_GB2312 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 % SimSun-ExtB Modern Regular CHINESE_GB2312 16 x 32 40 % SimSun-ExtB Modern Regular Western 16 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1 x 3 40 % Snap ITC Decorative Regular Western 19 x 41 40 % Stencil Decorative Regular Western 18 x 38 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 42 40 % Sylfaen Roman Regular Central European 13 x 42 40 % Sylfaen Roman Regular Cyrillic 13 x 42 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 42 40 % Sylfaen Roman Regular Turkish 13 x 42 40 % Sylfaen Roman Regular Western 13 x 42 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 39 40 % System Swiss Central European 7 x 16 70 % Tahoma Swiss Regular Arabic 14 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 39 40 % Tahoma Swiss Regular Central European 14 x 39 40 % Tahoma Swiss Regular Cyrillic 14 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 39 40 % Tahoma Swiss Regular Hebrew 14 x 39 40 % Tahoma Swiss Regular Thai 14 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 39 40 % Tahoma Swiss Regular Vietnamese 14 x 39 40 % Tahoma Swiss Regular Western 14 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 23 x 32 50 % Tempus Sans ITC Decorative Regular Western 13 x 42 40 % Terminal Modern OEM/DOS 8 x 12 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 35 40 % Times New Roman Roman Regular Baltic 13 x 35 40 % Times New Roman Roman Regular Central European 13 x 35 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 35 40 % Times New Roman Roman Regular Greek 13 x 35 40 % Times New Roman Roman Regular Hebrew 13 x 35 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 35 40 % Times New Roman Roman Regular Vietnamese 13 x 35 40 % Times New Roman Roman Regular Western 13 x 35 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 48 40 % Traditional Arabic Roman Regular Western 15 x 48 40 % Trebuchet MS Swiss Regular Baltic 15 x 37 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 37 40 % Trebuchet MS Swiss Regular Cyrillic 15 x 37 40 % Trebuchet MS Swiss Regular Greek 15 x 37 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 37 40 % Trebuchet MS Swiss Regular Western 15 x 37 40 % Tunga Swiss Regular Western 18 x 53 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 12 x 35 40 % Tw Cen MT Condensed Extra Bold Swiss Regular Western 12 x 35 40 % Tw Cen MT Condensed Swiss Bold Central European 11 x 34 70 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 11 x 34 70 % Tw Cen MT Swiss Regular Central European 13 x 35 40 % Tw Cen MT Swiss Regular Western 13 x 35 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 36 40 % Vani Swiss Regular Western 23 x 54 40 % Verdana Swiss Regular Baltic 16 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 39 40 % Verdana Swiss Regular Cyrillic 16 x 39 40 % Verdana Swiss Regular Greek 16 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 39 40 % Verdana Swiss Regular Vietnamese 16 x 39 40 % Verdana Swiss Regular Western 16 x 39 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 32 40 % Viner Hand ITC Script Regular Western 15 x 52 40 % Vivaldi Script Italic Western 9 x 38 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 10 x 39 40 % Vrinda Swiss Regular Western 20 x 44 40 % Webdings Roman Regular Symbol 31 x 32 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 26 x 39 40 % Wingdings 2 Roman Regular Symbol 27 x 34 40 % Wingdings 3 Roman Regular Symbol 25 x 36 40 % [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 28 x 36 40 % --------[ Windows Audio ]----------------------------------------------------------------------------------------------- midi-out.0 0001 001B Microsoft GS Wavetable Synth mixer.0 0001 FFFF Speakers (High Definition Audio mixer.1 0001 FFFF Digital Audio (S/PDIF) (High De mixer.2 0001 FFFF Headphones (High Definition Aud mixer.3 0001 FFFF Microphone (High Definition Aud mixer.4 0001 FFFF Microphone (High Definition Aud mixer.5 0001 FFFF Line In (High Definition Audio mixer.6 0001 FFFF Line In (High Definition Audio wave-in.0 0001 FFFF Microphone (High Definition Aud wave-in.1 0001 FFFF Microphone (High Definition Aud wave-in.2 0001 FFFF Line In (High Definition Audio wave-in.3 0001 FFFF Line In (High Definition Audio wave-out.0 0001 FFFF Speakers (High Definition Audio wave-out.1 0001 FFFF Digital Audio (S/PDIF) (High De wave-out.2 0001 FFFF Headphones (High Definition Aud --------[ PCI / PnP Audio ]--------------------------------------------------------------------------------------------- nVIDIA HDMI/DP @ nVIDIA GT218 - High Definition Audio Controller PCI nVIDIA HDMI/DP @ nVIDIA GT218 - High Definition Audio Controller PCI nVIDIA HDMI/DP @ nVIDIA GT218 - High Definition Audio Controller PCI nVIDIA HDMI/DP @ nVIDIA GT218 - High Definition Audio Controller PCI Realtek ALC883 @ Intel 82801GB ICH7 - High Definition Audio Controller [A-1] PCI --------[ HD Audio ]---------------------------------------------------------------------------------------------------- [ Intel 82801GB ICH7 - High Definition Audio Controller [A-1] ] Device Properties: Device Description Intel 82801GB ICH7 - High Definition Audio Controller [A-1] Device Description (Windows) High Definition Audio Controller Bus Type PCI Bus / Device / Function 0 / 27 / 0 Device ID 8086-27D8 Subsystem ID 1043-8249 Revision 01 Hardware ID PCI\VEN_8086&DEV_27D8&SUBSYS_82491043&REV_01 Device Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ Realtek ALC883 ] Device Properties: Device Description Realtek ALC883 Device Description (Windows) High Definition Audio Device Device Type Audio Bus Type HDAUDIO Device ID 10EC-0883 Subsystem ID 1043-C603 Revision 1000 Hardware ID HDAUDIO\FUNC_01&VEN_10EC&DEV_0883&SUBSYS_1043C603&REV_1000 Device Manufacturer: Company Name Realtek Semiconductor Corp. Product Information http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=8&PFid=14&Level=3&Conn=2 Driver Download http://www.realtek.com.tw/downloads Driver Update http://www.aida64.com/driver-updates [ nVIDIA GT218 - High Definition Audio Controller ] Device Properties: Device Description nVIDIA GT218 - High Definition Audio Controller Device Description (Windows) High Definition Audio Controller Bus Type PCI Bus / Device / Function 5 / 0 / 1 Device ID 10DE-0BE3 Subsystem ID 0000-0000 Revision A1 Hardware ID PCI\VEN_10DE&DEV_0BE3&SUBSYS_00000000&REV_A1 Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ nVIDIA HDMI/DP ] Device Properties: Device Description nVIDIA HDMI/DP Device Description (Windows) NVIDIA High Definition Audio Device Type Audio Bus Type HDAUDIO Device ID 10DE-000B Subsystem ID 10DE-0101 Revision 1002 Hardware ID HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002 Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ nVIDIA HDMI/DP ] Device Properties: Device Description nVIDIA HDMI/DP Device Description (Windows) NVIDIA High Definition Audio Device Type Audio Bus Type HDAUDIO Device ID 10DE-000B Subsystem ID 10DE-0101 Revision 1002 Hardware ID HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002 Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ nVIDIA HDMI/DP ] Device Properties: Device Description nVIDIA HDMI/DP Device Description (Windows) NVIDIA High Definition Audio Device Type Audio Bus Type HDAUDIO Device ID 10DE-000B Subsystem ID 10DE-0101 Revision 1002 Hardware ID HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002 Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ nVIDIA HDMI/DP ] Device Properties: Device Description nVIDIA HDMI/DP Device Description (Windows) NVIDIA High Definition Audio Device Type Audio Bus Type HDAUDIO Device ID 10DE-000B Subsystem ID 10DE-0101 Revision 1002 Hardware ID HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002 Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates --------[ Audio Codecs ]------------------------------------------------------------------------------------------------ [ Fraunhofer IIS MPEG Layer-3 Codec (decode only) ] ACM Driver Properties: Driver Description Fraunhofer IIS MPEG Layer-3 Codec (decode only) Copyright Notice Copyright © 1996-1999 Fraunhofer Institut Integrierte Schaltungen IIS Driver Features decoder only version Driver Version 1.09 [ Microsoft ADPCM CODEC ] ACM Driver Properties: Driver Description Microsoft ADPCM CODEC Copyright Notice Copyright (C) 1992-1996 Microsoft Corporation Driver Features Compresses and decompresses Microsoft ADPCM audio data. Driver Version 4.00 [ Microsoft CCITT G.711 A-Law and u-Law CODEC ] ACM Driver Properties: Driver Description Microsoft CCITT G.711 A-Law and u-Law CODEC Copyright Notice Copyright (c) 1993-1996 Microsoft Corporation Driver Features Compresses and decompresses CCITT G.711 A-Law and u-Law audio data. Driver Version 4.00 [ Microsoft GSM 6.10 Audio CODEC ] ACM Driver Properties: Driver Description Microsoft GSM 6.10 Audio CODEC Copyright Notice Copyright (C) 1993-1996 Microsoft Corporation Driver Features Compresses and decompresses audio data conforming to the ETSI-GSM (European Telecommunications Standards Institute-Groupe Special Mobile) recommendation 6.10. Driver Version 4.00 [ Microsoft IMA ADPCM CODEC ] ACM Driver Properties: Driver Description Microsoft IMA ADPCM CODEC Copyright Notice Copyright (C) 1992-1996 Microsoft Corporation Driver Features Compresses and decompresses IMA ADPCM audio data. Driver Version 4.00 [ Microsoft PCM Converter ] ACM Driver Properties: Driver Description Microsoft PCM Converter Copyright Notice Copyright (C) 1992-1996 Microsoft Corporation Driver Features Converts frequency and bits per sample of PCM audio data. Driver Version 5.00 --------[ Video Codecs ]------------------------------------------------------------------------------------------------ iccvid.dll 1.10.0.11 Cinepak® Codec iyuv_32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Intel Indeo(R) Video YUV Codec [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] msvidc32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Video 1 Compressor msyuv.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) Microsoft UYVY Video Decompressor [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] --------[ MCI ]--------------------------------------------------------------------------------------------------------- [ AVIVideo ] MCI Device Properties: Device AVIVideo Name Video for Windows Description Video For Windows MCI driver Type Digital Video Device Driver mciavi32.dll Status Enabled MCI Device Features: Compound Device Yes File Based Device Yes Can Eject No Can Play Yes Can Play In Reverse Yes Can Record No Can Save Data No Can Freeze Data No Can Lock Data No Can Stretch Frame Yes Can Stretch Input No Can Test Yes Audio Capable Yes Video Capable Yes Still Image Capable No [ CDAudio ] MCI Device Properties: Device CDAudio Name CD Audio Description MCI driver for cdaudio devices Type CD Audio Device Driver mcicda.dll Status Enabled MCI Device Features: Compound Device No File Based Device No Can Eject Yes Can Play Yes Can Record No Can Save Data No Audio Capable Yes Video Capable No [ MPEGVideo ] MCI Device Properties: Device MPEGVideo Name DirectShow Description DirectShow MCI Driver Type Digital Video Device Driver mciqtz32.dll Status Enabled MCI Device Features: Compound Device Yes File Based Device Yes Can Eject No Can Play Yes Can Play In Reverse No Can Record No Can Save Data No Can Freeze Data No Can Lock Data No Can Stretch Frame Yes Can Stretch Input No Can Test Yes Audio Capable Yes Video Capable Yes Still Image Capable No [ Sequencer ] MCI Device Properties: Device Sequencer Name MIDI Sequencer Description MCI driver for MIDI sequencer Type Sequencer Device Driver mciseq.dll Status Enabled MCI Device Features: Compound Device Yes File Based Device Yes Can Eject No Can Play Yes Can Record No Can Save Data No Audio Capable Yes Video Capable No [ WaveAudio ] MCI Device Properties: Device WaveAudio Name Sound Description MCI driver for waveform audio Type Waveform Audio Device Driver mciwave.dll Status Enabled MCI Device Features: Compound Device Yes File Based Device Yes Can Eject No Can Play Yes Can Record Yes Can Save Data Yes Audio Capable Yes Video Capable No --------[ SAPI ]-------------------------------------------------------------------------------------------------------- SAPI Properties: SAPI4 Version - SAPI5 Version 5.3.13120.0 Voice (SAPI5): Name Microsoft Anna - English (United States) Description Microsoft Anna - English (United States) Voice Name M1033DSK Voice Path C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk Age Adult Gender Female Language English (United States) Vendor Microsoft Version 2.0 DLL File C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll (x86) CLSID {F51C7B23-6566-424C-94CF-2C4F83EE96FF} Frontend {55DFB4F7-4175-4B3B-B247-D9B399ADB119} Speech Recognizer (SAPI5): Name Microsoft Speech Recognizer 8.0 for Windows (English - UK) Description Microsoft Speech Recognizer 8.0 for Windows (English - UK) FE Config Data File C:\Windows\Speech\Engines\SR\en-GB\c2057dsk.fe Language English (United Kingdom) Speaking Style Discrete;Continuous Supported Locales English (United Kingdom); English (Australia); English (New Zealand); English (Ireland); English (South Africa); English (Jamaica); English (Caribbean); English (Belize); English (Trinidad and Tobago); English (Zimbabwe); English (India); English (Malaysia); English (Singapore); English Vendor Microsoft Version 8.0 DLL File C:\Windows\System32\Speech\Engines\SR\spsreng.dll (x86) CLSID {DAC9F469-0C67-4643-9258-87EC128C5941} RecoExtension {4F4DB904-CA35-4A3A-90AF-C9D8BE7532AC} Speech Recognizer (SAPI5): Name Microsoft Speech Recognizer 8.0 for Windows (English - US) Description Microsoft Speech Recognizer 8.0 for Windows (English - US) FE Config Data File C:\Windows\Speech\Engines\SR\en-US\c1033dsk.fe Language English (United States); English Speaking Style Discrete;Continuous Supported Locales English (United States); English (Canada); English (Republic of the Philippines); English Vendor Microsoft Version 8.0 DLL File C:\Windows\System32\Speech\Engines\SR\spsreng.dll (x86) CLSID {DAC9F469-0C67-4643-9258-87EC128C5941} RecoExtension {4F4DB904-CA35-4A3A-90AF-C9D8BE7532AC} --------[ Windows Storage ]--------------------------------------------------------------------------------------------- [ Floppy disk drive ] Device Properties: Driver Description Floppy disk drive Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File flpydisk.inf [ Verbatim STORE N GO USB Device ] Device Properties: Driver Description Verbatim STORE N GO USB Device Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File disk.inf [ WDC WD10EZEX-21M2NA0 ATA Device ] Device Properties: Driver Description WDC WD10EZEX-21M2NA0 ATA Device Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File disk.inf Disk Device Physical Info: Manufacturer Western Digital Hard Disk Family Caviar Blue Form Factor 3.5" Formatted Capacity 1000 GB Physical Dimensions 147 x 101.6 x 25.4 mm Max. Weight 440 g Average Rotational Latency 4.2 ms Rotational Speed 7200 RPM Max. Internal Data Rate 1200 Mbit/s Interface SATA-III Buffer-to-Host Data Rate 600 MB/s Buffer Size 64 MB Device Manufacturer: Company Name Western Digital Corporation Product Information http://www.wdc.com/en [ DTSOFT Virtual CdRom Device ] Device Properties: Driver Description DTSOFT Virtual CdRom Device Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File cdrom.inf [ HL-DT-ST DVD-RAM GH22NP20 ATA Device ] Device Properties: Driver Description HL-DT-ST DVD-RAM GH22NP20 ATA Device Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File cdrom.inf Optical Drive Properties: Manufacturer Hitachi-LG Device Type DVD+RW/DVD-RW/DVD-RAM Interface ATAPI Writing Speeds: DVD+R9 Dual Layer 16x DVD+R 22x DVD+RW 8x DVD-R9 Dual Layer 12x DVD-R 22x DVD-RW 6x DVD-RAM 12x CD-R 48x CD-RW 32x Reading Speeds: DVD-ROM 16x CD-ROM 48x Device Manufacturer: Company Name LG Electronics Product Information http://www.lg.com/us/data-storage Firmware Download http://www.lg.com/us/support [ ATA Channel 0 ] Device Properties: Driver Description ATA Channel 0 Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf [ ATA Channel 0 ] Device Properties: Driver Description ATA Channel 0 Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Device Resources: IRQ 14 Port 01F0-01F7 Port 03F6-03F6 [ ATA Channel 0 ] Device Properties: Driver Description ATA Channel 0 Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf [ ATA Channel 1 ] Device Properties: Driver Description ATA Channel 1 Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf [ ATA Channel 1 ] Device Properties: Driver Description ATA Channel 1 Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Device Resources: IRQ 15 Port 0170-0177 Port 0376-0376 [ ATA Channel 1 ] Device Properties: Driver Description ATA Channel 1 Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf [ Intel(R) 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF ] Device Properties: Driver Description Intel(R) 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Device Resources: Port FFA0-FFAF [ Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0 ] Device Properties: Driver Description Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0 Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Device Resources: IRQ 23 Port 7400-740F Port 7800-7803 Port 8000-8007 Port 8400-8403 Port 8800-8807 [ Standard Dual Channel PCI IDE Controller ] Device Properties: Driver Description Standard Dual Channel PCI IDE Controller Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Device Resources: IRQ 19 Memory DBEFE000-DBEFFFFF Port A400-A40F Port A800-A803 Port B000-B007 Port B400-B403 Port B800-B807 [ Standard floppy disk controller ] Device Properties: Driver Description Standard floppy disk controller Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File fdc.inf Device Resources: DMA 02 IRQ 06 Port 03F0-03F5 Port 03F7-03F7 --------[ Logical Drives ]---------------------------------------------------------------------------------------------- A: Removable Disk [ TRIAL VERSION ] Local Disk NTFS [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] D: Local Disk NTFS 893867 MB 176534 MB 717333 MB 80 % 84BF-0581 E: Optical Drive F: (MULTIBOOT) Removable Disk FAT32 7649 MB 3387 MB 4261 MB 56 % 19F1-2A17 G: Optical Drive --------[ Physical Drives ]--------------------------------------------------------------------------------------------- [ Drive #1 - WDC WD10EZEX-21M2NA0 (931 GB) ] #1 (Active) NTFS 1 MB 100 MB #2 NTFS C: 101 MB 59899 MB #3 NTFS D: 60000 MB 893868 MB [ Drive #2 - VerbatimSTORE N GO (7680 MB) ] #1 (Active) FAT32 F: 1 MB 7679 MB --------[ Optical Drives ]---------------------------------------------------------------------------------------------- [ E:\ HL-DT-ST DVD-RAM GH22NP20 ATA Device ] Optical Drive Properties: Device Description HL-DT-ST DVD-RAM GH22NP20 ATA Device Serial Number 0@85@;=4 Firmware Revision 1.00 Firmware Date 25.03.2008 Buffer Size 2 MB Manufacturer Hitachi-LG Device Type DVD+RW/DVD-RW/DVD-RAM Interface ATAPI Region Code 2 Remaining User Changes 4 Remaining Vendor Changes 4 Writing Speeds: DVD+R9 Dual Layer 16x DVD+R 22x DVD+RW 8x DVD-R9 Dual Layer 12x DVD-R 22x DVD-RW 6x DVD-RAM 12x CD-R 48x CD-RW 32x Reading Speeds: DVD-ROM 16x CD-ROM 48x Supported Disk Types: BD-ROM Not Supported BD-R Not Supported BD-RE Not Supported HD DVD-ROM Not Supported HD DVD-R Dual Layer Not Supported HD DVD-RW Dual Layer Not Supported HD DVD-R Not Supported HD DVD-RW Not Supported HD DVD-RAM Not Supported DVD-ROM Read DVD+R9 Dual Layer Read + Write DVD+RW9 Dual Layer Not Supported DVD+R Read + Write DVD+RW Read + Write DVD-R9 Dual Layer Read + Write DVD-RW9 Dual Layer Not Supported DVD-R Read + Write DVD-RW Read + Write DVD-RAM Read + Write CD-ROM Read CD-R Read + Write CD-RW Read + Write Optical Drive Features: AACS Not Supported BD CPS Not Supported Buffer Underrun Protection Supported C2 Error Pointers Not Supported CD+G Not Supported CD-Text Supported DVD-Download Disc Recording Not Supported Hybrid Disc Not Supported JustLink Not Supported CPRM Supported CSS Supported LabelFlash Not Supported Layer-Jump Recording Supported LightScribe Not Supported Mount Rainier Not Supported OSSC Not Supported Qflix Recording Not Supported SecurDisc Not Supported SMART Not Supported VCPS Not Supported Device Manufacturer: Company Name LG Electronics Product Information http://www.lg.com/us/data-storage Firmware Download http://www.lg.com/us/support Driver Update http://www.aida64.com/driver-updates [ G:\ DTSOFT Virtual CdRom Device ] Optical Drive Properties: Device Description DTSOFT Virtual CdRom Device Firmware Revision 1.05 Buffer Size 128 KB Region Code 1 Remaining User Changes 4 Remaining Vendor Changes 4 Supported Disk Types: BD-ROM Read BD-R Read BD-RE Read HD DVD-ROM Not Supported HD DVD-R Dual Layer Not Supported HD DVD-RW Dual Layer Not Supported HD DVD-R Not Supported HD DVD-RW Not Supported HD DVD-RAM Not Supported DVD-ROM Read DVD+R9 Dual Layer Read DVD+RW9 Dual Layer Read DVD+R Read DVD+RW Read DVD-R9 Dual Layer Read DVD-RW9 Dual Layer Not Supported DVD-R Read DVD-RW Read DVD-RAM Not Supported CD-ROM Read CD-R Read CD-RW Read Optical Drive Features: AACS Not Supported BD CPS Not Supported Buffer Underrun Protection Not Supported C2 Error Pointers Supported CD+G Supported CD-Text Supported DVD-Download Disc Recording Not Supported Hybrid Disc Not Supported JustLink Not Supported CPRM Not Supported CSS Not Supported LabelFlash Not Supported Layer-Jump Recording Not Supported LightScribe Not Supported Mount Rainier Not Supported OSSC Not Supported Qflix Recording Not Supported SecurDisc Not Supported SMART Not Supported VCPS Not Supported --------[ ATA ]--------------------------------------------------------------------------------------------------------- [ WDC WD10EZEX-21M2NA0 (WCC3F1ZSR0TS) ] ATA Device Properties: Model ID WDC WD10EZEX-21M2NA0 Serial Number WCC3F1ZSR0TS Revision 01.01A01 World Wide Name 5-0014EE-20B580A42 Device Type SATA-III Parameters 1938021 cylinders, 16 heads, 63 sectors per track, 512 bytes per sector LBA Sectors 1953525168 Physical / Logical Sector Size 4 KB / 512 bytes Multiple Sectors 16 Max. PIO Transfer Mode PIO 4 Max. MWDMA Transfer Mode MWDMA 2 Max. UDMA Transfer Mode UDMA 6 Active UDMA Transfer Mode UDMA 5 Unformatted Capacity 953870 MB Rotational Speed 7200 RPM ATA Standard ACS-2 ATA Device Features: 48-bit LBA Supported, Enabled Automatic Acoustic Management (AAM) Not Supported Device Configuration Overlay (DCO) Supported, Enabled DMA Setup Auto-Activate Supported, Disabled Free-Fall Control Not Supported General Purpose Logging (GPL) Supported, Enabled Hardware Feature Control Not Supported Host Protected Area (HPA) Supported, Enabled HPA Security Extensions Supported, Disabled Hybrid Information Feature Not Supported In-Order Data Delivery Not Supported Native Command Queuing (NCQ) Supported NCQ Autosense Not Supported NCQ Priority Information Supported NCQ Queue Management Command Not Supported NCQ Streaming Not Supported Phy Event Counters Supported Read Look-Ahead Supported, Enabled Release Interrupt Not Supported Security Mode Supported, Disabled Sense Data Reporting (SDR) Not Supported Service Interrupt Not Supported SMART Supported, Enabled SMART Error Logging Supported, Enabled SMART Self-Test Supported, Enabled Software Settings Preservation (SSP) Supported, Disabled Streaming Not Supported Tagged Command Queuing (TCQ) Not Supported Write Cache Supported, Enabled Write-Read-Verify Not Supported SSD Features: Data Set Management Not Supported Deterministic Read After TRIM Not Supported TRIM Command Not Supported Power Management Features: Advanced Power Management Not Supported Automatic Partial to Slumber Transitions (APST) Disabled Device Initiated Interface Power Management (DIPM)Not Supported Device Sleep (DEVSLP) Not Supported Extended Power Conditions (EPC) Not Supported Host Initiated Interface Power Management (HIPM) Supported IDLE IMMEDIATE With UNLOAD FEATURE Not Supported Link Power State Device Sleep Not Supported Power Management Supported, Enabled Power-Up In Standby (PUIS) Supported, Disabled ATA Commands: DEVICE RESET Not Supported DOWNLOAD MICROCODE Supported, Enabled FLUSH CACHE Supported, Enabled FLUSH CACHE EXT Supported, Enabled NOP Supported, Enabled READ BUFFER Supported, Enabled WRITE BUFFER Supported, Enabled ATA Device Physical Info: Manufacturer Western Digital Hard Disk Family Caviar Blue Form Factor 3.5" Formatted Capacity 1000 GB Physical Dimensions 147 x 101.6 x 25.4 mm Max. Weight 440 g Average Rotational Latency 4.2 ms Rotational Speed 7200 RPM Max. Internal Data Rate 1200 Mbit/s Interface SATA-III Buffer-to-Host Data Rate 600 MB/s Buffer Size 64 MB ATA Device Manufacturer: Company Name Western Digital Corporation Product Information http://www.wdc.com/en Driver Update http://www.aida64.com/driver-updates --------[ SMART ]------------------------------------------------------------------------------------------------------- [ WDC WD10EZEX-21M2NA0 (WCC3F1ZSR0TS) ] 01 Raw Read Error Rate 51 200 200 0 OK: Value is normal 03 Spinup Time 21 174 173 2266 OK: Value is normal 04 Start/Stop Count 0 100 100 235 OK: Always passes 05 Reallocated Sector Count 140 200 200 0 OK: Value is normal 07 Seek Error Rate 0 200 200 0 OK: Always passes 09 Power-On Time Count 0 100 100 490 OK: Always passes 0A Spinup Retry Count 0 100 100 0 OK: Always passes 0B Calibration Retry Count 0 100 100 0 OK: Always passes 0C Power Cycle Count 0 100 100 234 OK: Always passes C0 Power-Off Retract Count 0 200 200 12 OK: Always passes C1 Load/Unload Cycle Count 0 200 200 223 OK: Always passes C2 Temperature 0 108 107 35 OK: Always passes C4 Reallocation Event Count 0 200 200 0 OK: Always passes C5 Current Pending Sector Count 0 200 200 0 OK: Always passes C6 Offline Uncorrectable Sector Count 0 200 200 0 OK: Always passes C7 Ultra ATA CRC Error Rate 0 200 200 0 OK: Always passes C8 Write Error Rate 0 200 200 0 OK: Always passes --------[ Windows Network ]--------------------------------------------------------------------------------------------- [ Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller ] Network Adapter Properties: Network Adapter Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller Interface Type Gigabit Ethernet Hardware Address 00-18-F3-1A-3D-45 Connection Name Local Area Connection Connection Speed 100 Mbps MTU 1500 bytes DHCP Lease Obtained 10.04.2015 19:39:43 DHCP Lease Expires 11.04.2015 19:39:43 Bytes Received 143699717 (137.0 MB) Bytes Sent 3352364143 (3197.1 MB) Network Adapter Addresses: IP / Subnet Mask [ TRIAL VERSION ] Gateway [ TRIAL VERSION ] DHCP [ TRIAL VERSION ] DNS [ TRIAL VERSION ] Network Adapter Manufacturer: Company Name Atheros Communications, Inc. Product Information http://www.atheros.com/networking Driver Download http://www.atheros.com Driver Update http://www.aida64.com/driver-updates [ Hamachi Network Interface ] Network Adapter Properties: Network Adapter Hamachi Network Interface Interface Type Ethernet Hardware Address 7A-79-19-94-6D-E2 (user-defined) Connection Name Hamachi Connection Speed 100 Mbps MTU 1404 bytes DHCP Lease Obtained 10.04.2015 19:40:45 DHCP Lease Expires 09.04.2016 19:40:45 Bytes Received 9230 (9.0 KB) Bytes Sent 674059 (658.3 KB) Network Adapter Addresses: IP / Subnet Mask [ TRIAL VERSION ] Gateway [ TRIAL VERSION ] DHCP [ TRIAL VERSION ] [ VirtualBox Host-Only Ethernet Adapter ] Network Adapter Properties: Network Adapter VirtualBox Host-Only Ethernet Adapter Interface Type Ethernet Hardware Address 08-00-27-00-EC-CD Connection Name VirtualBox Host-Only Network Connection Speed 100 Mbps MTU 1500 bytes Bytes Received 0 Bytes Sent 511281 (499.3 KB) Network Adapter Addresses: IP / Subnet Mask [ TRIAL VERSION ] Network Adapter Manufacturer: Company Name Oracle Corporation Product Information http://www.virtualbox.org Driver Download http://www.virtualbox.org Driver Update http://www.aida64.com/driver-updates --------[ PCI / PnP Network ]------------------------------------------------------------------------------------------- Attansic L1 Gigabit Ethernet Adapter PCI --------[ IAM ]--------------------------------------------------------------------------------------------------------- [ Microsoft Communities ] Account Properties: Account Name Microsoft Communities Account ID account{87D079FD-6033-4730-8E81-A6AE376A4658}.oeaccount Account Type News (Default) Application Name Microsoft Windows Mail Connection Name Not Specified (IE Default) NNTP Server msnews.microsoft.com Account Features: NNTP Prompt For Password No NNTP Secure Authentication No NNTP Secure Connection No NNTP Use Group Descriptions No NNTP Post Using Plain Text Format No NNTP Post Using HTML Format No [ Active Directory ] Account Properties: Account Name Active Directory Account ID account{A7DEFD7B-E49A-48FD-AA02-1789623EA63D}.oeaccount Account Type LDAP (Default) Application Name Microsoft Windows Mail Connection Name Not Specified (IE Default) LDAP Server NULL:3268 LDAP User Name NULL LDAP Search Base NULL LDAP Search Timeout 1 min Account Features: LDAP Authentication Required Yes LDAP Secure Authentication Yes LDAP Secure Connection No LDAP Simple Search Filter No [ VeriSign Internet Directory Service ] Account Properties: Account Name VeriSign Internet Directory Service Account ID account{D130E934-E216-4389-B3F1-9C8672F7961E}.oeaccount Account Type LDAP Application Name Microsoft Windows Mail Connection Name Not Specified (IE Default) LDAP Server directory.verisign.com LDAP URL http://www.verisign.com LDAP Search Base NULL LDAP Search Timeout 1 min Account Features: LDAP Authentication Required No LDAP Secure Authentication No LDAP Secure Connection No LDAP Simple Search Filter Yes --------[ Internet ]---------------------------------------------------------------------------------------------------- Internet Settings: Start Page http://cool-tvlive.net/terra Search Page http://go.microsoft.com/fwlink/?LinkId=54896 Local Page C:\Windows\system32\blank.htm Download Folder Current Proxy: Proxy Status Disabled LAN Proxy: Proxy Status Disabled --------[ Routes ]------------------------------------------------------------------------------------------------------ Active 0.0.0.0 0.0.0.0 192.168.0.1 20 192.168.0.100 (Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller) Active 0.0.0.0 0.0.0.0 25.0.0.1 9256 25.148.109.226 (Hamachi Network Interface) Active [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9256 [ TRIAL VERSION ] Active 25.148.109.226 255.255.255.255 25.148.109.226 9256 25.148.109.226 (Hamachi Network Interface) Active 25.255.255.255 255.255.255.255 25.148.109.226 9256 25.148.109.226 (Hamachi Network Interface) Active [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 306 [ TRIAL VERSION ] Active 127.0.0.1 255.255.255.255 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1) Active 127.255.255.255 255.255.255.255 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1) Active [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 276 [ TRIAL VERSION ] Active 192.168.0.100 255.255.255.255 192.168.0.100 276 192.168.0.100 (Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller) Active 192.168.0.255 255.255.255.255 192.168.0.100 276 192.168.0.100 (Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller) Active [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 276 [ TRIAL VERSION ] Active 192.168.56.1 255.255.255.255 192.168.56.1 276 192.168.56.1 (VirtualBox Host-Only Ethernet Adapter) Active 192.168.56.255 255.255.255.255 192.168.56.1 276 192.168.56.1 (VirtualBox Host-Only Ethernet Adapter) Active [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 306 [ TRIAL VERSION ] Active 224.0.0.0 240.0.0.0 192.168.56.1 276 192.168.56.1 (VirtualBox Host-Only Ethernet Adapter) Active 224.0.0.0 240.0.0.0 192.168.0.100 276 192.168.0.100 (Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller) Active [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9256 [ TRIAL VERSION ] Active 255.255.255.255 255.255.255.255 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1) Active 255.255.255.255 255.255.255.255 192.168.56.1 276 192.168.56.1 (VirtualBox Host-Only Ethernet Adapter) Active [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 276 [ TRIAL VERSION ] Active 255.255.255.255 255.255.255.255 25.148.109.226 9256 25.148.109.226 (Hamachi Network Interface) --------[ IE Cookie ]--------------------------------------------------------------------------------------------------- 2015-04-05 17:12:02 alex@onlinestores.metaservices.microsoft.com/serviceswitching/ 2015-04-09 16:41:42 alex@~~local~~/C:/Users/ALEX/AppData/Local/Skype/Apps/login/ 2015-04-09 16:41:46 alex@bay406-m.hotmail.com/ 2015-04-09 16:41:51 alex@c.bing.com/ 2015-04-09 16:41:51 alex@c.msn.com/ 2015-04-09 16:41:57 alex@facebook.com/ 2015-04-09 18:48:51 alex@hit.gemius.pl/ 2015-04-09 18:50:06 alex@skype.com/ 2015-04-10 13:42:15 alex@rarlab.com/ --------[ Browser History ]--------------------------------------------------------------------------------------------- 2015-04-04 13:14:07 ALEX@file:///C:/Users/ALEX/AppData/Roaming/.minecraft/options.txt 2015-04-05 17:43:31 ALEX@file:///C:/Users/ALEX/Desktop/Minecraft%20mods%20and%20stuff/Servers/Hermitcraftul%20nostru/server.properties 2015-04-06 18:05:20 [ TRIAL VERSION ] 2015-04-06 18:09:31 ALEX@file:///C:/Users/ALEX/Desktop/Seed.txt 2015-04-06 18:20:13 ALEX@file:///C:/Users/ALEX/Desktop/Autoruns.zip 2015-04-06 18:20:37 [ TRIAL VERSION ] 2015-04-06 18:36:34 ALEX@file:///C:/Users/ALEX/Desktop/ALEX-PC.arn 2015-04-06 19:40:37 ALEX@file:///C:/Users/ALEX/Desktop/AtherosL1_LAN_v2474.zip 2015-04-07 07:58:15 [ TRIAL VERSION ] 2015-04-07 21:11:19 ALEX@file:///C:/Users/ALEX/Desktop/descărcare.png 2015-04-08 11:49:01 ALEX@file:///C:/Users/ALEX/Desktop/Minecraft%20mods%20and%20stuff/Servers/Server%20de%20filmari/ops.json 2015-04-08 12:06:44 [ TRIAL VERSION ] 2015-04-08 15:13:45 ALEX@file:///C:/Users/ALEX/Desktop/Chestii/Kituri/F_v3.5.99.zip 2015-04-08 19:51:12 ALEX@file:///C:/Users/ALEX/Desktop/TriviaBotv10.2.1.zip 2015-04-08 19:52:13 [ TRIAL VERSION ] 2015-04-08 19:52:27 ALEX@file:///D:/Programe/TriviaBot/lst/002.txt 2015-04-08 20:04:00 ALEX@http://www.mirc.co.uk/regabout.html?version=741&days=1&type=1 2015-04-08 20:04:56 [ TRIAL VERSION ] 2015-04-08 20:05:44 ALEX@file:///D:/Programe/TriviaBot/INSTALLATION%20INSTRUCTIONS.txt 2015-04-08 20:05:55 ALEX@file:///D:/Programe/TriviaBot/TriviaBot_Release_Notes.txt 2015-04-08 20:06:03 [ TRIAL VERSION ] 2015-04-09 10:47:21 ALEX@http://www.mirc.co.uk/regabout.html?version=741&days=31&type=5 2015-04-09 10:49:56 ALEX@file:///C:/Users/ALEX/Desktop/Instructiuni.txt 2015-04-09 11:02:10 [ TRIAL VERSION ] 2015-04-09 11:06:26 ALEX@file:///C:/Users/ALEX/Samsung%20Link/alex_fortzozo@yahoo.com/20150409_092212.mp4 2015-04-09 11:15:36 ALEX@file:///D:/Programe/TriviaBot/lst/001.lst 2015-04-09 11:15:57 [ TRIAL VERSION ] 2015-04-09 11:16:29 ALEX@file:///C:/Users/ALEX/Desktop/Toate.lst 2015-04-09 11:19:02 ALEX@http://www.mirc.co.uk/regabout.html?version=741&days=31&type=1 2015-04-09 11:21:00 [ TRIAL VERSION ] 2015-04-09 11:25:16 ALEX@file:///D:/Programe/TriviaBot/lst/Toate.txt 2015-04-09 13:57:50 ALEX@http://www.mirc.com/regabout.html?version=741&days=31&type=1 2015-04-09 16:25:04 [ TRIAL VERSION ] 2015-04-09 16:41:47 ALEX@https://apps.skype.com/adcontrol/prelogic.html 2015-04-09 16:41:47 ALEX@https://apps.skype.com/home/?uiversion=7.2.0.103&language=en 2015-04-09 16:41:48 [ TRIAL VERSION ] 2015-04-09 16:41:50 ALEX@https://m.hotmail.com/ 2015-04-09 16:41:52 ALEX@https://s-static.ak.facebook.com/connect/xd_arbiter/6Dg4oLkBbYq.js?version=41 2015-04-09 16:41:53 [ TRIAL VERSION ] 2015-04-09 16:41:55 ALEX@https://az361816.vo.msecnd.net/flextag/flextag.html?guid=d11579e7-baa0-40e9-8636-7644c260732c 2015-04-09 16:53:35 ALEX@file:///C:/Users/ALEX/Desktop/SkyHive%20SkyPvP%20Map.zip 2015-04-09 16:54:50 [ TRIAL VERSION ] 2015-04-09 17:55:41 ALEX@https://apps.skype.com/incalladwidget/ 2015-04-09 17:55:41 ALEX@https://az361816.vo.msecnd.net/flextag/flextag.html?guid=993e0d81-67ca-466e-8776-d42771e52dd7 2015-04-09 18:48:49 [ TRIAL VERSION ] 2015-04-09 18:48:50 ALEX@https://static.skypeassets.com/adserver/AdLoader.html?version=1.66.4 2015-04-09 18:48:51 ALEX@about:blank 2015-04-09 18:48:51 [ TRIAL VERSION ] 2015-04-09 18:48:51 ALEX@https://ls.hit.gemius.pl/lsget.html 2015-04-10 12:57:35 ALEX@file:///C:/Users/ALEX/Desktop/bootsect7600x86.zip 2015-04-10 12:57:41 [ TRIAL VERSION ] 2015-04-10 13:01:42 ALEX@file:///D:/BitComet/Downloads/Microsoft%20Windows%207%20ULTIMATE%20x86%20x64%20Integrated%20September%202010%20OEM%20DVD%20-%20BIE/x86%20-%2032%20bit/bie7u86910.iso 2015-04-10 13:42:14 ALEX@http://cdn.castplatform.com/scripts/au1085.html?subid=1 2015-04-10 13:42:15 [ TRIAL VERSION ] 2015-04-10 13:45:32 ALEX@file:///D:/Windows%207/x64%20-%2064%20bit.iso 2015-04-10 13:47:05 ALEX@file:///D:/Windows%207/bie7u64910.iso 2015-04-10 13:54:57 [ TRIAL VERSION ] 2015-04-10 18:06:12 ALEX@file:///C:/Users/ALEX/AppData/Local/Temp/WuaTemp/Resources/index.html 2015-04-10 18:06:16 ALEX@file:///C:/Users/ALEX/AppData/Local/Temp/WuaTemp/Resources/Scanning.html 2015-04-10 18:08:55 [ TRIAL VERSION ] 2015-04-10 18:09:09 ALEX@file:///C:/Users/ALEX/AppData/Local/Temp/WuaTemp/Resources/Hardware.html?Architecture=64 2015-04-10 18:09:26 ALEX@file:///C:/Users/ALEX/AppData/Local/Temp/WuaTemp/Resources/Programs.html?Architecture=64 2015-04-10 18:10:05 [ TRIAL VERSION ] 2015-04-10 18:10:07 ALEX@file:///C:/Users/ALEX/AppData/Local/Temp/WuaTemp/Resources/Overview.html?Architecture=64 2015-04-10 18:47:15 ALEX@file:///D:/BitComet/Downloads/Microsoft%20Windows%207%20ULTIMATE%20x86%20x64%20Integrated%20September%202010%20OEM%20DVD%20-%20BIE/x64%20-%2064%20bit/bie7u64910.iso 2015-04-10 18:49:40 [ TRIAL VERSION ] 2015-04-10 18:49:40 ALEX@http://www.cool-tv.net/ 2015-04-10 19:25:28 ALEX@http://www.mirc.co.uk/regabout.html?version=741&days=32&type=1 2015-04-10 19:57:40 [ TRIAL VERSION ] 2015-04-10 20:20:48 ALEX@file:///C:/Users/ALEX/AppData/Local/Temp/rpt-1.txt --------[ DirectX Files ]----------------------------------------------------------------------------------------------- amstream.dll 6.06.7601.17514 Final Retail English 70656 20.11.2010 15:18:03 bdaplgin.ax 6.01.7600.16385 Final Retail Romanian 74240 14.07.2009 04:14:10 d2d1.dll 6.02.9200.16765 Final Retail English 3419136 26.11.2013 11:16:52 d3d10.dll 6.02.9200.16492 Final Retail English 1080832 24.12.2014 09:52:04 d3d10_1.dll 6.02.9200.16492 Final Retail English 161792 24.12.2014 09:52:04 d3d10_1core.dll 6.02.9200.16492 Final Retail English 249856 24.12.2014 09:52:04 d3d10core.dll 6.02.9200.16492 Final Retail English 220160 24.12.2014 09:52:04 d3d10level9.dll 6.02.9200.16492 Final Retail English 604160 24.12.2014 09:52:04 d3d10warp.dll 6.02.9200.17033 Final Retail English 1987584 24.06.2014 05:59:50 d3d11.dll 6.02.9200.16570 Final Retail English 1505280 24.12.2014 09:50:42 d3d8.dll 6.01.7600.16385 Final Retail English 1036800 14.07.2009 04:15:08 d3d8thk.dll 6.01.7600.16385 Final Retail English 11264 14.07.2009 04:15:08 d3d9.dll 6.01.7601.17514 Final Retail English 1828352 20.11.2010 15:18:25 d3dim.dll 6.01.7600.16385 Final Retail English 386048 14.07.2009 04:15:08 d3dim700.dll 6.01.7600.16385 Final Retail English 817664 14.07.2009 04:15:08 d3dramp.dll 6.01.7600.16385 Final Retail English 593920 14.07.2009 04:15:08 d3dxof.dll 6.01.7600.16385 Final Retail English 53760 14.07.2009 04:15:08 ddraw.dll 6.01.7600.16385 Final Retail English 531968 14.07.2009 04:15:10 ddrawex.dll 6.01.7600.16385 Final Retail English 30208 14.07.2009 04:15:10 devenum.dll 6.06.7600.16385 Final Retail English 66560 14.07.2009 04:15:10 dinput.dll 6.01.7600.16385 Final Retail English 136704 14.07.2009 04:15:11 dinput8.dll 6.01.7600.16385 Final Retail English 145408 14.07.2009 04:15:11 dmband.dll 6.01.7600.16385 Final Retail English 30720 14.07.2009 04:15:12 dmcompos.dll 6.01.7600.16385 Final Retail English 63488 14.07.2009 04:15:12 dmime.dll 6.01.7600.16385 Final Retail English 179712 14.07.2009 04:15:12 dmloader.dll 6.01.7600.16385 Final Retail English 38400 14.07.2009 04:15:12 dmscript.dll 6.01.7600.16385 Final Retail English 86016 14.07.2009 04:15:12 dmstyle.dll 6.01.7600.16385 Final Retail English 105984 14.07.2009 04:15:12 dmsynth.dll 6.01.7600.16385 Final Retail English 105472 14.07.2009 04:15:12 dmusic.dll 6.01.7600.16385 Final Retail English 101376 14.07.2009 04:15:12 dplaysvr.exe 6.01.7600.16385 Final Retail English 29184 14.07.2009 04:14:18 dplayx.dll 6.01.7600.16385 Final Retail English 213504 14.07.2009 04:15:12 dpmodemx.dll 6.01.7600.16385 Final Retail English 23040 14.07.2009 04:15:12 dpnaddr.dll 6.01.7601.17514 Final Retail English 2560 20.11.2010 14:57:57 dpnathlp.dll 6.01.7600.16385 Final Retail English 57344 14.07.2009 04:15:14 dpnet.dll 6.01.7601.17989 Final Retail English 376832 02.11.2012 08:11:31 dpnhpast.dll 6.01.7600.16385 Final Retail English 7168 14.07.2009 04:15:12 dpnhupnp.dll 6.01.7600.16385 Final Retail English 7168 14.07.2009 04:15:12 dpnlobby.dll 6.01.7600.16385 Final Retail English 2560 14.07.2009 04:04:52 dpnsvr.exe 6.01.7600.16385 Final Retail English 33280 14.07.2009 04:14:18 dpwsockx.dll 6.01.7600.16385 Final Retail English 44032 14.07.2009 04:15:12 dsdmo.dll 6.01.7600.16385 Final Retail English 173568 14.07.2009 04:15:13 dsound.dll 6.01.7600.16385 Final Retail English 453632 14.07.2009 04:15:13 dswave.dll 6.01.7600.16385 Final Retail English 20992 14.07.2009 04:15:13 dwrite.dll 6.02.9200.16571 Final Retail English 1247744 10.04.2013 02:34:02 dxapi.sys 6.01.7600.16385 Final Retail English 13312 14.07.2009 02:25:26 dxdiagn.dll 6.01.7601.17514 Final Retail English 210432 20.11.2010 15:18:36 dxg.sys 6.01.7600.16385 Final Retail English 76288 14.07.2009 02:25:26 dxgi.dll 6.02.9200.16492 Final Retail English 293376 24.12.2014 09:52:04 dxgkrnl.sys 6.01.7601.18510 Final Retail English 730048 16.06.2014 04:44:50 dxmasf.dll 12.00.7601.18741 Final Retail English 4096 03.02.2015 06:12:32 dxtmsft.dll 11.00.9600.17690 Final Retail English 418304 21.02.2015 03:28:00 dxtrans.dll 11.00.9600.17690 Final Retail English 285696 21.02.2015 03:27:56 dxva2.dll 6.01.7600.16385 Final Retail English 88064 14.07.2009 04:15:14 encapi.dll 6.01.7600.16385 Final Retail English 20992 14.07.2009 04:15:14 gcdef.dll 6.01.7600.16385 Final Retail English 120832 14.07.2009 04:15:22 iac25_32.ax 2.00.0005.0053 Final Retail English 197632 14.07.2009 04:14:10 ir41_32.ax 4.51.0016.0003 Final Retail English 839680 14.07.2009 04:14:10 ir41_qc.dll 4.30.0062.0002 Final Retail English 120320 14.07.2009 04:15:34 ir41_qcx.dll 4.30.0062.0002 Final Retail English 120320 14.07.2009 04:15:34 ir50_32.dll 5.2562.0015.0055 Final Retail English 746496 14.07.2009 04:15:34 ir50_qc.dll 5.00.0063.0048 Final Retail English 200192 14.07.2009 04:15:34 ir50_qcx.dll 5.00.0063.0048 Final Retail English 200192 14.07.2009 04:15:34 ivfsrc.ax 5.10.0002.0051 Final Retail English 146944 14.07.2009 04:14:10 joy.cpl 6.01.7600.16385 Final Retail English 138240 14.07.2009 04:14:09 ks.sys 6.01.7601.17514 Final Retail Romanian 190976 20.11.2010 12:50:19 ksproxy.ax 6.01.7601.17514 Final Retail Romanian 193536 20.11.2010 15:16:52 kstvtune.ax 6.01.7601.17514 Final Retail English 84480 20.11.2010 15:16:52 ksuser.dll 6.01.7600.16385 Final Retail Romanian 4608 14.07.2009 04:15:35 kswdmcap.ax 6.01.7601.17514 Final Retail English 107008 20.11.2010 15:16:52 ksxbar.ax 6.01.7601.17514 Final Retail English 48640 20.11.2010 15:16:52 mciqtz32.dll 6.06.7601.17514 Final Retail English 36352 20.11.2010 15:19:32 mfc40.dll 4.01.0000.6151 Beta Retail English 954752 20.11.2010 15:19:33 mfc42.dll 6.06.8064.0000 Beta Retail English 1137664 11.03.2011 08:33:59 Microsoft.DirectX.AudioVideoPlayback.dll 5.04.0000.2904 Final Retail English 53248 08.03.2015 17:25:45 Microsoft.DirectX.Diagnostics.dll 5.04.0000.2904 Final Retail English 12800 08.03.2015 17:25:45 Microsoft.DirectX.Direct3D.dll 9.05.0132.0000 Final Retail English 473600 08.03.2015 17:25:45 Microsoft.DirectX.Direct3DX.dll 5.04.0000.3900 Final Retail English 2676224 08.03.2015 17:25:41 Microsoft.DirectX.Direct3DX.dll 9.04.0091.0000 Final Retail English 2846720 08.03.2015 17:25:41 Microsoft.DirectX.Direct3DX.dll 9.05.0132.0000 Final Retail English 563712 08.03.2015 17:25:42 Microsoft.DirectX.Direct3DX.dll 9.06.0168.0000 Final Retail English 567296 08.03.2015 17:25:42 Microsoft.DirectX.Direct3DX.dll 9.07.0239.0000 Final Retail English 576000 08.03.2015 17:25:42 Microsoft.DirectX.Direct3DX.dll 9.08.0299.0000 Final Retail English 577024 08.03.2015 17:25:43 Microsoft.DirectX.Direct3DX.dll 9.09.0376.0000 Final Retail English 577536 08.03.2015 17:25:43 Microsoft.DirectX.Direct3DX.dll 9.10.0455.0000 Final Retail English 577536 08.03.2015 17:25:43 Microsoft.DirectX.Direct3DX.dll 9.11.0519.0000 Final Retail English 578560 08.03.2015 17:25:44 Microsoft.DirectX.Direct3DX.dll 9.12.0589.0000 Final Retail English 578560 08.03.2015 17:25:45 Microsoft.DirectX.DirectDraw.dll 5.04.0000.2904 Final Retail English 145920 08.03.2015 17:25:46 Microsoft.DirectX.DirectInput.dll 5.04.0000.2904 Final Retail English 159232 08.03.2015 17:25:46 Microsoft.DirectX.DirectPlay.dll 5.04.0000.2904 Final Retail English 364544 08.03.2015 17:25:46 Microsoft.DirectX.DirectSound.dll 5.04.0000.2904 Final Retail English 178176 08.03.2015 17:25:46 Microsoft.DirectX.dll 5.04.0000.2904 Final Retail English 223232 08.03.2015 17:25:45 mpeg2data.ax 6.06.7601.17514 Final Retail Romanian 72704 20.11.2010 15:16:52 mpg2splt.ax 6.06.7601.17528 Final Retail English 199680 23.12.2010 08:50:23 msdmo.dll 6.06.7601.17514 Final Retail English 30720 20.11.2010 15:19:46 msdvbnp.ax 6.06.7601.17514 Final Retail Romanian 59904 20.11.2010 15:16:52 mskssrv.sys 6.01.7600.16385 Final Retail Romanian 8320 14.07.2009 02:45:08 mspclock.sys 6.01.7600.16385 Final Retail Romanian 5888 14.07.2009 02:45:08 mspqm.sys 6.01.7600.16385 Final Retail Romanian 5504 14.07.2009 02:45:07 mstee.sys 6.01.7600.16385 Final Retail Romanian 6144 14.07.2009 02:45:08 msvidctl.dll 6.05.7601.17514 Final Retail English 2291712 20.11.2010 15:19:55 msyuv.dll 6.01.7601.17514 Final Retail English 22528 20.11.2010 15:19:56 pid.dll 6.01.7600.16385 Final Retail English 36352 14.07.2009 04:16:12 psisdecd.dll 6.06.7601.17669 Final Retail Romanian 465408 17.08.2011 07:24:12 psisrndr.ax 6.06.7601.17669 Final Retail Romanian 75776 17.08.2011 07:19:27 qasf.dll 12.00.7601.17514 Final Retail English 206848 20.11.2010 15:20:57 qcap.dll 6.06.7601.17514 Final Retail English 190976 20.11.2010 15:20:57 qdv.dll 6.06.7601.17514 Final Retail English 283136 20.11.2010 15:20:57 qdvd.dll 6.06.7601.18741 Final Retail English 519680 03.02.2015 06:12:29 qedit.dll 6.06.7601.18501 Final Retail English 509440 06.06.2014 12:44:17 qedwipes.dll 6.06.7600.16385 Final Retail English 733184 14.07.2009 04:09:35 quartz.dll 6.06.7601.18741 Final Retail English 1329664 03.02.2015 06:12:29 stream.sys 6.01.7600.16385 Final Retail Romanian 53632 14.07.2009 02:50:57 swenum.sys 6.01.7600.16385 Final Retail Romanian 12240 14.07.2009 04:19:10 vbisurf.ax 6.01.7601.17514 Final Retail English 33792 20.11.2010 15:16:52 vfwwdm32.dll 6.01.7601.17514 Final Retail English 56832 20.11.2010 15:21:34 wsock32.dll 6.01.7600.16385 Final Retail English 15360 14.07.2009 04:16:20 --------[ DirectX Video ]----------------------------------------------------------------------------------------------- [ Primary Display Driver ] DirectDraw Device Properties: DirectDraw Driver Name display DirectDraw Driver Description Primary Display Driver Hardware Driver nvd3dum.dll (9.18.13.4144 - nVIDIA ForceWare 341.44) Hardware Description NVIDIA GeForce 210 Direct3D Device Properties: Total / Free Video Memory 1024 MB / 877 MB Rendering Bit Depths 8, 16, 32 Z-Buffer Bit Depths 16, 24, 32 Multisample Anti-Aliasing Modes MSAA 2x, MSAA 4x, MSAA 8x, CSAA 8x, CSAA 8xQ, CSAA 16x, CSAA 16xQ Min Texture Size 1 x 1 Max Texture Size 8192 x 8192 Unified Shader Version 4.1 DirectX Hardware Support DirectX v10.1 Direct3D Device Features: Additive Texture Blending Supported AGP Texturing Supported Anisotropic Filtering Supported Automatic Mipmap Generation Supported Bilinear Filtering Supported Compute Shader Supported Cubic Environment Mapping Supported Cubic Filtering Not Supported Decal-Alpha Texture Blending Supported Decal Texture Blending Supported Directional Lights Supported DirectX Texture Compression Not Supported DirectX Volumetric Texture Compression Not Supported Dithering Supported Dot3 Texture Blending Supported Double-Precision Floating-Point Not Supported Driver Concurrent Creates Supported Driver Command Lists Supported Dynamic Textures Supported Edge Anti-Aliasing Supported Environmental Bump Mapping Supported Environmental Bump Mapping + Luminance Supported Factor Alpha Blending Supported Geometric Hidden-Surface Removal Not Supported Geometry Shader Supported Guard Band Supported Hardware Scene Rasterization Supported Hardware Transform & Lighting Supported Legacy Depth Bias Supported Map On Default Buffers Not Supported Mipmap LOD Bias Adjustments Supported Mipmapped Cube Textures Supported Mipmapped Volume Textures Supported Modulate-Alpha Texture Blending Supported Modulate Texture Blending Supported Non-Square Textures Supported N-Patches Not Supported Perspective Texture Correction Supported Point Lights Supported Point Sampling Supported Projective Textures Supported Quintic Bezier Curves & B-Splines Not Supported Range-Based Fog Supported Rectangular & Triangular Patches Not Supported Rendering In Windowed Mode Supported Runtime Shader Linking Not Supported Scissor Test Supported Slope-Scale Based Depth Bias Supported Specular Flat Shading Supported Specular Gouraud Shading Supported Specular Phong Shading Not Supported Spherical Mapping Supported Spot Lights Supported Stencil Buffers Supported Sub-Pixel Accuracy Supported Subtractive Texture Blending Supported Table Fog Supported Texture Alpha Blending Supported Texture Clamping Supported Texture Mirroring Supported Texture Transparency Supported Texture Wrapping Supported Tiled Resources Not Supported Triangle Culling Not Supported Trilinear Filtering Supported Two-Sided Stencil Test Supported Vertex Alpha Blending Supported Vertex Fog Supported Vertex Tweening Not Supported Volume Textures Supported W-Based Fog Supported W-Buffering Not Supported Z-Based Fog Supported Z-Bias Supported Z-Test Supported Supported FourCC Codes: 3x11 Supported 3x16 Supported AI44 Supported AI88 Supported AIP8 Supported ATOC Supported AV12 Supported AYUV Supported NV12 Supported NV24 Supported NVDB Supported NVDP Supported NVMD Supported PLFF Supported SSAA Supported UYVY Supported YUY2 Supported YV12 Supported Video Adapter Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates --------[ DirectX Sound ]----------------------------------------------------------------------------------------------- [ Primary Sound Driver ] DirectSound Device Properties: Device Description Primary Sound Driver Driver Module Primary Buffers 1 Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Total / Free Sound Buffers 1 / 0 Total / Free Static Sound Buffers 1 / 0 Total / Free Streaming Sound Buffers 1 / 0 Total / Free 3D Sound Buffers 0 / 0 Total / Free 3D Static Sound Buffers 0 / 0 Total / Free 3D Streaming Sound Buffers 0 / 0 DirectSound Device Features: Certified Driver No Emulated Device No Precise Sample Rate Supported DirectSound3D Not Supported Creative EAX 1.0 Not Supported Creative EAX 2.0 Not Supported Creative EAX 3.0 Not Supported Creative EAX 4.0 Not Supported Creative EAX 5.0 Not Supported I3DL2 Not Supported Sensaura ZoomFX Not Supported [ Speakers (High Definition Audio Device) ] DirectSound Device Properties: Device Description Speakers (High Definition Audio Device) Driver Module {0.0.0.00000000}.{53e66e94-56fb-4370-93a1-72484dad8420} Primary Buffers 1 Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Total / Free Sound Buffers 1 / 0 Total / Free Static Sound Buffers 1 / 0 Total / Free Streaming Sound Buffers 1 / 0 Total / Free 3D Sound Buffers 0 / 0 Total / Free 3D Static Sound Buffers 0 / 0 Total / Free 3D Streaming Sound Buffers 0 / 0 DirectSound Device Features: Certified Driver No Emulated Device No Precise Sample Rate Supported DirectSound3D Not Supported Creative EAX 1.0 Not Supported Creative EAX 2.0 Not Supported Creative EAX 3.0 Not Supported Creative EAX 4.0 Not Supported Creative EAX 5.0 Not Supported I3DL2 Not Supported Sensaura ZoomFX Not Supported [ Digital Audio (S/PDIF) (High Definition Audio Device) ] DirectSound Device Properties: Device Description Digital Audio (S/PDIF) (High Definition Audio Device) Driver Module {0.0.0.00000000}.{297043ca-ca32-4e49-8020-f7bafbb58451} Primary Buffers 1 Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Total / Free Sound Buffers 1 / 0 Total / Free Static Sound Buffers 1 / 0 Total / Free Streaming Sound Buffers 1 / 0 Total / Free 3D Sound Buffers 0 / 0 Total / Free 3D Static Sound Buffers 0 / 0 Total / Free 3D Streaming Sound Buffers 0 / 0 DirectSound Device Features: Certified Driver No Emulated Device No Precise Sample Rate Supported DirectSound3D Not Supported Creative EAX 1.0 Not Supported Creative EAX 2.0 Not Supported Creative EAX 3.0 Not Supported Creative EAX 4.0 Not Supported Creative EAX 5.0 Not Supported I3DL2 Not Supported Sensaura ZoomFX Not Supported [ Headphones (High Definition Audio Device) ] DirectSound Device Properties: Device Description Headphones (High Definition Audio Device) Driver Module {0.0.0.00000000}.{997d05c7-b0c9-45bc-b89a-b875abf99a27} Primary Buffers 1 Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Total / Free Sound Buffers 1 / 0 Total / Free Static Sound Buffers 1 / 0 Total / Free Streaming Sound Buffers 1 / 0 Total / Free 3D Sound Buffers 0 / 0 Total / Free 3D Static Sound Buffers 0 / 0 Total / Free 3D Streaming Sound Buffers 0 / 0 DirectSound Device Features: Certified Driver No Emulated Device No Precise Sample Rate Supported DirectSound3D Not Supported Creative EAX 1.0 Not Supported Creative EAX 2.0 Not Supported Creative EAX 3.0 Not Supported Creative EAX 4.0 Not Supported Creative EAX 5.0 Not Supported I3DL2 Not Supported Sensaura ZoomFX Not Supported --------[ DirectX Input ]----------------------------------------------------------------------------------------------- [ Mouse ] DirectInput Device Properties: Device Description Mouse Device Type Unknown Device Subtype Unknown Axes 3 Buttons/Keys 3 DirectInput Device Features: Emulated Device Yes Alias Device No Polled Device No Polled Data Format No Attack Force Feedback Not Supported Deadband Force Feedback Not Supported Fade Force Feedback Not Supported Force Feedback Not Supported Saturation Force Feedback Not Supported +/- Force Feedback Coefficients Not Supported +/- Force Feedback Saturation Not Supported [ Keyboard ] DirectInput Device Properties: Device Description Keyboard Device Type Unknown Device Subtype Unknown Buttons/Keys 128 DirectInput Device Features: Emulated Device Yes Alias Device No Polled Device No Polled Data Format No Attack Force Feedback Not Supported Deadband Force Feedback Not Supported Fade Force Feedback Not Supported Force Feedback Not Supported Saturation Force Feedback Not Supported +/- Force Feedback Coefficients Not Supported +/- Force Feedback Saturation Not Supported [ Multimedia Keyboard ] DirectInput Device Properties: Device Description Multimedia Keyboard Device Type Unknown Device Subtype Unknown Buttons/Keys 26 DirectInput Device Features: Emulated Device Yes Alias Device No Polled Device No Polled Data Format No Attack Force Feedback Not Supported Deadband Force Feedback Not Supported Fade Force Feedback Not Supported Force Feedback Not Supported Saturation Force Feedback Not Supported +/- Force Feedback Coefficients Not Supported +/- Force Feedback Saturation Not Supported --------[ Windows Devices ]--------------------------------------------------------------------------------------------- [ Devices ] Batteries: Microsoft Composite Battery 6.1.7600.16385 Computer: ACPI x86-based PC 6.1.7600.16385 Disk drives: Verbatim STORE N GO USB Device 6.1.7600.16385 WDC WD10EZEX-21M2NA0 ATA Device 6.1.7600.16385 Display adapters: NVIDIA GeForce 210 9.18.13.4144 DVD/CD-ROM drives: DTSOFT Virtual CdRom Device 6.1.7601.17514 HL-DT-ST DVD-RAM GH22NP20 ATA Device 6.1.7601.17514 Floppy disk drives: Floppy disk drive 6.1.7600.16385 Floppy drive controllers: Standard floppy disk controller 6.1.7600.16385 Human Interface Devices: HID-compliant consumer control device 6.1.7600.16385 USB Input Device 6.1.7601.18199 USB Input Device 6.1.7601.18199 USB Input Device 6.1.7601.18199 IDE ATA/ATAPI controllers: ATA Channel 0 6.1.7601.18231 ATA Channel 0 6.1.7601.18231 ATA Channel 0 6.1.7601.18231 ATA Channel 1 6.1.7601.18231 ATA Channel 1 6.1.7601.18231 ATA Channel 1 6.1.7601.18231 Intel(R) 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF6.1.7601.18231 Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C06.1.7601.18231 Standard Dual Channel PCI IDE Controller 6.1.7601.18231 IEEE 1394 Bus host controllers: VIA 1394 OHCI Compliant Host Controller 6.1.7601.17514 Keyboards: HID Keyboard Device 6.1.7601.17514 Mice and other pointing devices: HID-compliant mouse 6.1.7600.16385 Monitors: LG L1718S 1.3.0.0 Network adapters: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller - VirtualBox Bridged Networking Driver Miniport4.3.26.0 Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller2.4.7.4 Hamachi Network Interface - VirtualBox Bridged Networking Driver Miniport4.3.26.0 Hamachi Network Interface 6.0.2.2 Microsoft 6to4 Adapter 6.1.7600.16385 Microsoft ISATAP Adapter #2 6.1.7600.16385 Microsoft ISATAP Adapter #3 6.1.7600.16385 Microsoft ISATAP Adapter 6.1.7600.16385 Microsoft Teredo Tunneling Adapter 6.1.7600.16385 VirtualBox Host-Only Ethernet Adapter 4.3.26.0 WAN Miniport (IKEv2) 6.1.7601.17514 WAN Miniport (IP) 6.1.7600.16385 WAN Miniport (IPv6) 6.1.7600.16385 WAN Miniport (L2TP) 6.1.7600.16385 WAN Miniport (Network Monitor) 6.1.7600.16385 WAN Miniport (PPPOE) 6.1.7600.16385 WAN Miniport (PPTP) 6.1.7600.16385 WAN Miniport (SSTP) 6.1.7600.16385 Non-Plug and Play Drivers: Ancillary Function Driver for Winsock Beep Bitlocker Drive Encryption Filter Driver CNG Common Log (CLFS) Disk Virtual Machine Bus Acceleration Filter Driver Dynamic Volume Manager Hardware Policy Driver HTTP Kernel Mode Driver Frameworks service KSecDD KSecPkg LDDM Graphics Subsystem Link-Layer Topology Discovery Mapper I/O Driver Link-Layer Topology Discovery Responder Microsoft Network Inspection System Mount Point Manager msisadrv NDIS System Driver NDProxy NETBT NetIO Legacy TDI Support Driver NSI proxy service driver. Null Offline Files Driver Parvdm PEAUTH Performance Counters for Windows Driver QoS Packet Scheduler RDP Encoder Mirror Driver RDPCDD Reflector Display Driver used to gain access to graphics data Remote Access IPv6 ARP Driver Security Driver Security Processor Loader Driver StarForce Protection Environment Driver (version 1.x) StarForce Protection Environment Driver (version 1.x.a) StarForce Protection Helper Driver (version 2.x) StarForce Protection Synchronization Driver (version 4.x) Storage volumes System Attribute Cache TCP/IP Protocol Driver TCP/IP Registry Compatibility User Mode Driver Frameworks Platform Driver VgaSave Virtual Machine Bus VirtualBox Service VirtualBox USB Monitor Driver WFP Lightweight Filter Windows Firewall Authorization Driver Portable Devices: MULTIBOOT 6.1.7600.16385 Ports (COM & LPT): Communications Port (COM1) 6.1.7600.16385 ECP Printer Port (LPT1) 6.1.7600.16385 Processors: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz 6.1.7600.16385 Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz 6.1.7600.16385 Sound, video and game controllers: High Definition Audio Device 6.1.7601.17514 NVIDIA High Definition Audio 1.3.30.1 NVIDIA High Definition Audio 1.3.30.1 NVIDIA High Definition Audio 1.3.30.1 NVIDIA High Definition Audio 1.3.30.1 Storage volume shadow copies: Generic volume shadow copy 6.1.7600.16385 Generic volume shadow copy 6.1.7600.16385 Generic volume shadow copy 6.1.7600.16385 Storage Volumes: Generic volume 6.1.7601.17514 Generic volume 6.1.7601.17514 Generic volume 6.1.7601.17514 Generic volume 6.1.7601.17514 System devices: ACPI Fixed Feature Button 6.1.7601.17514 ACPI Power Button 6.1.7601.17514 ATK0110 ACPI UTILITY 1043.2.15.37 Composite Bus Enumerator 6.1.7601.17514 DAEMON Tools Virtual Bus 4.49.1.352 Direct memory access controller 6.1.7601.17514 File as Volume Driver 6.1.7600.16385 High Definition Audio Controller 6.1.7601.17514 High Definition Audio Controller 6.1.7601.17514 High precision event timer 6.1.7601.17514 Intel(R) 82801 PCI Bridge - 244E 6.1.7601.17514 Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D06.1.7601.17514 Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D46.1.7601.17514 Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D66.1.7601.17514 Intel(R) 82801G (ICH7 Family) SMBus Controller - 27DA6.1.7601.17514 Intel(R) 82801GB/GR (ICH7 Family) LPC Interface Controller - 27B86.1.7601.17514 Intel(R) 945G/GZ/GC/P/PL PCI Express Root Port - 27716.1.7601.17514 Intel(R) 945G/GZ/GC/P/PL Processor to I/O Controller - 27706.1.7601.17514 Microsoft ACPI-Compliant System 6.1.7601.17514 Microsoft System Management BIOS Driver 6.1.7601.17514 Microsoft Virtual Drive Enumerator Driver 6.1.7601.17514 Motherboard resources 6.1.7601.17514 Motherboard resources 6.1.7601.17514 Motherboard resources 6.1.7601.17514 Motherboard resources 6.1.7601.17514 Motherboard resources 6.1.7601.17514 Numeric data processor 6.1.7601.17514 PCI bus 6.1.7601.17514 Plug and Play Software Device Enumerator 6.1.7601.17514 Printer Port Logical Interface 6.1.7601.17514 Programmable interrupt controller 6.1.7601.17514 Remote Desktop Device Redirector Bus 6.1.7600.16385 System board 6.1.7601.17514 System board 6.1.7601.17514 System CMOS/real time clock 6.1.7601.17514 System speaker 6.1.7601.17514 System timer 6.1.7601.17514 Terminal Server Keyboard Driver 6.1.7601.17514 Terminal Server Mouse Driver 6.1.7601.17514 UMBus Enumerator 6.1.7601.17514 UMBus Enumerator 6.1.7601.17514 UMBus Root Bus Enumerator 6.1.7601.17514 Volume Manager 6.1.7601.17514 Universal Serial Bus controllers: Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C86.1.7601.18328 Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C96.1.7601.18328 Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA6.1.7601.18328 Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB6.1.7601.18328 Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC6.1.7601.18328 USB Composite Device 6.1.7601.18328 USB Mass Storage Device 6.1.7601.17577 USB Root Hub 6.1.7601.18328 USB Root Hub 6.1.7601.18328 USB Root Hub 6.1.7601.18328 USB Root Hub 6.1.7601.18328 USB Root Hub 6.1.7601.18328 [ Batteries / Microsoft Composite Battery ] Device Properties: Driver Description Microsoft Composite Battery Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File battery.inf Hardware ID COMPOSITE_BATTERY Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Computer / ACPI x86-based PC ] Device Properties: Driver Description ACPI x86-based PC Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File hal.inf Hardware ID acpiapic [ Disk drives / Verbatim STORE N GO USB Device ] Device Properties: Driver Description Verbatim STORE N GO USB Device Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File disk.inf Hardware ID USBSTOR\DiskVerbatimSTORE_N_GO______5.00 Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Disk drives / WDC WD10EZEX-21M2NA0 ATA Device ] Device Properties: Driver Description WDC WD10EZEX-21M2NA0 ATA Device Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File disk.inf Hardware ID IDE\DiskWDC_WD10EZEX-21M2NA0____________________01.01A01 Location Information Channel 0, Target 0, Lun 0 Device Manufacturer: Company Name Western Digital Corporation Product Information http://www.wdc.com/en Driver Update http://www.aida64.com/driver-updates [ Display adapters / NVIDIA GeForce 210 ] Device Properties: Driver Description NVIDIA GeForce 210 Driver Date 03.02.2015 Driver Version 9.18.13.4144 Driver Provider NVIDIA INF File oem13.inf Hardware ID PCI\VEN_10DE&DEV_0A65&SUBSYS_00000000&REV_A2 Location Information PCI bus 5, device 0, function 0 PCI Device nVIDIA GeForce 210 Video Adapter Device Resources: IRQ 16 Memory 000A0000-000BFFFF Memory DC000000-DCFFFFFF Memory DE000000-DFFFFFFF Memory E0000000-EFFFFFFF Port 03B0-03BB Port 03C0-03DF Port E800-E87F Video Adapter Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ DVD/CD-ROM drives / DTSOFT Virtual CdRom Device ] Device Properties: Driver Description DTSOFT Virtual CdRom Device Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File cdrom.inf Hardware ID DTSOFTBUS&Rev1\DTCDROM&Rev1 Location Information 00 Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ DVD/CD-ROM drives / HL-DT-ST DVD-RAM GH22NP20 ATA Device ] Device Properties: Driver Description HL-DT-ST DVD-RAM GH22NP20 ATA Device Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File cdrom.inf Hardware ID IDE\CdRomHL-DT-ST_DVD-RAM_GH22NP20_______________1.00____ Location Information Channel 0, Target 0, Lun 0 Device Manufacturer: Company Name LG Electronics Product Information http://www.lg.com/us/data-storage Firmware Download http://www.lg.com/us/support Driver Update http://www.aida64.com/driver-updates [ Floppy disk drives / Floppy disk drive ] Device Properties: Driver Description Floppy disk drive Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File flpydisk.inf Hardware ID FDC\GENERIC_FLOPPY_DRIVE [ Floppy drive controllers / Standard floppy disk controller ] Device Properties: Driver Description Standard floppy disk controller Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File fdc.inf Hardware ID ACPI\PNP0700 PnP Device Floppy Disk Controller Device Resources: DMA 02 IRQ 06 Port 03F0-03F5 Port 03F7-03F7 [ Human Interface Devices / HID-compliant consumer control device ] Device Properties: Driver Description HID-compliant consumer control device Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File hidserv.inf Hardware ID HID\VID_0458&PID_0708&REV_0100&MI_01 Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Human Interface Devices / USB Input Device ] Device Properties: Driver Description USB Input Device Driver Date 21.06.2006 Driver Version 6.1.7601.18199 Driver Provider Microsoft INF File input.inf Hardware ID USB\VID_0458&PID_003A&REV_0100 Location Information Port_#0002.Hub_#0001 Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Human Interface Devices / USB Input Device ] Device Properties: Driver Description USB Input Device Driver Date 21.06.2006 Driver Version 6.1.7601.18199 Driver Provider Microsoft INF File input.inf Hardware ID USB\VID_0458&PID_0708&REV_0100&MI_00 Location Information 0000.001d.0000.001.000.000.000.000.000 Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Human Interface Devices / USB Input Device ] Device Properties: Driver Description USB Input Device Driver Date 21.06.2006 Driver Version 6.1.7601.18199 Driver Provider Microsoft INF File input.inf Hardware ID USB\VID_0458&PID_0708&REV_0100&MI_01 Location Information 0000.001d.0000.001.000.000.000.000.000 Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ IDE ATA/ATAPI controllers / ATA Channel 0 ] Device Properties: Driver Description ATA Channel 0 Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Hardware ID Intel-27c0 Location Information Channel 0 [ IDE ATA/ATAPI controllers / ATA Channel 0 ] Device Properties: Driver Description ATA Channel 0 Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Hardware ID Intel-27df Location Information Channel 0 Device Resources: IRQ 14 Port 01F0-01F7 Port 03F6-03F6 [ IDE ATA/ATAPI controllers / ATA Channel 0 ] Device Properties: Driver Description ATA Channel 0 Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Hardware ID 197b-2360 Location Information Channel 0 [ IDE ATA/ATAPI controllers / ATA Channel 1 ] Device Properties: Driver Description ATA Channel 1 Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Hardware ID Intel-27c0 Location Information Channel 1 [ IDE ATA/ATAPI controllers / ATA Channel 1 ] Device Properties: Driver Description ATA Channel 1 Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Hardware ID Intel-27df Location Information Channel 1 Device Resources: IRQ 15 Port 0170-0177 Port 0376-0376 [ IDE ATA/ATAPI controllers / ATA Channel 1 ] Device Properties: Driver Description ATA Channel 1 Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Hardware ID 197b-2360 Location Information Channel 1 [ IDE ATA/ATAPI controllers / Intel(R) 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF ] Device Properties: Driver Description Intel(R) 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Hardware ID PCI\VEN_8086&DEV_27DF&SUBSYS_81791043&REV_01 Location Information PCI bus 0, device 31, function 1 PCI Device Intel 82801GB ICH7 - ATA-100 IDE Controller [A-1] Device Resources: Port FFA0-FFAF Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ IDE ATA/ATAPI controllers / Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0 ] Device Properties: Driver Description Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0 Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Hardware ID PCI\VEN_8086&DEV_27C0&SUBSYS_26011043&REV_01 Location Information PCI bus 0, device 31, function 2 PCI Device Intel 82801GB ICH7 - SATA Controller [A-1] Device Resources: IRQ 23 Port 7400-740F Port 7800-7803 Port 8000-8007 Port 8400-8403 Port 8800-8807 Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ IDE ATA/ATAPI controllers / Standard Dual Channel PCI IDE Controller ] Device Properties: Driver Description Standard Dual Channel PCI IDE Controller Driver Date 21.06.2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Hardware ID PCI\VEN_197B&DEV_2360&SUBSYS_82081043&REV_02 Location Information PCI bus 2, device 0, function 0 PCI Device JMicron JMB360 SATA-II AHCI Controller Device Resources: IRQ 19 Memory DBEFE000-DBEFFFFF Port A400-A40F Port A800-A803 Port B000-B007 Port B400-B403 Port B800-B807 [ IEEE 1394 Bus host controllers / VIA 1394 OHCI Compliant Host Controller ] Device Properties: Driver Description VIA 1394 OHCI Compliant Host Controller Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File 1394.inf Hardware ID PCI\VEN_1106&DEV_3044&SUBSYS_81FE1043&REV_C0 Location Information PCI bus 1, device 4, function 0 PCI Device VIA VT6308 Fire IIM IEEE1394 Host Controller Device Resources: IRQ 23 Memory DBDFF800-DBDFFFFF Port 9800-987F Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Keyboards / HID Keyboard Device ] Device Properties: Driver Description HID Keyboard Device Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File keyboard.inf Hardware ID HID\VID_0458&PID_0708&REV_0100&MI_00 Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Mice and other pointing devices / HID-compliant mouse ] Device Properties: Driver Description HID-compliant mouse Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File msmouse.inf Hardware ID HID\VID_0458&PID_003A&REV_0100 Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Monitors / LG L1718S ] Device Properties: Driver Description LG L1718S Driver Date 03.01.2007 Driver Version 1.3.0.0 Driver Provider LG INF File oem7.inf Hardware ID MONITOR\GSM443C Monitor Manufacturer: Company Name LG Electronics Product Information http://www.lg.com/us/monitors Driver Download http://www.lg.com/us/support Driver Update http://www.aida64.com/driver-updates [ Network adapters / Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller - VirtualBox Bridged Networking Driver Miniport ] Device Properties: Driver Description Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller - VirtualBox Bridged Networking Driver Miniport Driver Date 16.03.2015 Driver Version 4.3.26.0 Driver Provider Oracle Corporation INF File oem23.inf Hardware ID sun_VBoxNetFltmp Network Adapter Manufacturer: Company Name Atheros Communications, Inc. Product Information http://www.atheros.com/networking Driver Download http://www.atheros.com Driver Update http://www.aida64.com/driver-updates [ Network adapters / Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller ] Device Properties: Driver Description Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller Driver Date 30.08.2007 Driver Version 2.4.7.4 Driver Provider Atheros INF File oem3.inf Hardware ID PCI\VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0 Location Information PCI bus 3, device 0, function 0 PCI Device Attansic L1 Gigabit Ethernet Adapter Device Resources: IRQ 18 Memory DBFC0000-DBFFFFFF Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Network adapters / Hamachi Network Interface - VirtualBox Bridged Networking Driver Miniport ] Device Properties: Driver Description Hamachi Network Interface - VirtualBox Bridged Networking Driver Miniport Driver Date 16.03.2015 Driver Version 4.3.26.0 Driver Provider Oracle Corporation INF File oem23.inf Hardware ID sun_VBoxNetFltmp Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Network adapters / Hamachi Network Interface ] Device Properties: Driver Description Hamachi Network Interface Driver Date 14.05.2007 Driver Version 6.0.2.2 Driver Provider LogMeIn, Inc. INF File hamachi.inf Hardware ID hamachi Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Network adapters / Microsoft 6to4 Adapter ] Device Properties: Driver Description Microsoft 6to4 Adapter Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File nettun.inf Hardware ID *6to4mp Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Network adapters / Microsoft ISATAP Adapter #2 ] Device Properties: Driver Description Microsoft ISATAP Adapter #2 Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File nettun.inf Hardware ID *ISATAP Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Network adapters / Microsoft ISATAP Adapter #3 ] Device Properties: Driver Description Microsoft ISATAP Adapter #3 Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File nettun.inf Hardware ID *ISATAP Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Network adapters / Microsoft ISATAP Adapter ] Device Properties: Driver Description Microsoft ISATAP Adapter Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File nettun.inf Hardware ID *ISATAP Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Network adapters / Microsoft Teredo Tunneling Adapter ] Device Properties: Driver Description Microsoft Teredo Tunneling Adapter Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File nettun.inf Hardware ID *TEREDO Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Network adapters / VirtualBox Host-Only Ethernet Adapter ] Device Properties: Driver Description VirtualBox Host-Only Ethernet Adapter Driver Date 16.03.2015 Driver Version 4.3.26.0 Driver Provider Oracle Corporation INF File vboxnetadp.inf Hardware ID sun_vboxnetadp Network Adapter Manufacturer: Company Name Oracle Corporation Product Information http://www.virtualbox.org Driver Download http://www.virtualbox.org Driver Update http://www.aida64.com/driver-updates [ Network adapters / WAN Miniport (IKEv2) ] Device Properties: Driver Description WAN Miniport (IKEv2) Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File netavpna.inf Hardware ID ms_agilevpnminiport Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Network adapters / WAN Miniport (IP) ] Device Properties: Driver Description WAN Miniport (IP) Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_ndiswanip Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Network adapters / WAN Miniport (IPv6) ] Device Properties: Driver Description WAN Miniport (IPv6) Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_ndiswanipv6 Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Network adapters / WAN Miniport (L2TP) ] Device Properties: Driver Description WAN Miniport (L2TP) Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_l2tpminiport Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Network adapters / WAN Miniport (Network Monitor) ] Device Properties: Driver Description WAN Miniport (Network Monitor) Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_ndiswanbh Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Network adapters / WAN Miniport (PPPOE) ] Device Properties: Driver Description WAN Miniport (PPPOE) Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_pppoeminiport Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Network adapters / WAN Miniport (PPTP) ] Device Properties: Driver Description WAN Miniport (PPTP) Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_pptpminiport Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Network adapters / WAN Miniport (SSTP) ] Device Properties: Driver Description WAN Miniport (SSTP) Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File netsstpa.inf Hardware ID ms_sstpminiport Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Non-Plug and Play Drivers / Ancillary Function Driver for Winsock ] Device Properties: Driver Description Ancillary Function Driver for Winsock [ Non-Plug and Play Drivers / Beep ] Device Properties: Driver Description Beep [ Non-Plug and Play Drivers / Bitlocker Drive Encryption Filter Driver ] Device Properties: Driver Description Bitlocker Drive Encryption Filter Driver [ Non-Plug and Play Drivers / CNG ] Device Properties: Driver Description CNG [ Non-Plug and Play Drivers / Common Log (CLFS) ] Device Properties: Driver Description Common Log (CLFS) [ Non-Plug and Play Drivers / Disk Virtual Machine Bus Acceleration Filter Driver ] Device Properties: Driver Description Disk Virtual Machine Bus Acceleration Filter Driver [ Non-Plug and Play Drivers / Dynamic Volume Manager ] Device Properties: Driver Description Dynamic Volume Manager [ Non-Plug and Play Drivers / Hardware Policy Driver ] Device Properties: Driver Description Hardware Policy Driver [ Non-Plug and Play Drivers / HTTP ] Device Properties: Driver Description HTTP [ Non-Plug and Play Drivers / Kernel Mode Driver Frameworks service ] Device Properties: Driver Description Kernel Mode Driver Frameworks service [ Non-Plug and Play Drivers / KSecDD ] Device Properties: Driver Description KSecDD [ Non-Plug and Play Drivers / KSecPkg ] Device Properties: Driver Description KSecPkg [ Non-Plug and Play Drivers / LDDM Graphics Subsystem ] Device Properties: Driver Description LDDM Graphics Subsystem [ Non-Plug and Play Drivers / Link-Layer Topology Discovery Mapper I/O Driver ] Device Properties: Driver Description Link-Layer Topology Discovery Mapper I/O Driver [ Non-Plug and Play Drivers / Link-Layer Topology Discovery Responder ] Device Properties: Driver Description Link-Layer Topology Discovery Responder [ Non-Plug and Play Drivers / Microsoft Network Inspection System ] Device Properties: Driver Description Microsoft Network Inspection System [ Non-Plug and Play Drivers / Mount Point Manager ] Device Properties: Driver Description Mount Point Manager [ Non-Plug and Play Drivers / msisadrv ] Device Properties: Driver Description msisadrv [ Non-Plug and Play Drivers / NDIS System Driver ] Device Properties: Driver Description NDIS System Driver [ Non-Plug and Play Drivers / NDProxy ] Device Properties: Driver Description NDProxy [ Non-Plug and Play Drivers / NETBT ] Device Properties: Driver Description NETBT [ Non-Plug and Play Drivers / NetIO Legacy TDI Support Driver ] Device Properties: Driver Description NetIO Legacy TDI Support Driver [ Non-Plug and Play Drivers / NSI proxy service driver. ] Device Properties: Driver Description NSI proxy service driver. [ Non-Plug and Play Drivers / Null ] Device Properties: Driver Description Null [ Non-Plug and Play Drivers / Offline Files Driver ] Device Properties: Driver Description Offline Files Driver [ Non-Plug and Play Drivers / Parvdm ] Device Properties: Driver Description Parvdm [ Non-Plug and Play Drivers / PEAUTH ] Device Properties: Driver Description PEAUTH [ Non-Plug and Play Drivers / Performance Counters for Windows Driver ] Device Properties: Driver Description Performance Counters for Windows Driver [ Non-Plug and Play Drivers / QoS Packet Scheduler ] Device Properties: Driver Description QoS Packet Scheduler [ Non-Plug and Play Drivers / RDP Encoder Mirror Driver ] Device Properties: Driver Description RDP Encoder Mirror Driver [ Non-Plug and Play Drivers / RDPCDD ] Device Properties: Driver Description RDPCDD [ Non-Plug and Play Drivers / Reflector Display Driver used to gain access to graphics data ] Device Properties: Driver Description Reflector Display Driver used to gain access to graphics data [ Non-Plug and Play Drivers / Remote Access IPv6 ARP Driver ] Device Properties: Driver Description Remote Access IPv6 ARP Driver [ Non-Plug and Play Drivers / Security Driver ] Device Properties: Driver Description Security Driver [ Non-Plug and Play Drivers / Security Processor Loader Driver ] Device Properties: Driver Description Security Processor Loader Driver [ Non-Plug and Play Drivers / StarForce Protection Environment Driver (version 1.x) ] Device Properties: Driver Description StarForce Protection Environment Driver (version 1.x) [ Non-Plug and Play Drivers / StarForce Protection Environment Driver (version 1.x.a) ] Device Properties: Driver Description StarForce Protection Environment Driver (version 1.x.a) [ Non-Plug and Play Drivers / StarForce Protection Helper Driver (version 2.x) ] Device Properties: Driver Description StarForce Protection Helper Driver (version 2.x) [ Non-Plug and Play Drivers / StarForce Protection Synchronization Driver (version 4.x) ] Device Properties: Driver Description StarForce Protection Synchronization Driver (version 4.x) [ Non-Plug and Play Drivers / Storage volumes ] Device Properties: Driver Description Storage volumes [ Non-Plug and Play Drivers / System Attribute Cache ] Device Properties: Driver Description System Attribute Cache [ Non-Plug and Play Drivers / TCP/IP Protocol Driver ] Device Properties: Driver Description TCP/IP Protocol Driver [ Non-Plug and Play Drivers / TCP/IP Registry Compatibility ] Device Properties: Driver Description TCP/IP Registry Compatibility [ Non-Plug and Play Drivers / User Mode Driver Frameworks Platform Driver ] Device Properties: Driver Description User Mode Driver Frameworks Platform Driver [ Non-Plug and Play Drivers / VgaSave ] Device Properties: Driver Description VgaSave [ Non-Plug and Play Drivers / Virtual Machine Bus ] Device Properties: Driver Description Virtual Machine Bus [ Non-Plug and Play Drivers / VirtualBox Service ] Device Properties: Driver Description VirtualBox Service [ Non-Plug and Play Drivers / VirtualBox USB Monitor Driver ] Device Properties: Driver Description VirtualBox USB Monitor Driver [ Non-Plug and Play Drivers / WFP Lightweight Filter ] Device Properties: Driver Description WFP Lightweight Filter [ Non-Plug and Play Drivers / Windows Firewall Authorization Driver ] Device Properties: Driver Description Windows Firewall Authorization Driver [ Portable Devices / MULTIBOOT ] Device Properties: Driver Description MULTIBOOT Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File wpdfs.inf [ Ports (COM & LPT) / Communications Port (COM1) ] Device Properties: Driver Description Communications Port (COM1) Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File msports.inf Hardware ID ACPI\PNP0501 PnP Device 16550A-compatible UART Serial Port Device Resources: IRQ 04 Port 03F8-03FF [ Ports (COM & LPT) / ECP Printer Port (LPT1) ] Device Properties: Driver Description ECP Printer Port (LPT1) Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File msports.inf Hardware ID ACPI\PNP0401 PnP Device ECP Parallel Port Device Resources: DMA 03 Port 0378-037F Port 0778-077F [ Processors / Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz ] Device Properties: Driver Description Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File cpu.inf Hardware ID ACPI\GenuineIntel_-_x86_Family_6_Model_15 CPU Manufacturer: Company Name Intel Corporation Product Information http://ark.intel.com/search.aspx?q=Intel Core 2 Duo E4400 Driver Update http://www.aida64.com/driver-updates [ Processors / Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz ] Device Properties: Driver Description Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File cpu.inf Hardware ID ACPI\GenuineIntel_-_x86_Family_6_Model_15 CPU Manufacturer: Company Name Intel Corporation Product Information http://ark.intel.com/search.aspx?q=Intel Core 2 Duo E4400 Driver Update http://www.aida64.com/driver-updates [ Sound, video and game controllers / High Definition Audio Device ] Device Properties: Driver Description High Definition Audio Device Driver Date 19.11.2010 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File hdaudio.inf Hardware ID HDAUDIO\FUNC_01&VEN_10EC&DEV_0883&SUBSYS_1043C603&REV_1000 Location Information Internal High Definition Audio Bus Device Manufacturer: Driver Update http://www.aida64.com/driver-updates [ Sound, video and game controllers / NVIDIA High Definition Audio ] Device Properties: Driver Description NVIDIA High Definition Audio Driver Date 03.02.2015 Driver Version 1.3.30.1 Driver Provider NVIDIA Corporation INF File oem15.inf Hardware ID HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002 Location Information Internal High Definition Audio Bus Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ Sound, video and game controllers / NVIDIA High Definition Audio ] Device Properties: Driver Description NVIDIA High Definition Audio Driver Date 03.02.2015 Driver Version 1.3.30.1 Driver Provider NVIDIA Corporation INF File oem15.inf Hardware ID HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002 Location Information Internal High Definition Audio Bus Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ Sound, video and game controllers / NVIDIA High Definition Audio ] Device Properties: Driver Description NVIDIA High Definition Audio Driver Date 03.02.2015 Driver Version 1.3.30.1 Driver Provider NVIDIA Corporation INF File oem15.inf Hardware ID HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002 Location Information Internal High Definition Audio Bus Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ Sound, video and game controllers / NVIDIA High Definition Audio ] Device Properties: Driver Description NVIDIA High Definition Audio Driver Date 03.02.2015 Driver Version 1.3.30.1 Driver Provider NVIDIA Corporation INF File oem15.inf Hardware ID HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002 Location Information Internal High Definition Audio Bus Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ Storage volume shadow copies / Generic volume shadow copy ] Device Properties: Driver Description Generic volume shadow copy Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File volsnap.inf Hardware ID STORAGE\VolumeSnapshot [ Storage volume shadow copies / Generic volume shadow copy ] Device Properties: Driver Description Generic volume shadow copy Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File volsnap.inf Hardware ID STORAGE\VolumeSnapshot [ Storage volume shadow copies / Generic volume shadow copy ] Device Properties: Driver Description Generic volume shadow copy Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File volsnap.inf Hardware ID STORAGE\VolumeSnapshot [ Storage Volumes / Generic volume ] Device Properties: Driver Description Generic volume Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File volume.inf Hardware ID STORAGE\Volume [ Storage Volumes / Generic volume ] Device Properties: Driver Description Generic volume Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File volume.inf Hardware ID STORAGE\Volume [ Storage Volumes / Generic volume ] Device Properties: Driver Description Generic volume Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File volume.inf Hardware ID STORAGE\Volume [ Storage Volumes / Generic volume ] Device Properties: Driver Description Generic volume Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File volume.inf Hardware ID STORAGE\Volume [ System devices / ACPI Fixed Feature Button ] Device Properties: Driver Description ACPI Fixed Feature Button Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\FixedButton [ System devices / ACPI Power Button ] Device Properties: Driver Description ACPI Power Button Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C0C PnP Device Power Button [ System devices / ATK0110 ACPI UTILITY ] Device Properties: Driver Description ATK0110 ACPI UTILITY Driver Date 13.08.2004 Driver Version 1043.2.15.37 Driver Provider ATK INF File oem2.inf Hardware ID ACPI\ATK0110 PnP Device Asus ATK-110 ACPI Utility [ System devices / Composite Bus Enumerator ] Device Properties: Driver Description Composite Bus Enumerator Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File compositebus.inf Hardware ID ROOT\CompositeBus [ System devices / DAEMON Tools Virtual Bus ] Device Properties: Driver Description DAEMON Tools Virtual Bus Driver Date 21.02.2014 Driver Version 4.49.1.352 Driver Provider DT Soft Ltd INF File oem12.inf Hardware ID root\DTSoftBus01 [ System devices / Direct memory access controller ] Device Properties: Driver Description Direct memory access controller Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0200 PnP Device DMA Controller Device Resources: DMA 04 Port 0000-000F Port 0081-0083 Port 0087-0087 Port 0089-008B Port 008F-008F Port 00C0-00DF [ System devices / File as Volume Driver ] Device Properties: Driver Description File as Volume Driver Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File blbdrive.inf Hardware ID ROOT\BLBDRIVE [ System devices / High Definition Audio Controller ] Device Properties: Driver Description High Definition Audio Controller Driver Date 19.11.2010 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File hdaudbus.inf Hardware ID PCI\VEN_8086&DEV_27D8&SUBSYS_82491043&REV_01 Location Information PCI bus 0, device 27, function 0 PCI Device Intel 82801GB ICH7 - High Definition Audio Controller [A-1] Device Resources: IRQ 19 Memory DBCF8000-DBCFBFFF [ System devices / High Definition Audio Controller ] Device Properties: Driver Description High Definition Audio Controller Driver Date 19.11.2010 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File hdaudbus.inf Hardware ID PCI\VEN_10DE&DEV_0BE3&SUBSYS_00000000&REV_A1 Location Information PCI bus 5, device 0, function 1 PCI Device nVIDIA GT218 - High Definition Audio Controller Device Resources: IRQ 17 Memory DDFFC000-DDFFFFFF [ System devices / High precision event timer ] Device Properties: Driver Description High precision event timer Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0103 PnP Device High Precision Event Timer Device Resources: Memory FED00000-FED003FF [ System devices / Intel(R) 82801 PCI Bridge - 244E ] Device Properties: Driver Description Intel(R) 82801 PCI Bridge - 244E Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_8086&DEV_244E&SUBSYS_81791043&REV_E1 Location Information PCI bus 0, device 30, function 0 PCI Device Intel 82801GB I/O Controller Hub 7 (ICH7) [A-1] Device Resources: Memory DBD00000-DBDFFFFF Port 9000-9FFF Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ System devices / Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D0 ] Device Properties: Driver Description Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D0 Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_8086&DEV_27D0&SUBSYS_81791043&REV_01 Location Information PCI bus 0, device 28, function 0 PCI Device Intel 82801GB ICH7 - PCI Express Root Port 1 [A-1] Device Resources: IRQ 16 Port D000-DFFF Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ System devices / Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D4 ] Device Properties: Driver Description Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D4 Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_8086&DEV_27D4&SUBSYS_81791043&REV_01 Location Information PCI bus 0, device 28, function 2 PCI Device Intel 82801GB ICH7 - PCI Express Root Port 3 [A-1] Device Resources: IRQ 18 Memory DBF00000-DBFFFFFF Port C000-CFFF Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ System devices / Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D6 ] Device Properties: Driver Description Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D6 Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_8086&DEV_27D6&SUBSYS_81791043&REV_01 Location Information PCI bus 0, device 28, function 3 PCI Device Intel 82801GB ICH7 - PCI Express Root Port 4 [A-1] Device Resources: IRQ 19 Memory DBE00000-DBEFFFFF Port A000-BFFF Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ System devices / Intel(R) 82801G (ICH7 Family) SMBus Controller - 27DA ] Device Properties: Driver Description Intel(R) 82801G (ICH7 Family) SMBus Controller - 27DA Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_8086&DEV_27DA&SUBSYS_81791043&REV_01 Location Information PCI bus 0, device 31, function 3 PCI Device Intel 82801GB ICH7 - SMBus Controller [A-1] Device Resources: IRQ 11 Port 0400-041F Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ System devices / Intel(R) 82801GB/GR (ICH7 Family) LPC Interface Controller - 27B8 ] Device Properties: Driver Description Intel(R) 82801GB/GR (ICH7 Family) LPC Interface Controller - 27B8 Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_8086&DEV_27B8&SUBSYS_81791043&REV_01 Location Information PCI bus 0, device 31, function 0 PCI Device Intel 82801GB ICH7 - LPC Bridge [A-1] Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ System devices / Intel(R) 945G/GZ/GC/P/PL PCI Express Root Port - 2771 ] Device Properties: Driver Description Intel(R) 945G/GZ/GC/P/PL PCI Express Root Port - 2771 Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_8086&DEV_2771&SUBSYS_00008086&REV_02 Location Information PCI bus 0, device 1, function 0 PCI Device Intel 82945P PCI Express Root Port [A-2] Device Resources: IRQ 16 Memory 000A0000-000BFFFF Memory DC000000-DDFFFFFF Memory DE000000-EFFFFFFF Port 03B0-03BB Port 03C0-03DF Port E000-EFFF Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ System devices / Intel(R) 945G/GZ/GC/P/PL Processor to I/O Controller - 2770 ] Device Properties: Driver Description Intel(R) 945G/GZ/GC/P/PL Processor to I/O Controller - 2770 Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_8086&DEV_2770&SUBSYS_81781043&REV_02 Location Information PCI bus 0, device 0, function 0 PCI Device Intel 82945P Memory Controller Hub [A-2] Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ System devices / Microsoft ACPI-Compliant System ] Device Properties: Driver Description Microsoft ACPI-Compliant System Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File acpi.inf Hardware ID ACPI_HAL\PNP0C08 PnP Device ACPI Driver/BIOS Device Resources: IRQ 100 IRQ 101 IRQ 102 IRQ 103 IRQ 104 IRQ 105 IRQ 106 IRQ 107 IRQ 108 IRQ 109 IRQ 110 IRQ 111 IRQ 112 IRQ 113 IRQ 114 IRQ 115 IRQ 116 IRQ 117 IRQ 118 IRQ 119 IRQ 120 IRQ 121 IRQ 122 IRQ 123 IRQ 124 IRQ 125 IRQ 126 IRQ 127 IRQ 128 IRQ 129 IRQ 130 IRQ 131 IRQ 132 IRQ 133 IRQ 134 IRQ 135 IRQ 136 IRQ 137 IRQ 138 IRQ 139 IRQ 140 IRQ 141 IRQ 142 IRQ 143 IRQ 144 IRQ 145 IRQ 146 IRQ 147 IRQ 148 IRQ 149 IRQ 150 IRQ 151 IRQ 152 IRQ 153 IRQ 154 IRQ 155 IRQ 156 IRQ 157 IRQ 158 IRQ 159 IRQ 160 IRQ 161 IRQ 162 IRQ 163 IRQ 164 IRQ 165 IRQ 166 IRQ 167 IRQ 168 IRQ 169 IRQ 170 IRQ 171 IRQ 172 IRQ 173 IRQ 174 IRQ 175 IRQ 176 IRQ 177 IRQ 178 IRQ 179 IRQ 180 IRQ 181 IRQ 182 IRQ 183 IRQ 184 IRQ 185 IRQ 186 IRQ 187 IRQ 188 IRQ 189 IRQ 190 IRQ 81 IRQ 82 IRQ 83 IRQ 84 IRQ 85 IRQ 86 IRQ 87 IRQ 88 IRQ 89 IRQ 90 IRQ 91 IRQ 92 IRQ 93 IRQ 94 IRQ 95 IRQ 96 IRQ 97 IRQ 98 IRQ 99 [ System devices / Microsoft System Management BIOS Driver ] Device Properties: Driver Description Microsoft System Management BIOS Driver Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ROOT\mssmbios [ System devices / Microsoft Virtual Drive Enumerator Driver ] Device Properties: Driver Description Microsoft Virtual Drive Enumerator Driver Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ROOT\vdrvroot [ System devices / Motherboard resources ] Device Properties: Driver Description Motherboard resources Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C02 PnP Device Thermal Monitoring ACPI Device Device Resources: Memory E0000000-EFFFFFFF [ System devices / Motherboard resources ] Device Properties: Driver Description Motherboard resources Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C02 PnP Device Thermal Monitoring ACPI Device Device Resources: Memory F0000000-F3FFFFFF [ System devices / Motherboard resources ] Device Properties: Driver Description Motherboard resources Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C02 PnP Device Thermal Monitoring ACPI Device Device Resources: Memory FEC00000-FEC00FFF Memory FEE00000-FEE00FFF [ System devices / Motherboard resources ] Device Properties: Driver Description Motherboard resources Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C02 PnP Device Thermal Monitoring ACPI Device Device Resources: Memory FED1C000-FED1FFFF Memory FED20000-FED8FFFF Memory FFB00000-FFBFFFFF Memory FFF00000-FFFFFFFE Port 0010-001F Port 0022-003F Port 0044-005F Port 0062-0063 Port 0065-006F Port 0072-007F Port 0080-0080 Port 0084-0086 Port 0088-0088 Port 008C-008E Port 0090-009F Port 00A2-00BF Port 00E0-00EF Port 0480-04BF Port 04D0-04D1 Port 0800-087F [ System devices / Motherboard resources ] Device Properties: Driver Description Motherboard resources Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C02 PnP Device Thermal Monitoring ACPI Device Device Resources: Port 0290-0297 [ System devices / Numeric data processor ] Device Properties: Driver Description Numeric data processor Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C04 PnP Device Numeric Data Processor Device Resources: IRQ 13 Port 00F0-00FF [ System devices / PCI bus ] Device Properties: Driver Description PCI bus Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0A08 PnP Device ACPI Three-wire Device Bus Device Resources: Memory 000A0000-000BFFFF Memory C0010000-FFFFFFFF Port 0000-0CF7 Port 0D00-FFFF [ System devices / Plug and Play Software Device Enumerator ] Device Properties: Driver Description Plug and Play Software Device Enumerator Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID root\swenum [ System devices / Printer Port Logical Interface ] Device Properties: Driver Description Printer Port Logical Interface Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID LPTENUM\MicrosoftRawPort958A Location Information LPT1 [ System devices / Programmable interrupt controller ] Device Properties: Driver Description Programmable interrupt controller Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0000 PnP Device Programmable Interrupt Controller Device Resources: Port 0020-0021 Port 00A0-00A1 [ System devices / Remote Desktop Device Redirector Bus ] Device Properties: Driver Description Remote Desktop Device Redirector Bus Driver Date 21.06.2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File rdpbus.inf Hardware ID ROOT\RDPBUS [ System devices / System board ] Device Properties: Driver Description System board Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C01 PnP Device System Board Extension Device Resources: Memory 00000000-0009FFFF Memory 000C0000-000DFFFF Memory 000E0000-000FFFFF Memory 00100000-BFFFFFFF [ System devices / System board ] Device Properties: Driver Description System board Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C01 PnP Device System Board Extension Device Resources: Memory FED13000-FED19FFF [ System devices / System CMOS/real time clock ] Device Properties: Driver Description System CMOS/real time clock Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0B00 PnP Device Real-Time Clock Device Resources: IRQ 08 Port 0070-0071 [ System devices / System speaker ] Device Properties: Driver Description System speaker Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0800 PnP Device PC Speaker Device Resources: Port 0061-0061 [ System devices / System timer ] Device Properties: Driver Description System timer Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0100 PnP Device System Timer Device Resources: IRQ 00 Port 0040-0043 [ System devices / Terminal Server Keyboard Driver ] Device Properties: Driver Description Terminal Server Keyboard Driver Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ROOT\RDP_KBD [ System devices / Terminal Server Mouse Driver ] Device Properties: Driver Description Terminal Server Mouse Driver Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ROOT\RDP_MOU [ System devices / UMBus Enumerator ] Device Properties: Driver Description UMBus Enumerator Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File umbus.inf Hardware ID UMB\UMBUS [ System devices / UMBus Enumerator ] Device Properties: Driver Description UMBus Enumerator Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File umbus.inf Hardware ID UMB\UMBUS [ System devices / UMBus Root Bus Enumerator ] Device Properties: Driver Description UMBus Root Bus Enumerator Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File umbus.inf Hardware ID root\umbus [ System devices / Volume Manager ] Device Properties: Driver Description Volume Manager Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ROOT\VOLMGR [ Universal Serial Bus controllers / Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C8 ] Device Properties: Driver Description Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C8 Driver Date 21.06.2006 Driver Version 6.1.7601.18328 Driver Provider Microsoft INF File usbport.inf Hardware ID PCI\VEN_8086&DEV_27C8&SUBSYS_81791043&REV_01 Location Information PCI bus 0, device 29, function 0 PCI Device Intel 82801GB ICH7 - USB Universal Host Controller [A-1] Device Resources: IRQ 20 Port 6000-601F Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ Universal Serial Bus controllers / Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C9 ] Device Properties: Driver Description Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C9 Driver Date 21.06.2006 Driver Version 6.1.7601.18328 Driver Provider Microsoft INF File usbport.inf Hardware ID PCI\VEN_8086&DEV_27C9&SUBSYS_81791043&REV_01 Location Information PCI bus 0, device 29, function 1 PCI Device Intel 82801GB ICH7 - USB Universal Host Controller [A-1] Device Resources: IRQ 17 Port 6400-641F Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ Universal Serial Bus controllers / Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA ] Device Properties: Driver Description Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA Driver Date 21.06.2006 Driver Version 6.1.7601.18328 Driver Provider Microsoft INF File usbport.inf Hardware ID PCI\VEN_8086&DEV_27CA&SUBSYS_81791043&REV_01 Location Information PCI bus 0, device 29, function 2 PCI Device Intel 82801GB ICH7 - USB Universal Host Controller [A-1] Device Resources: IRQ 18 Port 6800-681F Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ Universal Serial Bus controllers / Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB ] Device Properties: Driver Description Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB Driver Date 21.06.2006 Driver Version 6.1.7601.18328 Driver Provider Microsoft INF File usbport.inf Hardware ID PCI\VEN_8086&DEV_27CB&SUBSYS_81791043&REV_01 Location Information PCI bus 0, device 29, function 3 PCI Device Intel 82801GB ICH7 - USB Universal Host Controller [A-1] Device Resources: IRQ 19 Port 7000-701F Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ Universal Serial Bus controllers / Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC ] Device Properties: Driver Description Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC Driver Date 21.06.2006 Driver Version 6.1.7601.18328 Driver Provider Microsoft INF File usbport.inf Hardware ID PCI\VEN_8086&DEV_27CC&SUBSYS_81791043&REV_01 Location Information PCI bus 0, device 29, function 7 PCI Device Intel 82801GB ICH7 - Enhanced USB2 Controller [A-1] Device Resources: IRQ 20 Memory DBCFFC00-DBCFFFFF Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ Universal Serial Bus controllers / USB Composite Device ] Device Properties: Driver Description USB Composite Device Driver Date 21.06.2006 Driver Version 6.1.7601.18328 Driver Provider Microsoft INF File usb.inf Hardware ID USB\VID_0458&PID_0708&REV_0100 Location Information Port_#0001.Hub_#0001 [ Universal Serial Bus controllers / USB Mass Storage Device ] Device Properties: Driver Description USB Mass Storage Device Driver Date 21.06.2006 Driver Version 6.1.7601.17577 Driver Provider Microsoft INF File usbstor.inf Hardware ID USB\VID_18A5&PID_0302&REV_0100 Location Information Port_#0004.Hub_#0005 [ Universal Serial Bus controllers / USB Root Hub ] Device Properties: Driver Description USB Root Hub Driver Date 21.06.2006 Driver Version 6.1.7601.18328 Driver Provider Microsoft INF File usbport.inf Hardware ID USB\ROOT_HUB&VID8086&PID27C9&REV0001 [ Universal Serial Bus controllers / USB Root Hub ] Device Properties: Driver Description USB Root Hub Driver Date 21.06.2006 Driver Version 6.1.7601.18328 Driver Provider Microsoft INF File usbport.inf Hardware ID USB\ROOT_HUB&VID8086&PID27C8&REV0001 [ Universal Serial Bus controllers / USB Root Hub ] Device Properties: Driver Description USB Root Hub Driver Date 21.06.2006 Driver Version 6.1.7601.18328 Driver Provider Microsoft INF File usbport.inf Hardware ID USB\ROOT_HUB&VID8086&PID27CB&REV0001 [ Universal Serial Bus controllers / USB Root Hub ] Device Properties: Driver Description USB Root Hub Driver Date 21.06.2006 Driver Version 6.1.7601.18328 Driver Provider Microsoft INF File usbport.inf Hardware ID USB\ROOT_HUB&VID8086&PID27CA&REV0001 [ Universal Serial Bus controllers / USB Root Hub ] Device Properties: Driver Description USB Root Hub Driver Date 21.06.2006 Driver Version 6.1.7601.18328 Driver Provider Microsoft INF File usbport.inf Hardware ID USB\ROOT_HUB20&VID8086&PID27CC&REV0001 --------[ Physical Devices ]-------------------------------------------------------------------------------------------- PCI Devices: Bus 3, Device 0, Function 0 Attansic L1 Gigabit Ethernet Adapter Bus 0, Device 30, Function 0 Intel 82801GB I/O Controller Hub 7 (ICH7) [A-1] Bus 0, Device 31, Function 1 Intel 82801GB ICH7 - ATA-100 IDE Controller [A-1] Bus 0, Device 29, Function 7 Intel 82801GB ICH7 - Enhanced USB2 Controller [A-1] Bus 0, Device 27, Function 0 Intel 82801GB ICH7 - High Definition Audio Controller [A-1] Bus 0, Device 31, Function 0 Intel 82801GB ICH7 - LPC Bridge [A-1] Bus 0, Device 28, Function 0 Intel 82801GB ICH7 - PCI Express Root Port 1 [A-1] Bus 0, Device 28, Function 2 Intel 82801GB ICH7 - PCI Express Root Port 3 [A-1] Bus 0, Device 28, Function 3 Intel 82801GB ICH7 - PCI Express Root Port 4 [A-1] Bus 0, Device 31, Function 2 Intel 82801GB ICH7 - SATA Controller [A-1] Bus 0, Device 31, Function 3 Intel 82801GB ICH7 - SMBus Controller [A-1] Bus 0, Device 29, Function 0 Intel 82801GB ICH7 - USB Universal Host Controller [A-1] Bus 0, Device 29, Function 1 Intel 82801GB ICH7 - USB Universal Host Controller [A-1] Bus 0, Device 29, Function 2 Intel 82801GB ICH7 - USB Universal Host Controller [A-1] Bus 0, Device 29, Function 3 Intel 82801GB ICH7 - USB Universal Host Controller [A-1] Bus 0, Device 0, Function 0 Intel 82945P Memory Controller Hub [A-2] Bus 0, Device 1, Function 0 Intel 82945P PCI Express Root Port [A-2] Bus 2, Device 0, Function 0 JMicron JMB360 SATA-II AHCI Controller Bus 5, Device 0, Function 0 nVIDIA GeForce 210 Video Adapter Bus 5, Device 0, Function 1 nVIDIA GT218 - High Definition Audio Controller Bus 1, Device 4, Function 0 VIA VT6308 Fire IIM IEEE1394 Host Controller PnP Devices: PNP0501 16550A-compatible UART Serial Port PNP0C08 ACPI Driver/BIOS FIXEDBUTTON ACPI Fixed Feature Button PNP0A08 ACPI Three-wire Device Bus ATK0110 Asus ATK-110 ACPI Utility PNP0200 DMA Controller PNP0401 ECP Parallel Port PNP0700 Floppy Disk Controller PNP0103 High Precision Event Timer GENUINEINTEL_-_X86_FAMILY_6_MODEL_15_-_INTEL(R)_CORE(TM)2_CPU__________4400__@_2.00GHZIntel(R) Core(TM)2 CPU 4400 @ 2.00GHz GENUINEINTEL_-_X86_FAMILY_6_MODEL_15_-_INTEL(R)_CORE(TM)2_CPU__________4400__@_2.00GHZIntel(R) Core(TM)2 CPU 4400 @ 2.00GHz 6TO4MP Microsoft 6to4 Adapter ISATAP Microsoft ISATAP Adapter #2 ISATAP Microsoft ISATAP Adapter #3 ISATAP Microsoft ISATAP Adapter TEREDO Microsoft Teredo Tunneling Adapter PNP0C04 Numeric Data Processor PNP0800 PC Speaker PNP0C0C Power Button PNP0000 Programmable Interrupt Controller PNP0B00 Real-Time Clock PNP0C01 System Board Extension PNP0C01 System Board Extension PNP0100 System Timer PNP0C02 Thermal Monitoring ACPI Device PNP0C02 Thermal Monitoring ACPI Device PNP0C02 Thermal Monitoring ACPI Device PNP0C02 Thermal Monitoring ACPI Device PNP0C02 Thermal Monitoring ACPI Device LPT PnP Devices: MICROSOFTRAWPORT Printer Port Logical Interface USB Devices: 0458 0708 USB Composite Device 0458 003A USB Input Device 0458 0708 USB Input Device 0458 0708 USB Input Device 18A5 0302 USB Mass Storage Device Ports: COM1 Communications Port (COM1) LPT1 ECP Printer Port (LPT1) --------[ PCI Devices ]------------------------------------------------------------------------------------------------- [ Attansic L1 Gigabit Ethernet Adapter ] Device Properties: Device Description Attansic L1 Gigabit Ethernet Adapter Bus Type PCI Express 1.0 x1 Bus / Device / Function 3 / 0 / 0 Device ID 1969-1048 Subsystem ID 1043-8226 Device Class 0200 (Ethernet Controller) Revision B0 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel 82801GB I/O Controller Hub 7 (ICH7) [A-1] ] Device Properties: Device Description Intel 82801GB I/O Controller Hub 7 (ICH7) [A-1] Bus Type PCI Bus / Device / Function 0 / 30 / 0 Device ID 8086-244E Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision E1 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel 82801GB ICH7 - ATA-100 IDE Controller [A-1] ] Device Properties: Device Description Intel 82801GB ICH7 - ATA-100 IDE Controller [A-1] Bus Type PCI Bus / Device / Function 0 / 31 / 1 Device ID 8086-27DF Subsystem ID 1043-8179 Device Class 0101 (IDE Controller) Revision 01 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel 82801GB ICH7 - Enhanced USB2 Controller [A-1] ] Device Properties: Device Description Intel 82801GB ICH7 - Enhanced USB2 Controller [A-1] Bus Type PCI Bus / Device / Function 0 / 29 / 7 Device ID 8086-27CC Subsystem ID 1043-8179 Device Class 0C03 (USB Controller) Revision 01 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel 82801GB ICH7 - High Definition Audio Controller [A-1] ] Device Properties: Device Description Intel 82801GB ICH7 - High Definition Audio Controller [A-1] Bus Type PCI Express 1.0 Bus / Device / Function 0 / 27 / 0 Device ID 8086-27D8 Subsystem ID 1043-8249 Device Class 0403 (High Definition Audio) Revision 01 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel 82801GB ICH7 - LPC Bridge [A-1] ] Device Properties: Device Description Intel 82801GB ICH7 - LPC Bridge [A-1] Bus Type PCI Bus / Device / Function 0 / 31 / 0 Device ID 8086-27B8 Subsystem ID 1043-8179 Device Class 0601 (PCI/ISA Bridge) Revision 01 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel 82801GB ICH7 - PCI Express Root Port 1 [A-1] ] Device Properties: Device Description Intel 82801GB ICH7 - PCI Express Root Port 1 [A-1] Bus Type PCI Bus / Device / Function 0 / 28 / 0 Device ID 8086-27D0 Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision 01 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel 82801GB ICH7 - PCI Express Root Port 3 [A-1] ] Device Properties: Device Description Intel 82801GB ICH7 - PCI Express Root Port 3 [A-1] Bus Type PCI Bus / Device / Function 0 / 28 / 2 Device ID 8086-27D4 Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision 01 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel 82801GB ICH7 - PCI Express Root Port 4 [A-1] ] Device Properties: Device Description Intel 82801GB ICH7 - PCI Express Root Port 4 [A-1] Bus Type PCI Bus / Device / Function 0 / 28 / 3 Device ID 8086-27D6 Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision 01 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel 82801GB ICH7 - SATA Controller [A-1] ] Device Properties: Device Description Intel 82801GB ICH7 - SATA Controller [A-1] Bus Type PCI Bus / Device / Function 0 / 31 / 2 Device ID 8086-27C0 Subsystem ID 1043-2601 Device Class 0101 (IDE Controller) Revision 01 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Supported Bus Mastering Enabled [ Intel 82801GB ICH7 - SMBus Controller [A-1] ] Device Properties: Device Description Intel 82801GB ICH7 - SMBus Controller [A-1] Bus Type PCI Bus / Device / Function 0 / 31 / 3 Device ID 8086-27DA Subsystem ID 1043-8179 Device Class 0C05 (SMBus Controller) Revision 01 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Disabled [ Intel 82801GB ICH7 - USB Universal Host Controller [A-1] ] Device Properties: Device Description Intel 82801GB ICH7 - USB Universal Host Controller [A-1] Bus Type PCI Bus / Device / Function 0 / 29 / 0 Device ID 8086-27C8 Subsystem ID 1043-8179 Device Class 0C03 (USB Controller) Revision 01 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel 82801GB ICH7 - USB Universal Host Controller [A-1] ] Device Properties: Device Description Intel 82801GB ICH7 - USB Universal Host Controller [A-1] Bus Type PCI Bus / Device / Function 0 / 29 / 1 Device ID 8086-27C9 Subsystem ID 1043-8179 Device Class 0C03 (USB Controller) Revision 01 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel 82801GB ICH7 - USB Universal Host Controller [A-1] ] Device Properties: Device Description Intel 82801GB ICH7 - USB Universal Host Controller [A-1] Bus Type PCI Bus / Device / Function 0 / 29 / 2 Device ID 8086-27CA Subsystem ID 1043-8179 Device Class 0C03 (USB Controller) Revision 01 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel 82801GB ICH7 - USB Universal Host Controller [A-1] ] Device Properties: Device Description Intel 82801GB ICH7 - USB Universal Host Controller [A-1] Bus Type PCI Bus / Device / Function 0 / 29 / 3 Device ID 8086-27CB Subsystem ID 1043-8179 Device Class 0C03 (USB Controller) Revision 01 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel 82945P Memory Controller Hub [A-2] ] Device Properties: Device Description Intel 82945P Memory Controller Hub [A-2] Bus Type PCI Bus / Device / Function 0 / 0 / 0 Device ID 8086-2770 Subsystem ID 1043-8178 Device Class 0600 (Host/PCI Bridge) Revision 02 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel 82945P PCI Express Root Port [A-2] ] Device Properties: Device Description Intel 82945P PCI Express Root Port [A-2] Bus Type PCI Bus / Device / Function 0 / 1 / 0 Device ID 8086-2771 Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision 02 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ JMicron JMB360 SATA-II AHCI Controller ] Device Properties: Device Description JMicron JMB360 SATA-II AHCI Controller Bus Type PCI Express 1.0 x1 Bus / Device / Function 2 / 0 / 0 Device ID 197B-2360 Subsystem ID 1043-8208 Device Class 0101 (IDE Controller) Revision 02 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ nVIDIA GeForce 210 Video Adapter ] Device Properties: Device Description nVIDIA GeForce 210 Video Adapter Bus Type PCI Express 2.0 x16 Bus / Device / Function 5 / 0 / 0 Device ID 10DE-0A65 Subsystem ID 0000-0000 Device Class 0300 (VGA Display Controller) Revision A2 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled Video Adapter Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ nVIDIA GT218 - High Definition Audio Controller ] Device Properties: Device Description nVIDIA GT218 - High Definition Audio Controller Bus Type PCI Express 2.0 x16 Bus / Device / Function 5 / 0 / 1 Device ID 10DE-0BE3 Subsystem ID 0000-0000 Device Class 0403 (High Definition Audio) Revision A1 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ VIA VT6308 Fire IIM IEEE1394 Host Controller ] Device Properties: Device Description VIA VT6308 Fire IIM IEEE1394 Host Controller Bus Type PCI Bus / Device / Function 1 / 4 / 0 Device ID 1106-3044 Subsystem ID 1043-81FE Device Class 0C00 (FireWire Controller) Revision C0 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled --------[ USB Devices ]------------------------------------------------------------------------------------------------- [ USB Composite Device (Multimedia Keyboard) ] Device Properties: Device Description USB Composite Device Device ID 0458-0708 Device Class 03 / 01 (Human Interface Device) Device Protocol 01 Manufacturer Genius Product Multimedia Keyboard Supported USB Version 2.00 Current Speed Low (USB 1.1) [ USB Input Device (Optical Mouse) ] Device Properties: Device Description USB Input Device Device ID 0458-003A Device Class 03 / 01 (Human Interface Device) Device Protocol 02 Manufacturer Genius Product Optical Mouse Supported USB Version 1.10 Current Speed Low (USB 1.1) [ USB Mass Storage Device (STORE N GO) ] Device Properties: Device Description USB Mass Storage Device Device ID 18A5-0302 Device Class 08 / 06 (Mass Storage) Device Protocol 50 Manufacturer Verbatim Product STORE N GO Serial Number 1311292147000262337506 Supported USB Version 2.00 Current Speed High (USB 2.0) --------[ Device Resources ]-------------------------------------------------------------------------------------------- DMA 02 Exclusive Standard floppy disk controller DMA 03 Exclusive ECP Printer Port (LPT1) DMA 04 Exclusive Direct memory access controller IRQ 00 Exclusive System timer IRQ 04 Exclusive Communications Port (COM1) IRQ 06 Exclusive Standard floppy disk controller IRQ 08 Exclusive System CMOS/real time clock IRQ 100 Exclusive Microsoft ACPI-Compliant System IRQ 101 Exclusive Microsoft ACPI-Compliant System IRQ 102 Exclusive Microsoft ACPI-Compliant System IRQ 103 Exclusive Microsoft ACPI-Compliant System IRQ 104 Exclusive Microsoft ACPI-Compliant System IRQ 105 Exclusive Microsoft ACPI-Compliant System IRQ 106 Exclusive Microsoft ACPI-Compliant System IRQ 107 Exclusive Microsoft ACPI-Compliant System IRQ 108 Exclusive Microsoft ACPI-Compliant System IRQ 109 Exclusive Microsoft ACPI-Compliant System IRQ 11 Shared Intel(R) 82801G (ICH7 Family) SMBus Controller - 27DA IRQ 110 Exclusive Microsoft ACPI-Compliant System IRQ 111 Exclusive Microsoft ACPI-Compliant System IRQ 112 Exclusive Microsoft ACPI-Compliant System IRQ 113 Exclusive Microsoft ACPI-Compliant System IRQ 114 Exclusive Microsoft ACPI-Compliant System IRQ 115 Exclusive Microsoft ACPI-Compliant System IRQ 116 Exclusive Microsoft ACPI-Compliant System IRQ 117 Exclusive Microsoft ACPI-Compliant System IRQ 118 Exclusive Microsoft ACPI-Compliant System IRQ 119 Exclusive Microsoft ACPI-Compliant System IRQ 120 Exclusive Microsoft ACPI-Compliant System IRQ 121 Exclusive Microsoft ACPI-Compliant System IRQ 122 Exclusive Microsoft ACPI-Compliant System IRQ 123 Exclusive Microsoft ACPI-Compliant System IRQ 124 Exclusive Microsoft ACPI-Compliant System IRQ 125 Exclusive Microsoft ACPI-Compliant System IRQ 126 Exclusive Microsoft ACPI-Compliant System IRQ 127 Exclusive Microsoft ACPI-Compliant System IRQ 128 Exclusive Microsoft ACPI-Compliant System IRQ 129 Exclusive Microsoft ACPI-Compliant System IRQ 13 Exclusive Numeric data processor IRQ 130 Exclusive Microsoft ACPI-Compliant System IRQ 131 Exclusive Microsoft ACPI-Compliant System IRQ 132 Exclusive Microsoft ACPI-Compliant System IRQ 133 Exclusive Microsoft ACPI-Compliant System IRQ 134 Exclusive Microsoft ACPI-Compliant System IRQ 135 Exclusive Microsoft ACPI-Compliant System IRQ 136 Exclusive Microsoft ACPI-Compliant System IRQ 137 Exclusive Microsoft ACPI-Compliant System IRQ 138 Exclusive Microsoft ACPI-Compliant System IRQ 139 Exclusive Microsoft ACPI-Compliant System IRQ 14 Exclusive ATA Channel 0 IRQ 140 Exclusive Microsoft ACPI-Compliant System IRQ 141 Exclusive Microsoft ACPI-Compliant System IRQ 142 Exclusive Microsoft ACPI-Compliant System IRQ 143 Exclusive Microsoft ACPI-Compliant System IRQ 144 Exclusive Microsoft ACPI-Compliant System IRQ 145 Exclusive Microsoft ACPI-Compliant System IRQ 146 Exclusive Microsoft ACPI-Compliant System IRQ 147 Exclusive Microsoft ACPI-Compliant System IRQ 148 Exclusive Microsoft ACPI-Compliant System IRQ 149 Exclusive Microsoft ACPI-Compliant System IRQ 15 Exclusive ATA Channel 1 IRQ 150 Exclusive Microsoft ACPI-Compliant System IRQ 151 Exclusive Microsoft ACPI-Compliant System IRQ 152 Exclusive Microsoft ACPI-Compliant System IRQ 153 Exclusive Microsoft ACPI-Compliant System IRQ 154 Exclusive Microsoft ACPI-Compliant System IRQ 155 Exclusive Microsoft ACPI-Compliant System IRQ 156 Exclusive Microsoft ACPI-Compliant System IRQ 157 Exclusive Microsoft ACPI-Compliant System IRQ 158 Exclusive Microsoft ACPI-Compliant System IRQ 159 Exclusive Microsoft ACPI-Compliant System IRQ 16 Shared NVIDIA GeForce 210 IRQ 16 Shared Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D0 IRQ 16 Shared Intel(R) 945G/GZ/GC/P/PL PCI Express Root Port - 2771 IRQ 160 Exclusive Microsoft ACPI-Compliant System IRQ 161 Exclusive Microsoft ACPI-Compliant System IRQ 162 Exclusive Microsoft ACPI-Compliant System IRQ 163 Exclusive Microsoft ACPI-Compliant System IRQ 164 Exclusive Microsoft ACPI-Compliant System IRQ 165 Exclusive Microsoft ACPI-Compliant System IRQ 166 Exclusive Microsoft ACPI-Compliant System IRQ 167 Exclusive Microsoft ACPI-Compliant System IRQ 168 Exclusive Microsoft ACPI-Compliant System IRQ 169 Exclusive Microsoft ACPI-Compliant System IRQ 17 Shared Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C9 IRQ 17 Shared High Definition Audio Controller IRQ 170 Exclusive Microsoft ACPI-Compliant System IRQ 171 Exclusive Microsoft ACPI-Compliant System IRQ 172 Exclusive Microsoft ACPI-Compliant System IRQ 173 Exclusive Microsoft ACPI-Compliant System IRQ 174 Exclusive Microsoft ACPI-Compliant System IRQ 175 Exclusive Microsoft ACPI-Compliant System IRQ 176 Exclusive Microsoft ACPI-Compliant System IRQ 177 Exclusive Microsoft ACPI-Compliant System IRQ 178 Exclusive Microsoft ACPI-Compliant System IRQ 179 Exclusive Microsoft ACPI-Compliant System IRQ 18 Shared Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller IRQ 18 Shared Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA IRQ 18 Shared Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D4 IRQ 180 Exclusive Microsoft ACPI-Compliant System IRQ 181 Exclusive Microsoft ACPI-Compliant System IRQ 182 Exclusive Microsoft ACPI-Compliant System IRQ 183 Exclusive Microsoft ACPI-Compliant System IRQ 184 Exclusive Microsoft ACPI-Compliant System IRQ 185 Exclusive Microsoft ACPI-Compliant System IRQ 186 Exclusive Microsoft ACPI-Compliant System IRQ 187 Exclusive Microsoft ACPI-Compliant System IRQ 188 Exclusive Microsoft ACPI-Compliant System IRQ 189 Exclusive Microsoft ACPI-Compliant System IRQ 19 Shared Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB IRQ 19 Shared High Definition Audio Controller IRQ 19 Shared Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D6 IRQ 19 Shared Standard Dual Channel PCI IDE Controller IRQ 190 Exclusive Microsoft ACPI-Compliant System IRQ 20 Shared Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C8 IRQ 20 Shared Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC IRQ 23 Shared Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0 IRQ 23 Shared VIA 1394 OHCI Compliant Host Controller IRQ 81 Exclusive Microsoft ACPI-Compliant System IRQ 82 Exclusive Microsoft ACPI-Compliant System IRQ 83 Exclusive Microsoft ACPI-Compliant System IRQ 84 Exclusive Microsoft ACPI-Compliant System IRQ 85 Exclusive Microsoft ACPI-Compliant System IRQ 86 Exclusive Microsoft ACPI-Compliant System IRQ 87 Exclusive Microsoft ACPI-Compliant System IRQ 88 Exclusive Microsoft ACPI-Compliant System IRQ 89 Exclusive Microsoft ACPI-Compliant System IRQ 90 Exclusive Microsoft ACPI-Compliant System IRQ 91 Exclusive Microsoft ACPI-Compliant System IRQ 92 Exclusive Microsoft ACPI-Compliant System IRQ 93 Exclusive Microsoft ACPI-Compliant System IRQ 94 Exclusive Microsoft ACPI-Compliant System IRQ 95 Exclusive Microsoft ACPI-Compliant System IRQ 96 Exclusive Microsoft ACPI-Compliant System IRQ 97 Exclusive Microsoft ACPI-Compliant System IRQ 98 Exclusive Microsoft ACPI-Compliant System IRQ 99 Exclusive Microsoft ACPI-Compliant System Memory 00000000-0009FFFF Exclusive System board Memory 000A0000-000BFFFF Shared NVIDIA GeForce 210 Memory 000A0000-000BFFFF Shared PCI bus Memory 000A0000-000BFFFF Undetermined Intel(R) 945G/GZ/GC/P/PL PCI Express Root Port - 2771 Memory 000C0000-000DFFFF Exclusive System board Memory 000E0000-000FFFFF Exclusive System board Memory 00100000-BFFFFFFF Exclusive System board Memory C0010000-FFFFFFFF Shared PCI bus Memory DBCF8000-DBCFBFFF Exclusive High Definition Audio Controller Memory DBCFFC00-DBCFFFFF Exclusive Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC Memory DBD00000-DBDFFFFF Exclusive Intel(R) 82801 PCI Bridge - 244E Memory DBDFF800-DBDFFFFF Exclusive VIA 1394 OHCI Compliant Host Controller Memory DBE00000-DBEFFFFF Exclusive Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D6 Memory DBEFE000-DBEFFFFF Exclusive Standard Dual Channel PCI IDE Controller Memory DBF00000-DBFFFFFF Exclusive Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D4 Memory DBFC0000-DBFFFFFF Exclusive Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller Memory DC000000-DCFFFFFF Exclusive NVIDIA GeForce 210 Memory DC000000-DDFFFFFF Exclusive Intel(R) 945G/GZ/GC/P/PL PCI Express Root Port - 2771 Memory DDFFC000-DDFFFFFF Exclusive High Definition Audio Controller Memory DE000000-DFFFFFFF Exclusive NVIDIA GeForce 210 Memory DE000000-EFFFFFFF Exclusive Intel(R) 945G/GZ/GC/P/PL PCI Express Root Port - 2771 Memory E0000000-EFFFFFFF Exclusive NVIDIA GeForce 210 Memory E0000000-EFFFFFFF Exclusive Motherboard resources Memory F0000000-F3FFFFFF Exclusive Motherboard resources Memory FEC00000-FEC00FFF Exclusive Motherboard resources Memory FED00000-FED003FF Exclusive High precision event timer Memory FED13000-FED19FFF Exclusive System board Memory FED1C000-FED1FFFF Exclusive Motherboard resources Memory FED20000-FED8FFFF Exclusive Motherboard resources Memory FEE00000-FEE00FFF Exclusive Motherboard resources Memory FFB00000-FFBFFFFF Exclusive Motherboard resources Memory FFF00000-FFFFFFFE Exclusive Motherboard resources Port 0000-000F Exclusive Direct memory access controller Port 0000-0CF7 Shared PCI bus Port 0010-001F Exclusive Motherboard resources Port 0020-0021 Exclusive Programmable interrupt controller Port 0022-003F Exclusive Motherboard resources Port 0040-0043 Exclusive System timer Port 0044-005F Exclusive Motherboard resources Port 0061-0061 Exclusive System speaker Port 0062-0063 Exclusive Motherboard resources Port 0065-006F Exclusive Motherboard resources Port 0070-0071 Exclusive System CMOS/real time clock Port 0072-007F Exclusive Motherboard resources Port 0080-0080 Exclusive Motherboard resources Port 0081-0083 Exclusive Direct memory access controller Port 0084-0086 Exclusive Motherboard resources Port 0087-0087 Exclusive Direct memory access controller Port 0088-0088 Exclusive Motherboard resources Port 0089-008B Exclusive Direct memory access controller Port 008C-008E Exclusive Motherboard resources Port 008F-008F Exclusive Direct memory access controller Port 0090-009F Exclusive Motherboard resources Port 00A0-00A1 Exclusive Programmable interrupt controller Port 00A2-00BF Exclusive Motherboard resources Port 00C0-00DF Exclusive Direct memory access controller Port 00E0-00EF Exclusive Motherboard resources Port 00F0-00FF Exclusive Numeric data processor Port 0170-0177 Exclusive ATA Channel 1 Port 01F0-01F7 Exclusive ATA Channel 0 Port 0290-0297 Exclusive Motherboard resources Port 0376-0376 Exclusive ATA Channel 1 Port 0378-037F Exclusive ECP Printer Port (LPT1) Port 03B0-03BB Shared NVIDIA GeForce 210 Port 03B0-03BB Undetermined Intel(R) 945G/GZ/GC/P/PL PCI Express Root Port - 2771 Port 03C0-03DF Shared NVIDIA GeForce 210 Port 03C0-03DF Undetermined Intel(R) 945G/GZ/GC/P/PL PCI Express Root Port - 2771 Port 03F0-03F5 Exclusive Standard floppy disk controller Port 03F6-03F6 Exclusive ATA Channel 0 Port 03F7-03F7 Exclusive Standard floppy disk controller Port 03F8-03FF Exclusive Communications Port (COM1) Port 0400-041F Exclusive Intel(R) 82801G (ICH7 Family) SMBus Controller - 27DA Port 0480-04BF Exclusive Motherboard resources Port 04D0-04D1 Exclusive Motherboard resources Port 0778-077F Exclusive ECP Printer Port (LPT1) Port 0800-087F Exclusive Motherboard resources Port 0D00-FFFF Shared PCI bus Port 6000-601F Exclusive Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C8 Port 6400-641F Exclusive Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C9 Port 6800-681F Exclusive Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA Port 7000-701F Exclusive Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB Port 7400-740F Exclusive Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0 Port 7800-7803 Exclusive Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0 Port 8000-8007 Exclusive Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0 Port 8400-8403 Exclusive Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0 Port 8800-8807 Exclusive Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0 Port 9000-9FFF Exclusive Intel(R) 82801 PCI Bridge - 244E Port 9800-987F Exclusive VIA 1394 OHCI Compliant Host Controller Port A000-BFFF Exclusive Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D6 Port A400-A40F Exclusive Standard Dual Channel PCI IDE Controller Port A800-A803 Exclusive Standard Dual Channel PCI IDE Controller Port B000-B007 Exclusive Standard Dual Channel PCI IDE Controller Port B400-B403 Exclusive Standard Dual Channel PCI IDE Controller Port B800-B807 Exclusive Standard Dual Channel PCI IDE Controller Port C000-CFFF Exclusive Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D4 Port D000-DFFF Exclusive Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D0 Port E000-EFFF Exclusive Intel(R) 945G/GZ/GC/P/PL PCI Express Root Port - 2771 Port E800-E87F Exclusive NVIDIA GeForce 210 Port FFA0-FFAF Exclusive Intel(R) 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF --------[ Input ]------------------------------------------------------------------------------------------------------- [ HID Keyboard Device ] Keyboard Properties: Keyboard Name HID Keyboard Device Keyboard Type IBM enhanced (101- or 102-key) keyboard Keyboard Layout United States-International ANSI Code Page 1250 - Central European (Windows) OEM Code Page 852 - Central European (DOS) Repeat Delay 1 Repeat Rate 31 [ HID-compliant mouse ] Mouse Properties: Mouse Name HID-compliant mouse Mouse Buttons 3 Mouse Hand Right Pointer Speed 1 Double-Click Time 500 msec X/Y Threshold 6 / 10 Wheel Scroll Lines 3 Mouse Features: Active Window Tracking Disabled ClickLock Disabled Hide Pointer While Typing Enabled Mouse Wheel Present Move Pointer To Default Button Disabled Pointer Trails Disabled Sonar Disabled --------[ Printers ]---------------------------------------------------------------------------------------------------- [ Canon MP190 series Printer (Default) ] Printer Properties: Printer Name Canon MP190 series Printer Default Printer Yes Share Point Canon MP190 series Printer Printer Port USB001 Printer Driver Canon MP190 series Printer (v12.05) Device Name Canon MP190 series Printer Print Processor Canon MP190 series Print Processor Separator Page None Availability Always Priority 1 Print Jobs Queued 0 Status Unknown Paper Properties: Paper Size A4, 210 x 297 mm Orientation Portrait Print Quality Medium Color Printer Manufacturer: Company Name Canon U.S.A.,Inc. Product Information http://consumer.usa.canon.com/ir/controller?act=ProductCatIndexAct&fcategoryid=103 Driver Update http://www.aida64.com/driver-updates [ Fax ] Printer Properties: Printer Name Fax Default Printer No Share Point Not shared Printer Port SHRFAX: Printer Driver Microsoft Shared Fax Driver (v4.00) Device Name Fax Print Processor winprint Separator Page None Availability Always Priority 1 Print Jobs Queued 0 Status Unknown Paper Properties: Paper Size Letter, 8.5 x 11 in Orientation Portrait Print Quality 200 x 200 dpi Mono [ Microsoft XPS Document Writer ] Printer Properties: Printer Name Microsoft XPS Document Writer Default Printer No Share Point Not shared Printer Port XPSPort: Printer Driver Microsoft XPS Document Writer (v6.00) Device Name Microsoft XPS Document Writer Print Processor winprint Separator Page None Availability 02:00 - 02:00 Priority 1 Print Jobs Queued 0 Status Unknown Paper Properties: Paper Size A4, 210 x 297 mm Orientation Portrait Print Quality 600 x 600 dpi Color [ Send To OneNote 2010 ] Printer Properties: Printer Name Send To OneNote 2010 Default Printer No Share Point Not shared Printer Port nul: Printer Driver Send To Microsoft OneNote 2010 Driver (v6.00) Device Name Send To OneNote 2010 Print Processor winprint Separator Page None Availability 02:00 - 02:00 Priority 1 Print Jobs Queued 0 Status Unknown Paper Properties: Paper Size A4, 210 x 297 mm Orientation Portrait Print Quality 600 x 600 dpi Color --------[ Auto Start ]-------------------------------------------------------------------------------------------------- BCSSync Registry\Common\Run C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices DAEMON Tools Lite Registry\User\Run C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun GoogleChromeAutoLaunch_13816B1E9D024196EF96C0AA83BD2042 Registry\User\Run C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window LogMeIn Hamachi Ui Registry\Common\Run D:\Programe\Hamachi\hamachi-2-ui.exe --auto-start Messenger (Yahoo!) Registry\User\Run D:\Programe\YAHOO!~1\Messenger\YahooMessenger.exe -quiet MSC Registry\Common\Run C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey NvBackend Registry\Common\Run C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe RESTART_STICKY_NOTES Registry\User\Run C:\Windows\System32\StikyNot.exe Samsung Link Registry\Common\Run D:\Programe\Samsung Link\Samsung Link Tray Agent.exe SunJavaUpdateSched Registry\Common\Run C:\Program Files\Common Files\Java\Java Update\jusched.exe uTorrent Registry\User\Run D:\utorrent\uTorrent.exe VX1000 Registry\Common\Run C:\Windows\vVX1000.exe Who Is On My Wifi StartMenu\Common D:\Programe\Who Is On My Wifi\mywifi.exe --------[ Scheduled ]--------------------------------------------------------------------------------------------------- [ {B927A7A2-96F9-4958-9B53-A6731AC9D29B} ] Task Properties: Task Name {B927A7A2-96F9-4958-9B53-A6731AC9D29B} Status Enabled Application Name C:\Windows\system32\pcalua.exe Application Parameters -a "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -d "C:\Program Files\DAEMON Tools Lite" Working Folder Comment Account Name ALEX-PC\ALEX Creator Last Run 10.04.2015 12:44:41 Next Run Unknown [ Adobe Acrobat Update Task ] Task Properties: Task Name Adobe Acrobat Update Task Status Queued Application Name C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Application Parameters Working Folder Comment This task keeps your Adobe Reader and Acrobat applications up to date with the latest enhancements and security fixes Account Name Creator Adobe Systems Incorporated Last Run 10.04.2015 19:51:48 Next Run Unknown Task Triggers: At log on At log on of any user - After triggered, repeat every 3 hours indefinitely [ Adobe Flash Player Updater ] Task Properties: Task Name Adobe Flash Player Updater Status Enabled Application Name C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Application Parameters Working Folder Comment This task keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. If this task is disabled or removed, Adobe Flash Player will be unable to automatically secure your machine with the latest security fixes. Account Name SYSTEM Creator Adobe Systems Incorporated Last Run 10.04.2015 19:27:00 Next Run 10.04.2015 20:27:00 Task Triggers: Daily At 02:27:00 every day - After triggered, repeat every 1 hour for a duration of 1 day [ GoogleUpdateTaskMachineCore ] Task Properties: Task Name GoogleUpdateTaskMachineCore Status Running Application Name C:\Program Files\Google\Update\GoogleUpdate.exe Application Parameters /c Working Folder Comment Menþine software-ul Google actualizat. Dacã aceastã activitate este dezactivatã sau opritã, software-ul dvs. Google nu va fi actualizat, ceea ce înseamnã cã eventualele vulnerabilitãþi de securitate care apar nu pot fi remediate, iar utilizarea anumitor funcþii s-ar putea dovedi imposibilã. Aceastã activitate se dezinstaleazã automat atunci când nu este utilizatã de niciun software Google. Account Name SYSTEM Creator SYSTEM Last Run 10.04.2015 19:39:48 Next Run 11.04.2015 15:11:00 Task Triggers: At log on At log on of any user Daily At 15:11:00 every day [ GoogleUpdateTaskMachineUA ] Task Properties: Task Name GoogleUpdateTaskMachineUA Status Enabled Application Name C:\Program Files\Google\Update\GoogleUpdate.exe Application Parameters /ua /installsource scheduler Working Folder Comment Menþine software-ul Google actualizat. Dacã aceastã activitate este dezactivatã sau opritã, software-ul dvs. Google nu va fi actualizat, ceea ce înseamnã cã eventualele vulnerabilitãþi de securitate care apar nu pot fi remediate, iar utilizarea anumitor funcþii s-ar putea dovedi imposibilã. Aceastã activitate se dezinstaleazã automat atunci când nu este utilizatã de niciun software Google. Account Name SYSTEM Creator SYSTEM Last Run 10.04.2015 20:11:00 Next Run 10.04.2015 21:11:00 Task Triggers: Daily At 15:11:00 every day - After triggered, repeat every 1 hour for a duration of 1 day [ Maxthon Update ] Task Properties: Task Name Maxthon Update Status Enabled Application Name "D:\Programe\Maxthon\Bin\Maxthon.exe" Application Parameters -RunScheduledUpdate Working Folder Comment Account Name ALEX-PC\ALEX Creator ALEX Last Run 10.04.2015 19:54:00 Next Run 10.04.2015 20:24:00 Task Triggers: One time At 19:24:00 on 02.03.2015 - After triggered, repeat every 30 minutes indefinitely --------[ Installed Programs ]------------------------------------------------------------------------------------------ µTorrent 2.2.1 Unknown uTorrent Adobe [ TRIAL VERSION ] 17.0.0.134 Unknown Adobe F [ TRIAL VERSION ] Adobe Systems Incorporated Adobe [ TRIAL VERSION ] 11.0.10 Unknown {AC76BA [ TRIAL VERSION ] Adobe Systems Incorporated 2015-01-17 Adobe [ TRIAL VERSION ] 1.8.0 Unknown {AC76BA [ TRIAL VERSION ] Adobe Systems Incorporated 2015-01-18 AIDA64 [ TRIAL VERSION ] 5.20 Unknown AIDA64 [ TRIAL VERSION ] FinalWire Ltd. 2015-04-10 AllSha [ TRIAL VERSION ] 1.3.23 Unknown {1C2A40 [ TRIAL VERSION ] Samsung 2015-03-01 Androi [ TRIAL VERSION ] 1.0 Unknown Android [ TRIAL VERSION ] Google Inc. Athero [ TRIAL VERSION ] 1.0.11.1 Unknown {6E19F2 [ TRIAL VERSION ] Atheros Communications Inc. 2015-04-06 Audaci [ TRIAL VERSION ] 2.0.6 Unknown Audacit [ TRIAL VERSION ] Audacity Team 2015-03-26 BS.Pla [ TRIAL VERSION ] 2.68.1077 Unknown BSPlaye [ TRIAL VERSION ] AB Team, d.o.o. Canon [ TRIAL VERSION ] 4.5.0 Unknown Easy-Ph [ TRIAL VERSION ] Canon Inc. Canon [ TRIAL VERSION ] Unknown MP Navi [ TRIAL VERSION ] Cheat [ TRIAL VERSION ] Unknown Cheat E [ TRIAL VERSION ] Cheat Engine 2015-03-02 Counte [ TRIAL VERSION ] Unknown Counter [ TRIAL VERSION ] Counte [ TRIAL VERSION ] 1.34.4.5 Unknown {BD051F [ TRIAL VERSION ] Strogino CS Portal 2015-01-23 D3DX10 15.4.2368.0902 Unknown {E09C4DB7-630C-4F06-A631-8EA7239923AF} Microsoft 2014-12-23 DAEMON Tools Lite 4.49.1.0356 Unknown DAEMON Tools Lite Disc Soft Ltd Data Lifeguard Diagnostic for Windows 1.27 Unknown {519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1 Western Digital Corporation 2014-12-31 Definition Update for Microsoft Office 2010 (KB2956207) 32-Bit Edition Unknown {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{0E5D2277-B9CB-4FD2-92B7-7D145B0CE418} Microsoft Gadwin PrintScreen (32-Bit) 5.4.2.0 Unknown {40475700-0CC9-4B2C-A365-293E82D784BC} Gadwin Systems 2015-03-28 Google Chrome 41.0.2272.118 Unknown Google Chrome Google Inc. 2014-12-24 Google Update Helper 1.3.25.11 Unknown {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Inc. 2014-12-24 Google Update Helper 1.3.26.9 Unknown {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} Google Inc. 2015-02-05 Growtopia (remove only) Unknown Growtopia ImgBurn 2.5.8.0 Unknown ImgBurn LIGHTNING UK! 2015-04-10 Java 7 Update 75 7.0.750 Unknown {26A24AE4-039D-4CA4-87B4-2F03217075FF} Oracle 2015-04-06 Java Auto Updater 2.1.75.13 Unknown {4A03706F-666A-4037-7777-5F2748764D10} Oracle, Inc. 2015-04-06 LogMeIn Hamachi 2.2.0.328 Unknown {80EE9168-BB59-4F87-BF1A-57C137EAF714} LogMeIn, Inc. 2015-03-31 Magic 2015 Unknown Magic 2015_is1 2015-01-21 Maxthon Cloud Browser 4.4.4.2000 Unknown Maxthon3 Maxthon International Limited MicroMachines V4 [english] 1.01.0000 Unknown {E4511CEC-2E60-4076-95B6-0E193269EB86} Codemasters 2015-03-15 Microsoft .NET Framework 4.5.2 4.5.51209 Unknown {3911CF56-9EF2-39BA-846A-C27BD3CD0685} Microsoft Corporation 2015-01-27 Microsoft Application Error Reporting 12.0.6012.5000 Unknown {95120000-00B9-0409-0000-0000000FF1CE} Microsoft Corporation 2014-12-23 Microsoft Mathematics Add-in (32-bit) 2.0.040811.01 Unknown {E2C98732-F973-4985-A9C5-DC06178E16EE} Microsoft Corporation 2015-01-12 Microsoft Office Access MUI (English) 2010 14.0.4734.1000 Unknown {90140000-0015-0409-0000-0000000FF1CE} Microsoft Corporation 2015-01-05 Microsoft Office Access Setup Metadata MUI (English) 2010 14.0.4734.1000 Unknown {90140000-0117-0409-0000-0000000FF1CE} Microsoft Corporation 2015-01-05 Microsoft Office Excel MUI (English) 2010 14.0.4734.1000 Unknown {90140000-0016-0409-0000-0000000FF1CE} Microsoft Corporation 2015-01-05 Microsoft Office Groove MUI (English) 2010 14.0.4734.1000 Unknown {90140000-00BA-0409-0000-0000000FF1CE} Microsoft Corporation 2015-01-05 Microsoft Office InfoPath MUI (English) 2010 14.0.4734.1000 Unknown {90140000-0044-0409-0000-0000000FF1CE} Microsoft Corporation 2015-01-05 Microsoft Office OneNote MUI (English) 2010 14.0.4734.1000 Unknown {90140000-00A1-0409-0000-0000000FF1CE} Microsoft Corporation 2015-01-05 Microsoft Office Outlook MUI (English) 2010 14.0.4734.1000 Unknown {90140000-001A-0409-0000-0000000FF1CE} Microsoft Corporation 2015-01-05 Microsoft Office PowerPoint MUI (English) 2010 14.0.4734.1000 Unknown {90140000-0018-0409-0000-0000000FF1CE} Microsoft Corporation 2015-01-05 Microsoft Office Professional Plus 2010 14.0.4734.1000 Unknown {90140000-0011-0000-0000-0000000FF1CE} Microsoft Corporation 2015-03-11 Microsoft Office Proof (English) 2010 14.0.4734.1000 Unknown {90140000-001F-0409-0000-0000000FF1CE} Microsoft Corporation 2015-01-05 Microsoft Office Proof (French) 2010 [french (france)] 14.0.4734.1000 Unknown {90140000-001F-040C-0000-0000000FF1CE} Microsoft Corporation 2015-01-05 Microsoft Office Proof (Spanish) 2010 [spanish (spain, international sort)] 14.0.4734.1000 Unknown {90140000-001F-0C0A-0000-0000000FF1CE} Microsoft Corporation 2015-01-05 Microsoft Office Proofing (English) 2010 14.0.4734.1000 Unknown {90140000-002C-0409-0000-0000000FF1CE} Microsoft Corporation 2015-01-05 Microsoft Office Publisher MUI (English) 2010 14.0.4734.1000 Unknown {90140000-0019-0409-0000-0000000FF1CE} Microsoft Corporation 2015-01-05 Microsoft Office Shared MUI (English) 2010 14.0.4734.1000 Unknown {90140000-006E-0409-0000-0000000FF1CE} Microsoft Corporation 2015-01-05 Microsoft Office Shared Setup Metadata MUI (English) 2010 14.0.4734.1000 Unknown {90140000-0115-0409-0000-0000000FF1CE} Microsoft Corporation 2015-01-05 Microsoft Office Word MUI (English) 2010 14.0.4734.1000 Unknown {90140000-001B-0409-0000-0000000FF1CE} Microsoft Corporation 2015-01-05 Microsoft Security Client 4.7.0205.0 Unknown {D6F9CBDC-58B6-430A-8DD4-8F61CBC1ADF4} Microsoft Corporation 2015-02-12 Microsoft Security Essentials 4.7.205.0 Unknown Microsoft Security Client Microsoft Corporation 2015-02-12 Microsoft Silverlight 5.1.30514.0 Unknown {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Corporation 2014-12-23 Microsoft SQL Server 2005 Compact Edition [ENU] 3.1.0000 Unknown {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Corporation 2014-12-23 Microsoft Visual C++ 2005 Redistributable 8.0.61001 Unknown {710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Corporation 2015-03-26 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161 Unknown {9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Corporation 2015-02-01 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219 Unknown {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Microsoft Corporation 2015-02-12 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0 Unknown {33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} Microsoft Corporation Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030 Unknown {B175520C-86A2-35A7-8619-86DC379688B9} Microsoft Corporation 2015-02-12 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030 Unknown {BD95A8CD-1D9F-35AD-981A-3E7925026EBB} Microsoft Corporation 2015-02-12 Microsoft Visual Studio 2010 Tools for Office Runtime (x86) 10.0.50903 Unknown Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft Corporation Microsoft Visual Studio 2010 Tools for Office Runtime (x86) 10.0.50908 Unknown {4DC59BF3-0D72-3CE8-BFEF-1E8FAF689EB0} Microsoft Corporation 2015-02-12 mIRC 7.41 Unknown mIRC mIRC Co. Ltd. MP3 Toolkit 1.0.5 Unknown MP3 Toolkit_is1 MP3Toolkit.com 2015-01-06 MSVCRT 15.4.2862.0708 Unknown {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} Microsoft 2014-12-23 Need for Speed™ Most Wanted Unknown {ADE91A13-434D-4229-00BC-182BAD607303} Notepad++ 6.7.5 Unknown Notepad++ Notepad++ Team NVIDIA 3D Vision Driver 341.44 [romanian (romania)] 341.44 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision NVIDIA Corporation 2015-02-25 NVIDIA Control Panel 341.44 [romanian (romania)] 341.44 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel NVIDIA Corporation 2015-02-25 NVIDIA Graphics Driver 341.44 [romanian (romania)] 341.44 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver NVIDIA Corporation 2015-02-25 NVIDIA HD Audio Driver 1.3.30.1 [romanian (romania)] 1.3.30.1 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver NVIDIA Corporation 2015-02-26 NVIDIA Install Application [romanian (romania)] 2.1002.171.1331 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer NVIDIA Corporation 2015-02-26 NVIDIA Stereoscopic 3D Driver 7.17.12.6514 Unknown NVIDIAStereo NVIDIA Corporation NVIDIA Update 10.4.0 [romanian (romania)] 10.4.0 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update NVIDIA Corporation 2014-12-23 NVIDIA Update Core [romanian (romania)] 10.4.0 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core NVIDIA Corporation 2014-12-23 Oracle VM VirtualBox 4.3.26 4.3.26 Unknown {26B8608D-6C29-4171-9751-67621C834AA3} Oracle Corporation 2015-04-10 Plants vs. Zombies Unknown Plants vs. Zombies PopCap Games Portal 2 Unknown Postal 2_is1 2015-01-04 Robocraft Unknown Steam App 301520 Freejam Samsung Link 2.0.0.1503181422 2.0.0.1503181422 Unknown 8474-7877-9059-0204 Copyright 2013 SAMSUNG Sierra Utilities Unknown Sierra Utilities Skype Click to Call 7.3.16540.9015 Unknown {6D1221A9-17BF-4EC0-81F2-27D30EC30701} Microsoft Corporation 2014-12-26 Skype™ 7.2 7.2.103 Unknown {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7} Skype Technologies S.A. 2015-03-11 Steam 2.10.91.91 Unknown Steam Valve Corporation System Requirements Lab CYRI 6.0.21.0 Unknown {906B34E5-573C-445A-A5D3-40B6BF0A2EC4} Husdawg, LLC 2015-01-04 TeamViewer 10 10.0.40798 Unknown TeamViewer TeamViewer Tv_Online Unknown Tv_Online Tv Online Uninstall Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Virtua [ TRIAL VERSION ] 1.00.0000 Unknown {9B6354 [ TRIAL VERSION ] SEGA 2015-03-08 Vista [ TRIAL VERSION ] 2.0 Unknown {47609E [ TRIAL VERSION ] Frameworkx 2015-04-06 Who Is [ TRIAL VERSION ] 3.0.2 Unknown {010D45 [ TRIAL VERSION ] IO3O LLC 2015-04-01 Window [ TRIAL VERSION ] 2.0.5000.0 Unknown {AB05F2 [ TRIAL VERSION ] Microsoft Corporation 2015-04-10 Window [ TRIAL VERSION ] 1.0.30 Unknown {CCF298 [ TRIAL VERSION ] Microsoft Corporation 2015-04-10 Window [ TRIAL VERSION ] 15.4.3502.0922 Unknown {D45240 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 15.4.3502.0922 Unknown {FE0442 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 15.4.3555.0308 Unknown WinLive [ TRIAL VERSION ] Microsoft Corporation Window [ TRIAL VERSION ] 15.4.3555.0308 Unknown {247C5D [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 15.4.3555.0308 Unknown {2D6E3D [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 7.250.4232.0 Unknown {C6150D [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 15.4.3502.0922 Unknown {0B0F23 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 15.4.3502.0922 Unknown {19BA08 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 15.4.3502.0922 Unknown {92EA41 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 15.4.3502.0922 Unknown {D436F5 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 15.4.3502.0922 Unknown {A9BDCA [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 15.4.3502.0922 Unknown {34F4D9 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 15.4.3502.0922 Unknown {3336F6 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 15.4.3508.1109 Unknown {83C292 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 15.4.3502.0922 Unknown {200FEC [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 15.4.3502.0922 Unknown {682B3E [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 15.4.3508.1109 Unknown {579684 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 15.4.3502.0922 Unknown {CE95A7 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 WinRAR [ TRIAL VERSION ] 5.20.0 Unknown WinRAR [ TRIAL VERSION ] win.rar GmbH WinSCP [ TRIAL VERSION ] 5.7.1 Unknown winscp3 [ TRIAL VERSION ] Martin Prikryl 2015-04-09 Yahoo! Messenger Unknown Yahoo! Messenger Yahoo! Inc. YTD Video Downloader 4.8.9 4.8.9 Unknown {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} GreenTree Applications SRL --------[ Licenses ]---------------------------------------------------------------------------------------------------- Microsoft Internet Explorer 9.11.9600.17691 342DG- [ TRIAL VERSION ] Microsoft Office Professional Plus 2010 VYBBJ- [ TRIAL VERSION ] Microsoft Windows 7 Ultimate 342DG- [ TRIAL VERSION ] --------[ File Types ]-------------------------------------------------------------------------------------------------- 386 Virtual Device Driver 3G2 3GPP2 Audio/Video video/3gpp2 3GP 3GPP Audio/Video video/3gpp 3GP2 3GPP2 Audio/Video video/3gpp2 3GPP 3GPP Audio/Video video/3gpp 7Z WinRAR archive AAC ADTS Audio audio/vnd.dlna.adts ACCDA Microsoft Access Add-in application/msaccess.addin ACCDB Microsoft Access Database application/msaccess ACCDC Microsoft Access Signed Package application/msaccess.cab ACCDE Microsoft Access ACCDE Database application/msaccess.exec ACCDR Microsoft Access Runtime Application application/msaccess.runtime ACCDT Microsoft Access Template application/msaccess.template ACCDU Microsoft Access Add-in Data ACCDW Microsoft Access Web Application application/msaccess.webapplication ACCFT Microsoft Access Template application/msaccess.ftemplate ACE WinRAR archive ACL AutoCorrect List File ACROBATSECURITYSETTINGS Adobe Acrobat Security Settings Document application/vnd.adobe.acrobat-security-settings ADE Microsoft Access Project Extension application/msaccess ADN Microsoft Access Blank Project Template ADP Microsoft Access Project application/msaccess ADT ADTS Audio audio/vnd.dlna.adts ADTS ADTS Audio audio/vnd.dlna.adts AIF AIFF Format Sound audio/aiff AIFC AIFF Format Sound audio/aiff AIFF AIFF Format Sound audio/aiff ANI Animated Cursor API API File APPLICATION Application Manifest application/x-ms-application APPREF-MS Application Reference ARJ WinRAR archive ASA ASA File ASF Windows Media Audio/Video file video/x-ms-asf ASP ASP File ASX Windows Media Audio/Video playlist video/x-ms-asf AU AU Format Sound audio/basic AUP Audacity Project File AVI Video Clip video/avi AW Answer Wizard File B5T B5T File B6T B6T File BAT Windows Batch File BLG Performance Monitor File BMP Bitmap Image image/bmp BSP BSP File BWT BWT File BZ WinRAR archive BZ2 WinRAR archive C2R C2R File CAB WinRAR archive CAMP WCS Viewing Condition Profile CAT Security Catalog application/vnd.ms-pki.seccat CCD CCD File CDA CD Audio Track CDI CDI File CDMP WCS Device Profile CDX CDX File CER Security Certificate application/x-x509-ca-cert CETRAINER Cheat Engine CHESSTITANSSAVE-MS .ChessTitansSave-ms CHK Recovered File Fragments CHM Compiled HTML Help file CMD Windows Command Script COM MS-DOS Application COMFYCAKESSAVE-MS .ComfyCakesSave-ms COMPOSITEFONT Composite Font File CONTACT Contact File text/x-ms-contact CPL Control Panel Item CRD Information Card CRDS Information Card Store CRL Certificate Revocation List application/pkix-crl CRT Security Certificate application/x-x509-ca-cert CRTX Microsoft Office Chart Template CSS Cascading Style Sheet Document text/css CSV Microsoft Excel Comma Separated Values File application/vnd.ms-excel CT Cheat Engine CUE CUE File CUR Cursor DB Data Base File DEM DEM File DER Security Certificate application/x-x509-ca-cert DESKLINK Desktop Shortcut DET Office Data File DIAGCAB Diagnostic Cabinet DIAGCFG Diagnostic Configuration DIAGPKG Diagnostic Document DIB Bitmap Image image/bmp DIC Text Document DLL Application Extension application/x-msdownload DOC Microsoft Word 97 - 2003 Document application/msword DOCHTML Microsoft Word HTML Document DOCM Microsoft Word Macro-Enabled Document application/vnd.ms-word.document.macroEnabled.12 DOCMHTML DOCMHTML File DOCX Microsoft Word Document application/vnd.openxmlformats-officedocument.wordprocessingml.document DOCXML Microsoft Word XML Document DOT Microsoft Word 97 - 2003 Template application/msword DOTHTML Microsoft Word HTML Template DOTM Microsoft Word Macro-Enabled Template application/vnd.ms-word.template.macroEnabled.12 DOTX Microsoft Word Template application/vnd.openxmlformats-officedocument.wordprocessingml.template DQY Microsoft Excel ODBC Query files DRV Device Driver DSN Microsoft OLE DB Provider for ODBC Drivers DVR Microsoft Recorded TV Show DVR-MS Microsoft Recorded TV Show DWFX XPS Document model/vnd.dwfx+xps EASMX XPS Document model/vnd.easmx+xps EDRWX XPS Document model/vnd.edrwx+xps EL1 EL1 File EL2 EL2 File EL3 EL3 File EL4 EL4 File EL5 EL5 File EL6 EL6 File EL7 EL7 File EL8 EL8 File ELM Microsoft Office Themes File EMF EMF File EML E-mail Message EPRTX XPS Document model/vnd.eprtx+xps EVT EVT File EVTX EVTX File EXC Text Document EXE Application application/x-msdownload FDF Adobe Acrobat Forms Document application/vnd.fdf FDM Outlook Form Definition FON Font file FREECELLSAVE-MS .FreeCellSave-ms GADGET Windows Gadget GCSX Microsoft Office SmartArt Graphic Color Variation GFS Microsoft SharePoint Workspace Remote File GIF GIF Image image/gif GLK Microsoft SharePoint Workspace Shortcut GLOX Microsoft Office SmartArt Graphic Layout GMMP WCS Gamut Mapping Profile GQSX Microsoft Office SmartArt Graphic Quick Style GRA Microsoft Graph Chart GROUP Contact Group File text/x-ms-group GRP Microsoft Program Group GRV Microsoft SharePoint Workspace File application/vnd.groove-injector GSA Microsoft SharePoint Workspace Space Archive GTA Microsoft SharePoint Workspace Tool Archive GZ WinRAR archive H1C Windows Help Collection Definition File H1D Windows Help Validator File H1F Windows Help Include File H1H Windows Help Merged Hierarchy H1K Windows Help Index File H1Q Windows Help Merged Query Index H1S Compiled Windows Help file H1T Windows Help Table of Contents File H1V Windows Help Virtual Topic Definition File H1W Windows Help Merged Keyword Index HDD Virtual Hard Disk application/x-virtualbox-hdd HEARTSSAVE-MS .HeartsSave-ms HLP Help File HOL Outlook Holidays HTA HTML Application application/hta HTM HTML Document text/html HTML HTML Document text/html HXA Microsoft Help Attribute Definition File application/xml HXC Microsoft Help Collection Definition File application/xml HXD Microsoft Help Validator File application/octet-stream HXE Microsoft Help Samples Definition File application/xml HXF Microsoft Help Include File application/xml HXH Microsoft Help Merged Hierarchy File application/octet-stream HXI Microsoft Help Compiled Index File application/octet-stream HXK Microsoft Help Index File application/xml HXQ Microsoft Help Merged Query Index File application/octet-stream HXR Microsoft Help Merged Attribute Index File application/octet-stream HXS Microsoft Help Compiled Storage File application/octet-stream HXT Microsoft Help Table of Contents File application/xml HXV Microsoft Help Virtual Topic Definition File application/xml HXW Microsoft Help Attribute Definition File application/octet-stream ICC ICC Profile ICL Icon Library ICM ICC Profile ICO Icon image/x-icon ICS iCalendar File text/calendar IMG Disc Image File INF Setup Information INFOPATHXML Microsoft InfoPath Form application/ms-infopath.xml INI Configuration Settings IQY Microsoft Excel Web Query File text/x-ms-iqy ISO ISO File ISZ ISZ File JAR Executable Jar File JFIF JPEG Image image/jpeg JNLP JNLP File application/x-java-jnlp-file JNT Journal Document JOB Task Scheduler Task Object JOD Microsoft.Jet.OLEDB.4.0 JPE JPEG Image image/jpeg JPEG JPEG Image image/jpeg JPG JPEG Image image/jpeg JPS JPS File image/jps JS JavaScript File JSE JScript Encoded File JTP Journal Template JTX XPS Document application/x-jtx+xps LABEL Property List LACCDB Microsoft Access Record-Locking Information LDB Microsoft Access Record-Locking Information LEX Dictionary File LHA WinRAR archive LIBRARY-MS Library Folder application/windows-library+xml LNK Shortcut LOG Text Document LZH WinRAR archive M1V Movie Clip video/mpeg M2T AVCHD Video video/vnd.dlna.mpeg-tts M2TS AVCHD Video video/vnd.dlna.mpeg-tts M2V Movie Clip video/mpeg M3U M3U file audio/x-mpegurl M4A MPEG-4 Audio audio/mp4 M4V MP4 Video video/mp4 MAD Microsoft Access Module Shortcut MAF Microsoft Access Form Shortcut MAG Microsoft Access Diagram Shortcut MAHJONGTITANSSAVE-MS .MahjongTitansSave-ms MAM Microsoft Access Macro Shortcut MAPIMAIL Mail Service MAQ Microsoft Access Query Shortcut MAR Microsoft Access Report Shortcut MAS Microsoft Access Stored Procedure Shortcut MAT Microsoft Access Table Shortcut MAU MAU File MAV Microsoft Access View Shortcut MAW Microsoft Access Data Access Page Shortcut MCL MCL File MDA Microsoft Access Add-in application/msaccess MDB Microsoft Access Database application/msaccess MDBHTML Microsoft Access HTML Document MDE Microsoft Access MDE Database application/msaccess MDF MDF File MDN Microsoft Access Blank Database Template MDS MDS File MDT Microsoft Access Add-in Data MDW Microsoft Access Workgroup Information MDX MDX File MGC Media Catalog File MHT MHTML Document message/rfc822 MHTML MHTML Document message/rfc822 MID MIDI Sequence audio/mid MIDI MIDI Sequence audio/mid MIG Migration Store MINESWEEPERSAVE-MS .MinesweeperSave-ms MLC Language Pack File_ MML Media Catalog File MMW Media Catalog File MOD Movie Clip video/mpeg MOV QuickTime Movie video/quicktime MP2 MP3 Format Sound audio/mpeg MP2V Movie Clip video/mpeg MP3 MP3 Format Sound audio/mpeg MP4 MP4 Video video/mp4 MP4V MP4 Video video/mp4 MPA Movie Clip video/mpeg MPE Movie Clip video/mpeg MPEG Movie Clip video/mpeg MPF Clip Organizer Media Package File application/vnd.ms-mediapackage MPG Movie Clip video/mpeg MPO MPO File image/mpo MPV2 Movie Clip video/mpeg MSC Microsoft Common Console Document MSDVD MSDVD File MSG Outlook Item MSI Windows Installer Package MSP Windows Installer Patch MSRCINCIDENT Windows Remote Assistance Invitation MSSTYLES Windows Visual Style File MSU Microsoft Update Standalone Package MTS AVCHD Video video/vnd.dlna.mpeg-tts MURL Maxthon Url File MXADDON Maxthon Addon File MXDIC Maxthon Dictionary File MXSKIN Maxthon Skin File MYDOCS MyDocs Drop Target NFO MSInfo Configuration File NK2 Outlook Nickname File NRG NRG File OCX ActiveX control ODC Microsoft Office Data Connection text/x-ms-odc ODCCUBEFILE ODCCUBEFILE File ODCDATABASEFILE ODCDATABASEFILE File ODCNEWFILE ODCNEWFILE File ODCTABLEFILE ODCTABLEFILE File ODP OpenDocument Presentation application/vnd.oasis.opendocument.presentation ODS OpenDocument Spreadsheet application/vnd.oasis.opendocument.spreadsheet ODT OpenDocument Text application/vnd.oasis.opendocument.text OFS Outlook Form Regions OFT Outlook Item Template OLS Microsoft Office List Shortcut application/vnd.ms-publisher ONE Microsoft OneNote Section application/msonenote ONEPKG Microsoft OneNote Single File Package application/msonenote ONETOC Microsoft OneNote 2003 Table Of Contents ONETOC2 Microsoft OneNote Table Of Contents OPC Microsoft Clean-up Wizard File OQY Microsoft Excel OLAP Query File OSDX OpenSearch Description File application/opensearchdescription+xml OST Outlook Data File OTF OpenType Font file OTM Outlook VBA Project File OVA Open Virtualization Format Archive application/x-virtualbox-ova OVF Open Virtualization Format application/x-virtualbox-ovf OXPS Open XPS Document P10 Certificate Request application/pkcs10 P12 Personal Information Exchange application/x-pkcs12 P7B PKCS #7 Certificates application/x-pkcs7-certificates P7C Digital ID File application/pkcs7-mime P7M PKCS #7 MIME Message application/pkcs7-mime P7R Certificate Request Response application/x-pkcs7-certreqresp P7S PKCS #7 Signature application/pkcs7-signature PAB Outlook Personal Address Book PARTIAL Partial Download PBK Dial-Up Phonebook PCB PCB File PDF Adobe Acrobat Document application/pdf PDFXML Adobe Acrobat PDFXML Document application/vnd.adobe.pdfxml PDX Acrobat Catalog Index application/vnd.adobe.pdx PERFMONCFG Performance Monitor Configuration PFM Type 1 Font file PFX Personal Information Exchange application/x-pkcs12 PIF Shortcut to MS-DOS Program PKO Public Key Security Object application/vnd.ms-pki.pko PNF Precompiled Setup Information PNG PNG Image image/png PNS PNS File image/pns POT Microsoft PowerPoint 97-2003 Template application/vnd.ms-powerpoint POTHTML Microsoft PowerPoint HTML Template POTM Microsoft PowerPoint Macro-Enabled Design Template application/vnd.ms-powerpoint.template.macroEnabled.12 POTX Microsoft PowerPoint Template application/vnd.openxmlformats-officedocument.presentationml.template PPA Microsoft PowerPoint 97-2003 Addin application/vnd.ms-powerpoint PPAM Microsoft PowerPoint Addin application/vnd.ms-powerpoint.addin.macroEnabled.12 PPS Microsoft PowerPoint 97-2003 Slide Show application/vnd.ms-powerpoint PPSM Microsoft PowerPoint Macro-Enabled Slide Show application/vnd.ms-powerpoint.slideshow.macroEnabled.12 PPSX Microsoft PowerPoint Slide Show application/vnd.openxmlformats-officedocument.presentationml.slideshow PPT Microsoft PowerPoint 97-2003 Presentation application/vnd.ms-powerpoint PPTHTML Microsoft PowerPoint HTML Document PPTM Microsoft PowerPoint Macro-Enabled Presentation application/vnd.ms-powerpoint.presentation.macroEnabled.12 PPTMHTML PPTMHTML File PPTX Microsoft PowerPoint Presentation application/vnd.openxmlformats-officedocument.presentationml.presentation PPTXML Microsoft PowerPoint XML Presentation PRF PICS Rules File application/pics-rules PRINTEREXPORT Printer Migration File PS1 PS1 File PS1XML PS1XML File PSC1 PSC1 File application/PowerShell PSD1 PSD1 File PSM1 PSM1 File PST Outlook Data File PUB Microsoft Publisher Document application/vnd.ms-publisher PUBHTML PUBHTML File PUBMHTML PUBMHTML File PURBLEPAIRSSAVE-MS .PurblePairsSave-ms PURBLESHOPSAVE-MS .PurbleShopSave-ms PWZ Microsoft PowerPoint Wizard application/vnd.ms-powerpoint QDS Directory Query R00 WinRAR archive R01 WinRAR archive R02 WinRAR archive R03 WinRAR archive R04 WinRAR archive R05 WinRAR archive R06 WinRAR archive R07 WinRAR archive R08 WinRAR archive R09 WinRAR archive R10 WinRAR archive R11 WinRAR archive R12 WinRAR archive R13 WinRAR archive R14 WinRAR archive R15 WinRAR archive R16 WinRAR archive R17 WinRAR archive R18 WinRAR archive R19 WinRAR archive R20 WinRAR archive R21 WinRAR archive R22 WinRAR archive R23 WinRAR archive R24 WinRAR archive R25 WinRAR archive R26 WinRAR archive R27 WinRAR archive R28 WinRAR archive R29 WinRAR archive RAR WinRAR archive RAT Rating System File application/rat-file RDP Remote Desktop Connection REG Registration Entries RELS XML Document RESMONCFG Resource Monitor Configuration REV RAR recovery volume RLE RLE File RLL Application Extension RMI MIDI Sequence audio/mid RQY Microsoft Excel OLE DB Query files text/x-ms-rqy RTF Rich Text Format application/msword SAV SAV File SCF Windows Explorer Command SCP Text Document SCR Screen saver SCT Windows Script Component text/scriptlet SDF SQL Server Compact Edition Database File SEARCHCONNECTOR-MS Search Connector Folder application/windows-search-connector+xml SEARCH-MS Saved Search SECSTORE SECSTORE File SFCACHE ReadyBoost Cache File SKYPE Skype Content application/x-skype SLDM Microsoft PowerPoint Macro-Enabled Slide application/vnd.ms-powerpoint.slide.macroEnabled.12 SLDX Microsoft PowerPoint Slide application/vnd.openxmlformats-officedocument.presentationml.slide SLK Microsoft Excel SLK Data Import Format application/vnd.ms-excel SLUPKG-MS XrML Digital License Package application/x-ms-license SND AU Format Sound audio/basic SOLITAIRESAVE-MS .SolitaireSave-ms SPC PKCS #7 Certificates application/x-pkcs7-certificates SPIDERSOLITAIRESAVE-MS .SpiderSolitaireSave-ms SST Microsoft Serialized Certificate Store application/vnd.ms-pki.certstore STL Certificate Trust List application/vnd.ms-pki.stl SVG SVG File image/svg+xml SWF SWF File application/x-shockwave-flash SYS System file TAR WinRAR archive TAZ WinRAR archive TBZ WinRAR archive TBZ2 WinRAR archive TGZ WinRAR archive THEME Windows Theme File THEMEPACK Windows Theme Pack THMX Microsoft Office Theme application/vnd.ms-officetheme TIF TIF File image/tiff TIFF TIFF File image/tiff TS MPEG-2 TS Video video/vnd.dlna.mpeg-tts TTC TrueType Collection Font file TTF TrueType Font file TTS MPEG-2 TS Video video/vnd.dlna.mpeg-tts TVC TVC File TVLINK TVLINK File TVS TVS File TXT Text Document text/plain TXZ WinRAR archive UDL Microsoft Data Link URL URL File UU WinRAR archive UUE WinRAR archive UXDC UXDC File VBE VBScript Encoded File VBOX VirtualBox Machine Definition application/x-virtualbox-vbox VBOX-EXTPACK VirtualBox Extension Pack application/x-virtualbox-vbox-extpack VBS VBScript Script File VCF vCard File text/x-vcard VCG Microsoft SharePoint Workspace VCard application/vnd.groove-vcard VCS vCalendar File VDI Virtual Disk Image application/x-virtualbox-vdi VDX Microsoft Visio Document application/vnd.ms-visio.viewer VHD Virtual Hard Disk application/x-virtualbox-vhd VMDK Virtual Machine Disk Format application/x-virtualbox-vmdk VSD Microsoft Visio Document application/vnd.ms-visio.viewer VSS Microsoft Visio Document application/vnd.ms-visio.viewer VST Microsoft Visio Document application/vnd.ms-visio.viewer VSTO VSTO Deployment Manifest application/x-ms-vsto VSX Microsoft Visio Document application/vnd.ms-visio.viewer VTX Microsoft Visio Document application/vnd.ms-visio.viewer VXD Virtual Device Driver WAB Address Book File WAV Wave Sound audio/wav WAX Windows Media Audio shortcut audio/x-ms-wax WBCAT Windows Backup Catalog File WBK Microsoft Word Backup Document application/msword WCX Workspace Configuration File WDP Windows Media Photo image/vnd.ms-photo WEBP WebP File WEBPNP Web Point And Print File WEBSITE Pinned Site Shortcut application/x-mswebsite WIZ Microsoft Word Wizard application/msword WIZHTML Microsoft Access HTML Template WLL WLL File WLPGINSTALL WLPGINSTALL File application/x-wlpg-detect WLPGINSTALL3 WLPGINSTALL3 File application/x-wlpg3-detect WM Windows Media Audio/Video file video/x-ms-wm WMA Windows Media Audio file audio/x-ms-wma WMD Windows Media Player Download Package application/x-ms-wmd WMDB Windows Media Library WMF WMF File WMS Windows Media Player Skin File WMV Windows Media Audio/Video file video/x-ms-wmv WMX Windows Media Audio/Video playlist video/x-ms-wmx WMZ Windows Media Player Skin Package application/x-ms-wmz WPL Windows Media playlist application/vnd.ms-wpl WSC Windows Script Component text/scriptlet WSF Windows Script File WSH Windows Script Host Settings File WTV Windows Recorded TV Show WTX Text Document WVX Windows Media Audio/Video playlist video/x-ms-wvx XAML Windows Markup File application/xaml+xml XBAP XAML Browser Application application/x-ms-xbap XDP Adobe Acrobat XML Data Package File application/vnd.adobe.xdp+xml XEVGENXML XEVGENXML File XFDF Adobe Acrobat Forms Document application/vnd.adobe.xfdf XHT XHTML Document application/xhtml+xml XHTML XHTML Document application/xhtml+xml XLA Microsoft Excel Add-In application/vnd.ms-excel XLAM Microsoft Excel Add-In application/vnd.ms-excel.addin.macroEnabled.12 XLD Microsoft Excel 5.0 DialogSheet application/vnd.ms-excel XLK Microsoft Excel Backup File application/vnd.ms-excel XLL Microsoft Excel XLL Add-In application/vnd.ms-excel XLM Microsoft Excel 4.0 Macro application/vnd.ms-excel XLS Microsoft Excel 97-2003 Worksheet application/vnd.ms-excel XLSB Microsoft Excel Binary Worksheet application/vnd.ms-excel.sheet.binary.macroEnabled.12 XLSHTML Microsoft Excel HTML Document XLSM Microsoft Excel Macro-Enabled Worksheet application/vnd.ms-excel.sheet.macroEnabled.12 XLSMHTML XLSMHTML File XLSX Microsoft Excel Worksheet application/vnd.openxmlformats-officedocument.spreadsheetml.sheet XLT Microsoft Excel Template application/vnd.ms-excel XLTHTML Microsoft Excel HTML Template XLTM Microsoft Excel Macro-Enabled Template application/vnd.ms-excel.template.macroEnabled.12 XLTX Microsoft Excel Template application/vnd.openxmlformats-officedocument.spreadsheetml.template XLW Microsoft Excel Workspace application/vnd.ms-excel XLXML Microsoft Excel XML Worksheet XML XML Document text/xml XPS XPS Document application/vnd.ms-xpsdocument XRM-MS XrML Digital License text/xml XSF Microsoft InfoPath Form Definition File XSL XSL Stylesheet text/xml XSN Microsoft InfoPath Form Template XTP Microsoft InfoPath Template Part File XTP2 Microsoft InfoPath Template Part File XXE WinRAR archive XZ WinRAR archive YMG Messenger Class application/ymsgr YPS Messenger Class application/ymsgr Z WinRAR archive ZFSENDTOTARGET Compressed (zipped) Folder SendTo Target ZIP WinRAR ZIP archive --------[ Desktop Gadgets ]--------------------------------------------------------------------------------------------- [ Calendar ] Gadget Properties: Name Calendar Description Browse the days of the calendar. Version 1.1.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML Calendar.Gadget\en-US\gadget.xml [ Clock ] Gadget Properties: Name Clock Description Watch the clock in your own time zone or any city in the world. Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML Clock.Gadget\en-US\gadget.xml [ CPU Meter ] Gadget Properties: Name CPU Meter Description See the current computer CPU and system memory (RAM). Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML CPU.Gadget\en-US\gadget.xml [ Currency ] Gadget Properties: Name Currency Description Convert from one currency to another. Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML Currency.Gadget\en-US\gadget.xml [ DAEMON Tools ] Gadget Properties: Name DAEMON Tools Description Use main DAEMON Tools Lite features faster and easier. Version 1.0.1.0 Author DAEMON Tools Gadget Copyright Copyright © 2009-2010 URL http://www.disc-soft.com/products/dtLite Folder LocalAppData XML DT.gadget\gadget.xml [ Feed Headlines ] Gadget Properties: Name Feed Headlines Description Track the latest news, sports, and entertainment headlines. Version 1.1.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML RSSFeeds.Gadget\en-US\gadget.xml [ Picture Puzzle ] Gadget Properties: Name Picture Puzzle Description Move the pieces of the puzzle and try to put them in order. Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML PicturePuzzle.Gadget\en-US\gadget.xml [ Slide Show ] Gadget Properties: Name Slide Show Description Show a continuous slide show of your pictures. Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML SlideShow.Gadget\en-US\gadget.xml [ Weather ] Gadget Properties: Name Weather Description See what the weather looks like around the world. Version 1.1.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML Weather.Gadget\en-US\gadget.xml [ Windows Media Center ] Gadget Properties: Name Windows Media Center Description Play your latest TV recordings, new Internet TV clips, and favorite music and pictures. Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML MediaCenter.Gadget\en-US\gadget.xml --------[ Windows Security ]-------------------------------------------------------------------------------------------- Operating System Properties: OS Name Microsoft Windows 7 Ultimate OS Service Pack [ TRIAL VERSION ] Winlogon Shell explorer.exe User Account Control (UAC) Enabled System Restore Enabled Data Execution Prevention (DEP, NX, EDB): Supported by Operating System Yes Supported by CPU No Active (To Protect Applications) No Active (To Protect Drivers) No --------[ Windows Update ]---------------------------------------------------------------------------------------------- (Automatic Update) Download:Automatic, Install:Notify Atheros - Network - Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller Update 23.12.2014 ATK - system - ATK0110 ACPI UTILITY Update 23.12.2014 Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2900986) Update 24.12.2014 Cumulative Security Update for Internet Explorer 11 for Windows 7 (KB2976627) Update 24.12.2014 Cumulative Security Update for Internet Explorer 11 for Windows 7 (KB3008923) Update 24.12.2014 Cumulative Security Update for Internet Explorer 11 for Windows 7 (KB3021952) Update 12.02.2015 Cumulative Security Update for Internet Explorer 11 for Windows 7 (KB3032359) Update 11.03.2015 Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB3008923) Update 24.12.2014 Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition Update 06.01.2015 Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition Update 12.02.2015 Definition Update for Microsoft Office 2010 (KB2956207) 32-Bit Edition Update 11.03.2015 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Update 06.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.1023.0) Update 28.12.2014 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.1070.0) Update 29.12.2014 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.1174.0) Update 30.12.2014 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.1251.0) Update 31.12.2014 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.1317.0) Update 01.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.1430.0) Update 03.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.1478.0) Update 04.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.1527.0) Update 05.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.1629.0) Update 06.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.1629.0) Update 06.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.1707.0) Update 07.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.1897.0) Update 09.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.2028.0) Update 11.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.2099.0) Update 12.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.2341.0) Update 14.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.2540.0) Update 16.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.2638.0) Update 18.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.2700.0) Update 19.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.2824.0) Update 20.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.2914.0) Update 21.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.3104.0) Update 23.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.3185.0) Update 24.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.3234.0) Update 25.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.3296.0) Update 26.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.3468.0) Update 28.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.3619.0) Update 30.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.3718.0) Update 31.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.3764.0) Update 01.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.3892.0) Update 03.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.4102.0) Update 05.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.4220.0) Update 06.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.4348.0) Update 08.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.4502.0) Update 10.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.4668.0) Update 11.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.4841.0) Update 13.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.4982.0) Update 15.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.5077.0) Update 16.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.746.0) Update 24.12.2014 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.785.0) Update 24.12.2014 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.802.0) Update 24.12.2014 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.939.0) Update 26.12.2014 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.1102.0) Update 26.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.1294.0) Update 28.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.1364.0) Update 01.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.1548.0) Update 03.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.1783.0) Update 05.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.1900.0) Update 06.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.2030.0) Update 08.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.2089.0) Update 09.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.2175.0) Update 10.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.2284.0) Update 11.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.2411.0) Update 12.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.2542.0) Update 13.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.2608.0) Update 14.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.264.0) Update 19.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.2708.0) Update 15.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.2797.0) Update 16.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.3002.0) Update 18.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.3140.0) Update 19.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.3288.0) Update 20.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.3434.0) Update 22.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.444.0) Update 20.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.591.0) Update 22.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.659.0) Update 23.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.80.0) Update 17.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.862.0) Update 24.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.978.0) Update 25.02.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.195.1077.0) Update 31.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.195.1215.0) Update 01.04.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.195.129.0) Update 24.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.195.1736.0) Update 04.04.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.195.1987.0) Update 05.04.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.195.2087.0) Update 06.04.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.195.2233.0) Update 07.04.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.195.239.0) Update 25.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.195.2452.0) Update 09.04.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.195.2640.0) Update 10.04.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.195.344.0) Update 26.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.195.555.0) Update 27.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.195.773.0) Update 29.03.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.195.913.0) Update 30.03.2015 Definition Update for Windows Defender - KB915597 (Definition 1.191.707.0) Update 23.12.2014 Internet Explorer 11 for Windows 7 Update 24.12.2014 LG - Display - LG L1718S Update 23.12.2014 Microsoft .NET Framework 4 Client Profile for Windows 7 x86 (KB982670) Update 23.12.2014 Microsoft .NET Framework 4.5.1 for Windows 7 (KB2858725) Update 24.12.2014 Microsoft .NET Framework 4.5.2 for Windows 7 (KB2901983) Update 27.01.2015 Microsoft Security Essentials - 4.6.305.0 (KB2965036) Update 23.12.2014 Microsoft Silverlight (KB2977218) Update 23.12.2014 nVidia - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3 - NVIDIA GeForce 210 Update 23.12.2014 nVidia - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3, Other hardware - NVIDIA GeForce 210 Update 25.02.2015 Platform Update for Windows 7 (KB2670838) Update 24.12.2014 SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile USB Composite Device Update 09.04.2015 Security Update for Internet Explorer 11 for Windows 7 (KB3034196) Update 13.02.2015 Security Update for Internet Explorer 8 for Windows 7 (KB3012176) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2604115) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2656356) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2736422) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2742599) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2832414) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2840631) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2861191) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2861698) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2894844) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2911501) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2931356) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2937610) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2943357) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2968294) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2972100) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2972211) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2973112) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2978120) Update 24.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2979570) Update 24.12.2014 Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Vista, Windows 7, Server 2008 x86 (KB2894842) Update 24.12.2014 Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Vista, Windows 7, Server 2008 x86 (KB2972106) Update 24.12.2014 Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Vista, Windows 7, Server 2008 x86 (KB2972215) Update 24.12.2014 Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Vista, Windows 7, Server 2008 x86 (KB2978125) Update 24.12.2014 Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Vista, Windows 7, Server 2008 x86 (KB2979575) Update 24.12.2014 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2604121) Update 24.12.2014 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2789642) Update 24.12.2014 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2840628) Update 24.12.2014 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2858302) Update 24.12.2014 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2901110) Update 24.12.2014 Security Update for Microsoft .NET Framework 4.5 and 4.5.1 on Windows 7, Windows Vista and Windows Server 2008 x86 (KB2894854) Update 24.12.2014 Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Windows Vista and Windows Server 2008 x86 (KB2972107) Update 24.12.2014 Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Windows Vista and Windows Server 2008 x86 (KB2972216) Update 24.12.2014 Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Windows Vista and Windows Server 2008 x86 (KB2978128) Update 24.12.2014 Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Windows Vista and Windows Server 2008 x86 (KB2979578) Update 24.12.2014 Security Update for Microsoft .NET Framework 4.5.1 on Windows 7, Windows Vista and Windows Server 2008 x86 (KB2898869) Update 24.12.2014 Security Update for Microsoft .NET Framework 4.5.1 on Windows 7, Windows Vista, and Windows Server 2008 x86 (KB2901126) Update 24.12.2014 Security Update for Windows 7 (KB2207566) Update 23.12.2014 Security Update for Windows 7 (KB2385678) Update 23.12.2014 Security Update for Windows 7 (KB2425227) Update 23.12.2014 Security Update for Windows 7 (KB2479943) Update 24.12.2014 Security Update for Windows 7 (KB2491683) Update 24.12.2014 Security Update for Windows 7 (KB2506212) Update 24.12.2014 Security Update for Windows 7 (KB2509553) Update 24.12.2014 Security Update for Windows 7 (KB2511455) Update 24.12.2014 Security Update for Windows 7 (KB2532531) Update 24.12.2014 Security Update for Windows 7 (KB2532531) Update 24.12.2014 Security Update for Windows 7 (KB2536275) Update 24.12.2014 Security Update for Windows 7 (KB2536276) Update 24.12.2014 Security Update for Windows 7 (KB2544893) Update 24.12.2014 Security Update for Windows 7 (KB2560656) Update 24.12.2014 Security Update for Windows 7 (KB2564958) Update 24.12.2014 Security Update for Windows 7 (KB2570947) Update 24.12.2014 Security Update for Windows 7 (KB2579686) Update 24.12.2014 Security Update for Windows 7 (KB2585542) Update 24.12.2014 Security Update for Windows 7 (KB2619339) Update 24.12.2014 Security Update for Windows 7 (KB2620704) Update 24.12.2014 Security Update for Windows 7 (KB2621440) Update 24.12.2014 Security Update for Windows 7 (KB2631813) Update 24.12.2014 Security Update for Windows 7 (KB2644615) Update 24.12.2014 Security Update for Windows 7 (KB2653956) Update 24.12.2014 Security Update for Windows 7 (KB2654428) Update 24.12.2014 Security Update for Windows 7 (KB2667402) Update 24.12.2014 Security Update for Windows 7 (KB2676562) Update 24.12.2014 Security Update for Windows 7 (KB2690533) Update 24.12.2014 Security Update for Windows 7 (KB2698365) Update 24.12.2014 Security Update for Windows 7 (KB2705219) Update 24.12.2014 Security Update for Windows 7 (KB2712808) Update 24.12.2014 Security Update for Windows 7 (KB2727528) Update 24.12.2014 Security Update for Windows 7 (KB2770660) Update 24.12.2014 Security Update for Windows 7 (KB2803821) Update 24.12.2014 Security Update for Windows 7 (KB2807986) Update 24.12.2014 Security Update for Windows 7 (KB2813347) Update 24.12.2014 Security Update for Windows 7 (KB2813430) Update 24.12.2014 Security Update for Windows 7 (KB2835361) Update 24.12.2014 Security Update for Windows 7 (KB2839894) Update 24.12.2014 Security Update for Windows 7 (KB2847311) Update 24.12.2014 Security Update for Windows 7 (KB2847927) Update 24.12.2014 Security Update for Windows 7 (KB2859537) Update 24.12.2014 Security Update for Windows 7 (KB2862152) Update 24.12.2014 Security Update for Windows 7 (KB2862330) Update 24.12.2014 Security Update for Windows 7 (KB2862335) Update 24.12.2014 Security Update for Windows 7 (KB2862966) Update 24.12.2014 Security Update for Windows 7 (KB2862973) Update 24.12.2014 Security Update for Windows 7 (KB2864058) Update 24.12.2014 Security Update for Windows 7 (KB2864202) Update 24.12.2014 Security Update for Windows 7 (KB2868038) Update 24.12.2014 Security Update for Windows 7 (KB2868626) Update 24.12.2014 Security Update for Windows 7 (KB2871997) Update 24.12.2014 Security Update for Windows 7 (KB2884256) Update 24.12.2014 Security Update for Windows 7 (KB2887069) Update 24.12.2014 Security Update for Windows 7 (KB2892074) Update 24.12.2014 Security Update for Windows 7 (KB2893294) Update 24.12.2014 Security Update for Windows 7 (KB2912390) Update 24.12.2014 Security Update for Windows 7 (KB2918614) Update 24.12.2014 Security Update for Windows 7 (KB2922229) Update 24.12.2014 Security Update for Windows 7 (KB2926765) Update 24.12.2014 Security Update for Windows 7 (KB2939576) Update 24.12.2014 Security Update for Windows 7 (KB2957189) Update 24.12.2014 Security Update for Windows 7 (KB2957503) Update 24.12.2014 Security Update for Windows 7 (KB2957509) Update 24.12.2014 Security Update for Windows 7 (KB2961072) Update 24.12.2014 Security Update for Windows 7 (KB2965788) Update 24.12.2014 Security Update for Windows 7 (KB2965788) Update 24.12.2014 Security Update for Windows 7 (KB2971850) Update 24.12.2014 Security Update for Windows 7 (KB2972280) Update 24.12.2014 Security Update for Windows 7 (KB2973201) Update 24.12.2014 Security Update for Windows 7 (KB2973351) Update 24.12.2014 Security Update for Windows 7 (KB2976897) Update 24.12.2014 Security Update for Windows 7 (KB2977292) Update 24.12.2014 Security Update for Windows 7 (KB2978668) Update 24.12.2014 Security Update for Windows 7 (KB2978742) Update 24.12.2014 Security Update for Windows 7 (KB2984972) Update 24.12.2014 Security Update for Windows 7 (KB2984976) Update 24.12.2014 Security Update for Windows 7 (KB2984981) Update 24.12.2014 Security Update for Windows 7 (KB2991963) Update 24.12.2014 Security Update for Windows 7 (KB2992611) Update 24.12.2014 Security Update for Windows 7 (KB2993651) Update 24.12.2014 Security Update for Windows 7 (KB2993958) Update 24.12.2014 Security Update for Windows 7 (KB3002885) Update 24.12.2014 Security Update for Windows 7 (KB3003743) Update 24.12.2014 Security Update for Windows 7 (KB3004361) Update 12.02.2015 Security Update for Windows 7 (KB3005607) Update 24.12.2014 Security Update for Windows 7 (KB3006226) Update 24.12.2014 Security Update for Windows 7 (KB3010788) Update 24.12.2014 Security Update for Windows 7 (KB3011780) Update 24.12.2014 Security Update for Windows 7 (KB3013126) Update 24.12.2014 Security Update for Windows 7 (KB3013455) Update 12.02.2015 Security Update for Windows 7 (KB3019215) Update 14.01.2015 Security Update for Windows 7 (KB3020388) Update 14.01.2015 Security Update for Windows 7 (KB3021674) Update 14.01.2015 Security Update for Windows 7 (KB3022777) Update 14.01.2015 Security Update for Windows 7 (KB3023266) Update 14.01.2015 Security Update for Windows 7 (KB3023562) Update 12.02.2015 Security Update for Windows 7 (KB3029944) Update 12.02.2015 Security Update for Windows 7 (KB3030377) Update 11.03.2015 Security Update for Windows 7 (KB3031432) Update 12.02.2015 Security Update for Windows 7 (KB3032323) Update 11.03.2015 Security Update for Windows 7 (KB3033889) Update 11.03.2015 Security Update for Windows 7 (KB3033929) Update 11.03.2015 Security Update for Windows 7 (KB3034344) Update 11.03.2015 Security Update for Windows 7 (KB3035126) Update 11.03.2015 Security Update for Windows 7 (KB3035131) Update 11.03.2015 Security Update for Windows 7 (KB3035132) Update 11.03.2015 Security Update for Windows 7 (KB3036493) Update 11.03.2015 Security Update for Windows 7 (KB3039066) Update 11.03.2015 Security Update for Windows 7 (KB3046049) Update 11.03.2015 Security Update for Windows 7 (KB978601) Update 23.12.2014 Security Update for Windows 7 (KB979309) Update 23.12.2014 Security Update for Windows 7 (KB980232) Update 23.12.2014 Security Update for Windows 7 (KB981332) Update 23.12.2014 Security Update for Windows 7 (KB982214) Update 23.12.2014 Update for Internet Explorer 11 for Windows 7 (KB3025390) Update 24.12.2014 Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 (KB2685811) Update 24.12.2014 Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2836942) Update 24.12.2014 Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2468871) Update 24.12.2014 Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2533523) Update 24.12.2014 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2836939) Update 24.12.2014 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2836939) Update 24.12.2014 Update for Microsoft Office 2010 (KB2494150), 32-Bit Edition Update 06.01.2015 Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update 06.01.2015 Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update 06.01.2015 Update for Microsoft Security Essentials - 4.7.205.0 (KB2994766) Update 12.02.2015 Update for Microsoft Visual C++ 2012 Update 4 Redistributable Package (KB3032622) Update 12.02.2015 Update for Microsoft Visual Studio 2010 Tools for Office Runtime (KB3001652) Update 12.02.2015 Update for User-Mode Driver Framework version 1.11 for Windows 7 (KB2685813) Update 24.12.2014 Update for Windows 7 (KB2506928) Update 24.12.2014 Update for Windows 7 (KB2515325) Update 24.12.2014 Update for Windows 7 (KB2545698) Update 24.12.2014 Update for Windows 7 (KB2547666) Update 24.12.2014 Update for Windows 7 (KB2552343) Update 24.12.2014 Update for Windows 7 (KB2563227) Update 24.12.2014 Update for Windows 7 (KB2574819) Update 24.12.2014 Update for Windows 7 (KB2592687) Update 24.12.2014 Update for Windows 7 (KB2640148) Update 24.12.2014 Update for Windows 7 (KB2647753) Update 24.12.2014 Update for Windows 7 (KB2660075) Update 24.12.2014 Update for Windows 7 (KB2709630) Update 24.12.2014 Update for Windows 7 (KB2718704) Update 24.12.2014 Update for Windows 7 (KB2719857) Update 24.12.2014 Update for Windows 7 (KB2726535) Update 24.12.2014 Update for Windows 7 (KB2729094) Update 24.12.2014 Update for Windows 7 (KB2732059) Update 24.12.2014 Update for Windows 7 (KB2732487) Update 24.12.2014 Update for Windows 7 (KB2732500) Update 24.12.2014 Update for Windows 7 (KB2750841) Update 24.12.2014 Update for Windows 7 (KB2761217) Update 24.12.2014 Update for Windows 7 (KB2763523) Update 24.12.2014 Update for Windows 7 (KB2773072) Update 24.12.2014 Update for Windows 7 (KB2786081) Update 24.12.2014 Update for Windows 7 (KB2798162) Update 24.12.2014 Update for Windows 7 (KB2799926) Update 24.12.2014 Update for Windows 7 (KB2800095) Update 24.12.2014 Update for Windows 7 (KB2808679) Update 24.12.2014 Update for Windows 7 (KB2820331) Update 24.12.2014 Update for Windows 7 (KB2830477) Update 24.12.2014 Update for Windows 7 (KB2834140) Update 24.12.2014 Update for Windows 7 (KB2843630) Update 24.12.2014 Update for Windows 7 (KB2846960) Update 24.12.2014 Update for Windows 7 (KB2847077) Update 24.12.2014 Update for Windows 7 (KB2852386) Update 24.12.2014 Update for Windows 7 (KB2853952) Update 24.12.2014 Update for Windows 7 (KB2868116) Update 24.12.2014 Update for Windows 7 (KB2891804) Update 24.12.2014 Update for Windows 7 (KB2893519) Update 24.12.2014 Update for Windows 7 (KB2908783) Update 24.12.2014 Update for Windows 7 (KB2913152) Update 24.12.2014 Update for Windows 7 (KB2918077) Update 24.12.2014 Update for Windows 7 (KB2919469) Update 24.12.2014 Update for Windows 7 (KB2923545) Update 24.12.2014 Update for Windows 7 (KB2928562) Update 24.12.2014 Update for Windows 7 (KB2929733) Update 24.12.2014 Update for Windows 7 (KB2952664) Update 09.04.2015 Update for Windows 7 (KB2952664) Update 12.02.2015 Update for Windows 7 (KB2952664) Update 24.12.2014 Update for Windows 7 (KB2952664) Update 26.03.2015 Update for Windows 7 (KB2966583) Update 24.12.2014 Update for Windows 7 (KB2970228) Update 24.12.2014 Update for Windows 7 (KB2977728) Update 24.12.2014 Update for Windows 7 (KB2977759) Update 23.12.2014 Update for Windows 7 (KB2978092) Update 24.12.2014 Update for Windows 7 (KB2980245) Update 24.12.2014 Update for Windows 7 (KB2985461) Update 24.12.2014 Update for Windows 7 (KB2994023) Update 24.12.2014 Update for Windows 7 (KB2998812) Update 23.12.2014 Update for Windows 7 (KB3001554) Update 24.12.2014 Update for Windows 7 (KB3004394) Update 12.02.2015 Update for Windows 7 (KB3004469) Update 23.12.2014 Update for Windows 7 (KB3006121) Update 24.12.2014 Update for Windows 7 (KB3006137) Update 25.02.2015 Update for Windows 7 (KB3006625) Update 24.12.2014 Update for Windows 7 (KB3008627) Update 24.12.2014 Update for Windows 7 (KB3009736) Update 24.12.2014 Update for Windows 7 (KB3013410) Update 24.12.2014 Update for Windows 7 (KB3014406) Update 24.12.2014 Update for Windows 7 (KB3015428) Update 23.12.2014 Update for Windows 7 (KB3020338) Update 12.02.2015 Update for Windows 7 (KB3021917) Update 25.02.2015 Update for Windows 7 (KB3035583) Update 06.04.2015 Update for Windows 7 (KB975496) Update 23.12.2014 Update for Windows 7 (KB976422) Update 23.12.2014 Update for Windows 7 (KB976662) Update 23.12.2014 Update for Windows 7 (KB982018) Update 24.12.2014 Update for Windows 7 (KB982110) Update 23.12.2014 Windows 7 Service Pack 1 (KB976932) Update 23.12.2014 Windows 7 Service Pack 1 (KB976932) Update 23.12.2014 Windows Malicious Software Removal Tool - December 2014 (KB890830) Update 23.12.2014 Windows Malicious Software Removal Tool - February 2015 (KB890830) Update 12.02.2015 Windows Malicious Software Removal Tool - January 2015 (KB890830) Update 14.01.2015 Windows Malicious Software Removal Tool - March 2015 (KB890830) Update 11.03.2015 Windows Update Agent 7.6.7600.256 Update 23.12.2014 Windows Update Agent 7.6.7600.320 Update 24.12.2014 --------[ Anti-Virus ]-------------------------------------------------------------------------------------------------- Security Essentials 4.7.0205.0 10.04.2015 ? --------[ Firewall ]---------------------------------------------------------------------------------------------------- Windows Firewall 6.1.7600.16385 Enabled --------[ Anti-Spyware ]------------------------------------------------------------------------------------------------ Microsoft Windows Defender 6.1.7600.16385(win7_rtm.090713-1255) Security Essentials 4.7.0205.0 --------[ Regional ]---------------------------------------------------------------------------------------------------- Time Zone: Current Time Zone GTB Daylight Time Current Time Zone Description (UTC+02:00) Athens, Bucharest Change To Standard Time Last Sunday of October 04:00:00 Change To Daylight Saving Time Last Sunday of March 03:00:00 Language: Language Name (Native) românã Language Name (English) Romanian Language Name (ISO 639) ro Country/Region: Country Name (Native) România Country Name (English) Romania Country Name (ISO 3166) RO Country Code 40 Currency: Currency Name (Native) Leu Currency Name (English) Romanian Leu Currency Symbol (Native) lei Currency Symbol (ISO 4217) RON Currency Format 123.456.789,00 lei Negative Currency Format -123.456.789,00 lei Formatting: Time Format HH:mm:ss Short Date Format dd.MM.yyyy Long Date Format d MMMM yyyy Number Format 123.456.789,00 Negative Number Format -123.456.789,00 List Format first; second; third Native Digits 0123456789 Days of Week: Native Name for Monday luni / L Native Name for Tuesday marþi / Ma Native Name for Wednesday miercuri / Mi Native Name for Thursday joi / J Native Name for Friday vineri / V Native Name for Saturday sâmbãtã / S Native Name for Sunday duminicã / D Months: Native Name for January ianuarie / ian. Native Name for February februarie / feb. Native Name for March martie / mar. Native Name for April aprilie / apr. Native Name for May mai / mai. Native Name for June iunie / iun. Native Name for July iulie / iul. Native Name for August august / aug. Native Name for September septembrie / sep. Native Name for October octombrie / oct. Native Name for November noiembrie / nov. Native Name for December decembrie / dec. Miscellaneous: Calendar Type Gregorian (localized) Default Paper Size A4 Measurement System Metric Display Languages: LCID 0409h (Active) English (United States) --------[ Environment ]------------------------------------------------------------------------------------------------- ALLUSERSPROFILE C:\ProgramData APPDATA C:\Users\ALEX\AppData\Roaming CommonProgramFiles C:\Program Files\Common Files COMPUTERNAME ALEX-PC ComSpec C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK NO HOMEDRIVE C: HOMEPATH \Users\ALEX LOCALAPPDATA C:\Users\ALEX\AppData\Local LOGONSERVER \\ALEX-PC NUMBER_OF_PROCESSORS 2 OS Windows_NT Path C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared;C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\;C:\Program Files\Skype\Phone\ PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE x86 PROCESSOR_IDENTIFIER x86 Family 6 Model 15 Stepping 2, GenuineIntel PROCESSOR_LEVEL 6 PROCESSOR_REVISION 0f02 ProgramData C:\ProgramData ProgramFiles C:\Program Files PSModulePath C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC C:\Users\Public SystemDrive C: SystemRoot C:\Windows TEMP C:\Users\ALEX\AppData\Local\Temp TMP C:\Users\ALEX\AppData\Local\Temp USERDOMAIN ALEX-PC USERNAME ALEX USERPROFILE C:\Users\ALEX VBOX_MSI_INSTALL_PATH C:\Program Files\Oracle\VirtualBox\ windir C:\Windows --------[ Control Panel ]----------------------------------------------------------------------------------------------- Action Center Review recent messages and resolve problems with your computer. Administrative Tools Configure administrative settings for your computer. AutoPlay Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games. Backup and Restore Backup and restore your files and system. Monitor latest backup status and configuration. BitLocker Drive Encryption Protect your computer using BitLocker Drive Encryption. Color Management Change advanced color management settings for displays, scanners, and printers. Credential Manager Manage your Windows Credentials. Date and Time Set the date, time, and time zone for your computer. Default Programs Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music. Desktop Gadgets View the desktop gadgets installed on your computer. Device Manager View and update your hardware's settings and driver software. Devices and Printers View and manage devices, printers, and print jobs Display Change your display settings and make it easier to read what's on your screen. Ease of Access Center Make your computer easier to use. Flash Player Manage Flash Player Settings Folder Options Customize the display of files and folders. Fonts Add, change, and manage fonts on your computer. Getting Started Learn about Windows features and start using them. HomeGroup View HomeGroup settings, choose sharing options, and view or change the password. Indexing Options Change how Windows indexes items for faster searching Internet Options Configure your Internet display and connection settings. Java Java Control Panel Keyboard Customize your keyboard settings, such as the cursor blink rate and the character repeat rate. Location and Other Sensors Configure your sensor settings. Mail Microsoft Outlook Profiles Mouse Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed. Network and Sharing Center Check network status, change network settings and set preferences for sharing files and printers. Notification Area Icons Select which icons and notifications appear in the notification area. NVIDIA Control Panel Configure your NVIDIA hardware settings. Parental Controls Change Parental Controls settings. Performance Information and Tools Get information about your computer's speed and performance. If solutions to performance problems are available, Windows lets you know. Personalization Change the pictures, colors, and sounds for this computer. Phone and Modem Configure your telephone dialing rules and modem settings. Power Options Conserve energy or maximize performance by choosing how your computer manages power. Programs and Features Uninstall or change programs on your computer. Recovery Restore your system to an earlier time without affecting your files, or replace everything on your computer and reinstall Windows. Region and Language Customize settings for the display of languages, numbers, times, and dates. RemoteApp and Desktop Connections Manage your RemoteApp and Desktop Connections Sound Configure your audio devices or change the sound scheme for your computer. Speech Recognition Configure how speech recognition works on your computer. Sync Center Sync files between your computer and network folders System View information about your computer, and change settings for hardware, performance, and remote connections. Taskbar and Start Menu Customize the Start Menu and the taskbar, such as the types of items to be displayed and how they should appear. Troubleshooting Troubleshoot and fix common computer problems. User Accounts Change user account settings and passwords for people who share this computer. Windows CardSpace Manage Information Cards used to log on and register with websites and online services. Windows Defender Protection against spyware and potentially unwanted software Windows Firewall Set firewall security options to help protect your computer from hackers and malicious software. Windows Live Language Setting Change the language used for Windows Live programs. Windows Update Check for software and driver updates, choose automatic updating settings, or view installed updates. --------[ Recycle Bin ]------------------------------------------------------------------------------------------------- C: 0 0 ? ? D: 0 0 ? ? --------[ System Files ]------------------------------------------------------------------------------------------------ [ autoexec.bat ] REM Dummy file for NTVDM [ config.sys ] FILES=40 [ autoexec.nt ] @echo off REM AUTOEXEC.BAT is not used to initialize the MS-DOS environment. REM AUTOEXEC.NT is used to initialize the MS-DOS environment unless a REM different startup file is specified in an application's PIF. REM Install CD ROM extensions lh %SystemRoot%\system32\mscdexnt.exe REM Install network redirector (load before dosx.exe) lh %SystemRoot%\system32\redir REM Install DPMI support lh %SystemRoot%\system32\dosx REM The following line enables Sound Blaster 2.0 support on NTVDM. REM The command for setting the BLASTER environment is as follows: REM SET BLASTER=A220 I5 D1 P330 REM where: REM A specifies the sound blaster's base I/O port REM I specifies the interrupt request line REM D specifies the 8-bit DMA channel REM P specifies the MPU-401 base I/O port REM T specifies the type of sound blaster card REM 1 - Sound Blaster 1.5 REM 2 - Sound Blaster Pro I REM 3 - Sound Blaster 2.0 REM 4 - Sound Blaster Pro II REM 6 - SOund Blaster 16/AWE 32/32/64 REM REM The default value is A220 I5 D1 T3 and P330. If any of the switches is REM left unspecified, the default value will be used. (NOTE, since all the REM ports are virtualized, the information provided here does not have to REM match the real hardware setting.) NTVDM supports Sound Blaster 2.0 only. REM The T switch must be set to 3, if specified. SET BLASTER=A220 I5 D1 P330 T3 REM To disable the sound blaster 2.0 support on NTVDM, specify an invalid REM SB base I/O port address. For example: REM SET BLASTER=A0 [ config.nt ] REM Windows MS-DOS Startup File REM REM CONFIG.SYS vs CONFIG.NT REM CONFIG.SYS is not used to initialize the MS-DOS environment. REM CONFIG.NT is used to initialize the MS-DOS environment unless a REM different startup file is specified in an application's PIF. REM REM ECHOCONFIG REM By default, no information is displayed when the MS-DOS environment REM is initialized. To display CONFIG.NT/AUTOEXEC.NT information, add REM the command echoconfig to CONFIG.NT or other startup file. REM REM NTCMDPROMPT REM When you return to the command prompt from a TSR or while running an REM MS-DOS-based application, Windows runs COMMAND.COM. This allows the REM TSR to remain active. To run CMD.EXE, the Windows command prompt, REM rather than COMMAND.COM, add the command ntcmdprompt to CONFIG.NT or REM other startup file. REM REM DOSONLY REM By default, you can start any type of application when running REM COMMAND.COM. If you start an application other than an MS-DOS-based REM application, any running TSR may be disrupted. To ensure that only REM MS-DOS-based applications can be started, add the command dosonly to REM CONFIG.NT or other startup file. REM REM EMM REM You can use EMM command line to configure EMM(Expanded Memory Manager). REM The syntax is: REM REM EMM = [A=AltRegSets] [B=BaseSegment] [RAM] REM REM AltRegSets REM specifies the total Alternative Mapping Register Sets you REM want the system to support. 1 <= AltRegSets <= 255. The REM default value is 8. REM BaseSegment REM specifies the starting segment address in the Dos conventional REM memory you want the system to allocate for EMM page frames. REM The value must be given in Hexdecimal. REM 0x1000 <= BaseSegment <= 0x4000. The value is rounded down to REM 16KB boundary. The default value is 0x4000 REM RAM REM specifies that the system should only allocate 64Kb address REM space from the Upper Memory Block(UMB) area for EMM page frames REM and leave the rests(if available) to be used by DOS to support REM loadhigh and devicehigh commands. The system, by default, would REM allocate all possible and available UMB for page frames. REM REM The EMM size is determined by pif file(either the one associated REM with your application or _default.pif). If the size from PIF file REM is zero, EMM will be disabled and the EMM line will be ignored. REM dos=high, umb device=%SystemRoot%\system32\himem.sys files=40 [ msdos.sys ] [ system.ini ] ; for 16-bit app support [386Enh] woafont=dosapp.fon EGA80WOA.FON=EGA80WOA.FON EGA40WOA.FON=EGA40WOA.FON CGA80WOA.FON=CGA80WOA.FON CGA40WOA.FON=CGA40WOA.FON [drivers] wave=mmdrv.dll timer=timer.drv [mci] [ win.ini ] ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 CMCDLLNAME32=mapi32.dll CMC=1 MAPIX=1 MAPIXVER=1.0.0.1 OLEMessaging=1 [MCI Extensions.BAK] 3g2=MPEGVideo 3gp=MPEGVideo 3gp2=MPEGVideo 3gpp=MPEGVideo aac=MPEGVideo adt=MPEGVideo adts=MPEGVideo m2t=MPEGVideo m2ts=MPEGVideo m2v=MPEGVideo m4a=MPEGVideo m4v=MPEGVideo mod=MPEGVideo mov=MPEGVideo mp4=MPEGVideo mp4v=MPEGVideo mts=MPEGVideo ts=MPEGVideo tts=MPEGVideo [ hosts ] [ lmhosts.sam ] --------[ System Folders ]---------------------------------------------------------------------------------------------- Administrative Tools C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools AppData C:\Users\ALEX\AppData\Roaming Cache C:\Users\ALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files CD Burning C:\Users\ALEX\AppData\Local\Microsoft\Windows\Burn\Burn Common Administrative Tools C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools Common AppData C:\ProgramData Common Desktop C:\Users\Public\Desktop Common Documents C:\Users\Public\Documents Common Favorites C:\Users\ALEX\Favorites Common Files C:\Program Files\Common Files Common Music C:\Users\Public\Music Common Pictures C:\Users\Public\Pictures Common Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs Common Start Menu C:\ProgramData\Microsoft\Windows\Start Menu Common Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Common Templates C:\ProgramData\Microsoft\Windows\Templates Common Video C:\Users\Public\Videos Cookies C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies Desktop C:\Users\ALEX\Desktop Device C:\Windows\inf Favorites C:\Users\ALEX\Favorites Fonts C:\Windows\Fonts History C:\Users\ALEX\AppData\Local\Microsoft\Windows\History Local AppData C:\Users\ALEX\AppData\Local My Documents C:\Users\ALEX\Documents My Music C:\Users\ALEX\Music My Pictures C:\Users\ALEX\Pictures My Video C:\Users\ALEX\Videos NetHood C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Network Shortcuts PrintHood C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Profile C:\Users\ALEX Program Files C:\Program Files Programs C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs Recent C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Recent Resources C:\Windows\resources SendTo C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\SendTo Start Menu C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Start Menu Startup C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup System C:\Windows\system32 Temp C:\Users\ALEX\AppData\Local\Temp\ Templates C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Templates Windows C:\Windows --------[ Event Logs ]-------------------------------------------------------------------------------------------------- Application Warning None 2015-04-04 13:16:49 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:16:49 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:16:49 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:16:49 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:16:49 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:16:49 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:16:49 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:16:49 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:16:49 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:16:49 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. (stop logging every single event of this type because there are too many) Application Warning None 2015-04-04 13:20:36 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:20:36 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:20:36 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:20:36 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:20:36 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:20:36 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:20:36 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:20:36 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:20:36 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:20:36 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. (stop logging every single event of this type because there are too many) Application Warning None 2015-04-04 13:27:01 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:31:52 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:31:52 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:31:52 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:31:52 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:31:52 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:31:52 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:31:52 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:31:52 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-04 13:31:53 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. (stop logging every single event of this type because there are too many) Application Warning None 2015-04-04 13:32:53 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. (skipped 5006253 previous events of this type) Application Warning None 2015-04-04 13:47:57 SYSTEM Microsoft-Windows-User Profiles Service 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-3593775987-478510106-1758812537-1001: Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 1092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\CA Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Root Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\trust Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\My Application Warning None 2015-04-05 10:08:04 SYSTEM Microsoft-Windows-User Profiles Service 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 8 user registry handles leaked from \Registry\User\S-1-5-21-3593775987-478510106-1758812537-1001: Process 1104 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 1104 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1104 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 1104 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1104 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1104 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\Internet Explorer\Main Process 1104 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software Process 1104 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies Application Error 101 2015-04-05 13:16:50 Application Hang 1002: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 7c0 Start Time: 01d06f89549b233b Termination Time: 47 Application Path: C:\Windows\Explorer.EXE Report Id: dceefe6e-db7c-11e4-9040-0018f31a3d45 Application Warning None 2015-04-05 17:57:12 SYSTEM Microsoft-Windows-User Profiles Service 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 0 user registry handles leaked from \Registry\User\S-1-5-21-3593775987-478510106-1758812537-1001: Application Warning None 2015-04-06 11:25:22 Wlclntfy 6001: The winlogon notification subscriber failed a notification event. Application Warning None 2015-04-06 11:25:22 Wlclntfy 6000: The winlogon notification subscriber was unavailable to handle a notification event. Application Warning None 2015-04-06 11:25:22 Wlclntfy 6001: The winlogon notification subscriber failed a notification event. Application Warning 3 2015-04-06 13:02:17 Windows Search Service 3036: The content source cannot be accessed. Context: Application, SystemIndex Catalog Details: The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add. (HRESULT : 0x80040d0d) (0x80040d0d) Application Error 101 2015-04-06 13:02:57 Application Hang 1002: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 7e4 Start Time: 01d0705084b8c448 Termination Time: 47 Application Path: C:\Windows\Explorer.EXE Report Id: 16260733-dc44-11e4-b980-0018f31a3d45 Application Warning None 2015-04-06 13:37:19 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-06 13:37:19 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-06 13:37:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-06 13:37:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-06 13:37:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-06 13:37:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-06 13:37:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-06 13:37:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-06 13:37:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-06 13:37:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. (stop logging every single event of this type because there are too many) Application Warning None 2015-04-06 13:38:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. (skipped 333784 previous events of this type) Application Warning None 2015-04-06 13:39:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. (skipped 342738 previous events of this type) Application Warning None 2015-04-06 13:40:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. (skipped 290870 previous events of this type) Application Warning None 2015-04-06 13:41:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. (skipped 306835 previous events of this type) Application Warning None 2015-04-06 13:42:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. (skipped 344088 previous events of this type) Application Warning None 2015-04-06 13:43:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. (skipped 354885 previous events of this type) Application Warning None 2015-04-06 13:44:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. (skipped 320862 previous events of this type) Application Warning None 2015-04-06 13:45:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. (skipped 333908 previous events of this type) Application Warning None 2015-04-06 13:46:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. (skipped 346644 previous events of this type) Application Warning None 2015-04-06 13:47:21 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. (skipped 345158 previous events of this type) Application Error 101 2015-04-06 17:59:51 Application Hang 1002: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 740 Start Time: 01d070773ba03bc0 Termination Time: 62 Application Path: C:\Windows\Explorer.EXE Report Id: 90ac2a87-dc6d-11e4-9bb2-0018f31a3d45 Application Warning None 2015-04-06 18:05:40 SYSTEM Microsoft-Windows-User Profiles Service 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 14 user registry handles leaked from \Registry\User\S-1-5-21-3593775987-478510106-1758812537-1001: Process 5300 (\Device\HarddiskVolume3\utorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 5300 (\Device\HarddiskVolume3\utorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 5300 (\Device\HarddiskVolume3\utorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1104 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 5300 (\Device\HarddiskVolume3\utorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 1104 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 5300 (\Device\HarddiskVolume3\utorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness Process 1104 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1104 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 5300 (\Device\HarddiskVolume3\utorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1104 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\Internet Explorer\Main Process 1104 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software Process 5300 (\Device\HarddiskVolume3\utorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1104 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies Application Warning None 2015-04-06 18:05:41 SYSTEM Microsoft-Windows-User Profiles Service 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3593775987-478510106-1758812537-1001_Classes: Process 5300 (\Device\HarddiskVolume3\utorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001_CLASSES Process 5300 (\Device\HarddiskVolume3\utorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001_CLASSES Application Warning None 2015-04-06 18:18:48 SYSTEM Microsoft-Windows-User Profiles Service 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3593775987-478510106-1758812537-1001: Process 2660 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2660 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2660 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2660 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2660 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\CA Process 2660 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2660 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2660 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2660 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2660 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2660 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2660 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2660 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Root Process 2660 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\trust Process 2660 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\My Application Error None 2015-04-06 19:41:05 VSS 8194: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {4643ce01-410a-4d72-9040-c44d2a4c9f1a} Application Warning None 2015-04-06 20:02:29 SYSTEM Microsoft-Windows-User Profiles Service 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 22 user registry handles leaked from \Registry\User\S-1-5-21-3593775987-478510106-1758812537-1001: Process 2536 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2536 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2536 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2536 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 1068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2536 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\CA Process 1068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2536 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2536 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2536 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2536 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2536 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2536 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 1068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\Internet Explorer\Main Process 2536 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2536 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Root Process 1068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software Process 1068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies Process 2536 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\trust Process 2536 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\My Application Warning None 2015-04-07 08:00:38 SYSTEM Microsoft-Windows-User Profiles Service 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3593775987-478510106-1758812537-1001: Process 1060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Application Warning None 2015-04-07 11:07:55 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-07 11:07:55 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-07 11:07:58 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-07 11:07:58 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-07 11:07:58 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-07 11:07:58 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-07 11:07:58 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-07 11:07:58 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-07 11:07:58 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-07 11:07:58 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. (stop logging every single event of this type because there are too many) Application Error 101 2015-04-07 20:10:16 Application Hang 1002: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 79c Start Time: 01d071459f851070 Termination Time: 52 Application Path: C:\Windows\Explorer.EXE Report Id: f17ac7a0-dd48-11e4-a43c-0018f31a3d45 Application Warning None 2015-04-07 21:31:09 SYSTEM Microsoft-Windows-User Profiles Service 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3593775987-478510106-1758812537-1001: Process 2472 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2472 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2472 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2472 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2472 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\CA Process 2472 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2472 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2472 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2472 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2472 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2472 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2472 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2472 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Root Process 2472 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\trust Process 2472 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\My Application Warning None 2015-04-08 12:08:07 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-08 12:11:52 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Warning None 2015-04-08 12:18:49 NVIDIA OpenGL Driver 2: The NVIDIA OpenGL driver has encountered an out of memory error. This application might behave inconsistently and fail. Application Error 101 2015-04-09 11:20:10 Application Hang 1002: The program mirc.exe version 7.41.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 918 Start Time: 01d0729dc9cea736 Termination Time: 156 Application Path: D:\Programe\TriviaBot\mirc.exe Report Id: 3ab8589f-de91-11e4-9060-0018f31a3d45 Application Warning None 2015-04-09 11:26:11 SYSTEM Microsoft-Windows-User Profiles Service 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-3593775987-478510106-1758812537-1001: Process 2452 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2452 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2452 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2452 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 1072 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2452 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\CA Process 2452 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2452 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2452 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2452 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2452 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2452 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2452 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2452 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Root Process 2452 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\trust Process 2452 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\My Application Error 101 2015-04-09 15:04:49 Application Hang 1002: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 184 Start Time: 01d072bd060684f5 Termination Time: 0 Application Path: C:\Windows\Explorer.EXE Report Id: 989b9916-deb0-11e4-9b5b-0018f31a3d45 Application Warning None 2015-04-09 20:31:19 SYSTEM Microsoft-Windows-User Profiles Service 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3593775987-478510106-1758812537-1001: Process 1092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Application Warning None 2015-04-10 13:16:24 SYSTEM Microsoft-Windows-User Profiles Service 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3593775987-478510106-1758812537-1001: Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\CA Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Root Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\trust Process 2544 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\My Application Warning None 2015-04-10 14:04:20 SYSTEM Microsoft-Windows-User Profiles Service 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 30 user registry handles leaked from \Registry\User\S-1-5-21-3593775987-478510106-1758812537-1001: Process 2416 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2416 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2416 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2416 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\CA Process 2416 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\CA Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2416 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Disallowed Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2416 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2416 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2416 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2416 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2416 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2416 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Root Process 2416 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Root Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\trust Process 2416 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\trust Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\My Process 2416 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\My Application Warning None 2015-04-10 18:36:25 SYSTEM Microsoft-Windows-User Profiles Service 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3593775987-478510106-1758812537-1001: Process 2392 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2392 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2392 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2392 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001 Process 2392 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\CA Process 2392 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2392 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2392 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2392 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2392 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Policies\Microsoft\SystemCertificates Process 2392 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2392 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2392 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\Root Process 2392 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\trust Process 2392 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3593775987-478510106-1758812537-1001\Software\Microsoft\SystemCertificates\My Security Audit Success 12288 2015-04-04 12:51:06 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-04 12:51:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-04 12:51:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-04 12:51:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-04 12:51:06 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa64e Security Audit Success 12544 2015-04-04 12:51:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-04 12:51:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-04 12:51:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-04 12:51:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-04 12:51:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-04 12:51:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-04 12:51:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-04 12:51:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-04 12:51:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-04 12:51:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-04 12:51:12 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12544 2015-04-04 12:51:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-04 12:51:12 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-04 12:51:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x1889f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-04 12:51:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x189e9 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-04 12:51:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-04 12:51:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x1889f Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-04 12:51:13 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-04 12:51:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3e50f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-04 12:51:48 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-04 12:51:48 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-04 12:51:49 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-04 12:51:49 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-04 12:52:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-04 12:52:27 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-04 12:52:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-04 12:52:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-04 12:52:50 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-04 12:52:50 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-04 12:53:01 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-04 12:53:02 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-04 12:53:02 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-04 12:54:02 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-04 12:54:02 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-04 12:55:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-04 12:55:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-04 13:06:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-04 13:06:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-04 13:06:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-04 13:06:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-04 13:06:54 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x3dc Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x35ba17 Security Audit Success 13568 2015-04-04 13:06:54 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x3dc Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x35ba17 Security Audit Success 12544 2015-04-04 13:11:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-04 13:11:31 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-04 13:15:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-04 13:15:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2015-04-04 13:47:56 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x189e9 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-04 13:48:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-04 13:48:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-04 13:48:13 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-05 09:51:54 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-05 09:51:54 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2015-04-05 09:51:54 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x9887 Security Audit Success 12544 2015-04-05 09:52:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-05 09:52:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-05 09:52:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 09:52:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-05 09:52:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-05 09:52:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-05 09:52:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-05 09:52:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-05 09:52:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 09:52:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-05 09:52:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-05 09:52:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-05 09:52:08 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-05 09:52:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18854 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-05 09:52:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x1889f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 09:52:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18854 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-05 09:52:09 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-05 09:52:09 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-05 09:52:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 09:52:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-05 09:52:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3ec31 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-05 09:53:10 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-05 09:53:10 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-05 09:53:11 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-05 09:53:11 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-05 09:53:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 09:53:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-05 09:53:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 09:53:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-05 09:53:48 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-05 09:53:48 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-05 09:53:59 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-05 09:53:59 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-05 09:53:59 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-05 09:54:59 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-05 09:54:59 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-05 09:56:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 09:56:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12288 2015-04-05 09:58:19 Microsoft-Windows-Security-Auditing 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x450 Name: C:\Windows\System32\svchost.exe Previous Time: 2015-04-05T06:58:25.007046900Z New Time: 2015-04-05T06:58:19.172629100Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer. Security Audit Success 12288 2015-04-05 09:58:19 Microsoft-Windows-Security-Auditing 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x450 Name: C:\Windows\System32\svchost.exe Previous Time: 2015-04-05T06:58:19.188229100Z New Time: 2015-04-05T06:58:19.188000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer. Security Audit Success 12288 2015-04-05 09:58:19 Microsoft-Windows-Security-Auditing 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x450 Name: C:\Windows\System32\svchost.exe Previous Time: 2015-04-05T06:58:19.188000000Z New Time: 2015-04-05T06:58:19.188000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer. Security Audit Success 12544 2015-04-05 10:01:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 10:01:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-05 10:06:17 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-05 10:06:17 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12545 2015-04-05 10:08:04 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x1889f This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2015-04-05 10:08:08 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-05 13:14:33 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-05 13:14:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-05 13:14:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-05 13:14:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 13:14:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-05 13:14:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-05 13:14:33 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa5d1 Security Audit Success 12544 2015-04-05 13:14:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 13:14:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-05 13:14:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-05 13:14:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-05 13:14:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 13:14:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-05 13:14:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-05 13:14:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-05 13:14:39 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12544 2015-04-05 13:14:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-05 13:14:39 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-05 13:14:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x19d1e Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-05 13:14:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x19d47 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 13:14:39 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-05 13:14:39 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x19d1e Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-05 13:14:40 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-05 13:15:05 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3f6d9 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-05 13:15:33 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-05 13:15:33 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-05 13:15:33 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-05 13:15:33 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-05 13:16:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 13:16:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-05 13:16:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 13:16:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-05 13:16:19 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-05 13:16:19 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-05 13:16:29 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-05 13:16:30 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-05 13:16:30 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-05 13:17:31 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-05 13:17:31 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-05 13:19:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 13:19:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12288 2015-04-05 13:22:55 Microsoft-Windows-Security-Auditing 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x448 Name: C:\Windows\System32\svchost.exe Previous Time: 2015-04-05T10:22:55.579251300Z New Time: 2015-04-05T10:22:55.579000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer. Security Audit Success 12544 2015-04-05 13:32:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 13:32:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2015-04-05 14:09:52 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x19d47 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-05 14:09:53 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 14:09:53 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-05 14:09:58 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-05 17:01:04 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-05 17:01:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-05 17:01:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 17:01:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-05 17:01:04 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa55c Security Audit Success 12544 2015-04-05 17:01:05 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-05 17:01:05 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 17:01:05 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-05 17:01:05 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-05 17:01:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-05 17:01:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-05 17:01:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 17:01:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-05 17:01:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-05 17:01:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-05 17:01:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 17:01:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-05 17:01:10 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-05 17:01:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18504 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-05 17:01:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x1852a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 17:01:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18504 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-05 17:01:11 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-05 17:01:12 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-05 17:01:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x37cb3 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-05 17:01:58 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-05 17:01:58 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-05 17:01:58 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-05 17:01:58 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-05 17:02:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 17:02:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-05 17:02:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-05 17:02:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-05 17:02:51 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-05 17:02:51 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-05 17:03:01 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-05 17:03:02 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-05 17:03:02 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-05 17:04:02 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-05 17:04:02 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12288 2015-04-05 17:07:27 Microsoft-Windows-Security-Auditing 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x468 Name: C:\Windows\System32\svchost.exe Previous Time: 2015-04-05T14:07:27.104491100Z New Time: 2015-04-05T14:07:27.104000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer. Security Audit Success 12544 2015-04-05 17:57:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2015-04-05 17:57:12 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x1852a This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12548 2015-04-05 17:57:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-05 17:57:18 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-06 11:16:31 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-06 11:16:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 11:16:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 11:16:31 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-06 11:16:31 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x9e56 Security Audit Success 12544 2015-04-06 11:16:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 11:16:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 11:16:32 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 11:16:32 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 11:16:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 11:16:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 11:16:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 11:16:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 11:16:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 11:16:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-06 11:16:37 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12544 2015-04-06 11:16:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 11:16:37 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-06 11:16:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18675 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 11:16:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18729 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 11:16:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 11:16:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18675 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-06 11:16:39 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-06 11:16:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x37e40 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-06 11:17:24 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-06 11:17:24 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 11:17:24 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-06 11:17:24 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-06 11:17:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 11:17:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 11:18:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 11:18:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-06 11:18:21 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 11:18:21 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 11:18:31 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-06 11:18:32 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 11:18:32 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 11:19:32 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 11:19:32 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12288 2015-04-06 11:19:53 Microsoft-Windows-Security-Auditing 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x43c Name: C:\Windows\System32\svchost.exe Previous Time: 2015-04-06T08:19:53.763514500Z New Time: 2015-04-06T08:19:53.763000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer. Security Audit Success 12544 2015-04-06 11:21:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 11:21:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2015-04-06 11:25:22 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18729 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12288 2015-04-06 13:00:22 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-06 13:00:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 13:00:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 13:00:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 13:00:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:00:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 13:00:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 13:00:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-06 13:00:23 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xb0ea Security Audit Success 12544 2015-04-06 13:00:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 13:00:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 13:00:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:00:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 13:00:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 13:00:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-06 13:00:29 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12544 2015-04-06 13:00:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 13:00:29 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x240 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-06 13:00:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18da5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x240 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 13:00:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18dce Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x240 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:00:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 13:00:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18da5 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-06 13:00:30 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 101 2015-04-06 13:00:31 Microsoft-Windows-Eventlog 1101: Audit events have been dropped by the transport. 0 Security Audit Success 12544 2015-04-06 13:01:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x446bb Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-06 13:01:21 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:01:21 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 13:01:22 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:01:22 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-06 13:02:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:02:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 13:02:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:02:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-06 13:02:28 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:02:28 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 13:02:39 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-06 13:02:39 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:02:39 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 13:03:43 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:03:43 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-06 13:05:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:05:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2015-04-06 13:06:57 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x446bb Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2015-04-06 13:06:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 13:06:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1911dd Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:06:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 13:07:05 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:07:05 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12288 2015-04-06 13:13:13 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-06 13:13:13 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 13:13:13 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 13:13:13 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 13:13:13 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:13:13 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 13:13:13 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 13:13:13 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-06 13:13:13 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa639 Security Audit Success 12544 2015-04-06 13:13:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 13:13:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 13:13:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:13:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 13:13:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 13:13:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 101 2015-04-06 13:13:17 Microsoft-Windows-Eventlog 1101: Audit events have been dropped by the transport. 0 Security Audit Success 12544 2015-04-06 13:13:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:13:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 13:13:19 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-06 13:13:19 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x19f0f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 13:13:19 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x1a023 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:13:19 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x19f0f Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-06 13:13:20 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-06 13:13:23 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-06 13:13:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x40c42 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-06 13:13:56 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:13:56 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 13:13:57 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:13:57 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-06 13:14:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:14:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 13:14:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:14:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-06 13:15:05 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:15:05 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-06 13:15:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:15:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-06 13:15:18 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-06 13:15:18 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:15:18 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-06 13:15:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:15:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 13:15:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:15:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-06 13:15:53 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GWX\GWXUX.exe Handle ID: 0x47c Process Information: Process ID: 0x1c6c Process Name: C:\Windows\servicing\TrustedInstaller.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-06 13:15:53 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GWX\config.xml Handle ID: 0x4c4 Process Information: Process ID: 0x1c6c Process Name: C:\Windows\servicing\TrustedInstaller.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-06 13:15:53 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GWX\GWXUI.dll Handle ID: 0x4e8 Process Information: Process ID: 0x1c6c Process Name: C:\Windows\servicing\TrustedInstaller.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-06 13:15:53 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GWX\GWX.exe Handle ID: 0x500 Process Information: Process ID: 0x1c6c Process Name: C:\Windows\servicing\TrustedInstaller.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-06 13:15:53 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GWX\config.cat Handle ID: 0x47c Process Information: Process ID: 0x1c6c Process Name: C:\Windows\servicing\TrustedInstaller.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-06 13:15:53 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GWX\GWXUXWorker.exe Handle ID: 0x4c4 Process Information: Process ID: 0x1c6c Process Name: C:\Windows\servicing\TrustedInstaller.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-06 13:15:53 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GWX\GWXConfigManager.exe Handle ID: 0x4e8 Process Information: Process ID: 0x1c6c Process Name: C:\Windows\servicing\TrustedInstaller.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-06 13:16:01 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xa20 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x13a880 Security Audit Success 13568 2015-04-06 13:16:01 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xa20 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x13a880 Security Audit Success 12290 2015-04-06 13:16:19 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:16:19 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12545 2015-04-06 13:16:44 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x40c42 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2015-04-06 13:16:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:16:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 13:16:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1707fd Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 13:18:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:18:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-06 13:27:43 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:27:43 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 13:30:33 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:30:33 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 13:30:35 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:30:35 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 13:30:42 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:30:42 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 13:32:51 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:32:51 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 13:32:54 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:32:54 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 13:35:35 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:35:35 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 13:35:38 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:35:38 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 13:35:48 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:35:48 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 13:39:41 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:39:41 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 13:39:43 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 13:39:43 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-06 13:47:48 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 13:47:48 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 14:56:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x513090 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: COSTEA-PC Source Network Address: 192.168.0.101 Source Port: 49169 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 14:56:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5130bf Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: COSTEA-PC Source Network Address: 192.168.0.101 Source Port: 49170 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2015-04-06 14:56:40 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5130bf Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2015-04-06 14:56:40 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x513090 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2015-04-06 14:57:31 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x1a023 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-06 14:57:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 14:57:32 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-06 14:57:38 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-06 17:37:30 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-06 17:37:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2015-04-06 17:37:30 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa76c Security Audit Success 12544 2015-04-06 17:37:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 17:37:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 17:37:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 17:37:31 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 17:37:31 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 17:37:31 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 17:37:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 17:37:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 17:37:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 17:37:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 17:37:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 17:37:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 17:37:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 17:37:36 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x240 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-06 17:37:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17f9b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x240 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 17:37:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17fc1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x240 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 17:37:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 17:37:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17f9b Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-06 17:37:42 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-06 17:37:44 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-06 17:38:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3712a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-06 17:38:34 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-06 17:38:34 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 17:38:34 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-06 17:38:34 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-06 17:39:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 17:39:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 17:39:18 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 17:39:18 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-06 17:39:24 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 17:39:24 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 17:39:35 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-06 17:39:35 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 17:39:35 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 17:40:35 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 17:40:35 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-06 17:49:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 17:49:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-06 17:55:46 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 17:55:46 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-06 17:59:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 17:59:39 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 18:02:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 18:02:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 18:02:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 18:02:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 18:02:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 18:02:31 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-06 18:02:51 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xc7c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x3806f7 Security Audit Success 13568 2015-04-06 18:02:51 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xc7c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x3806f7 Security Audit Success 12545 2015-04-06 18:05:40 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17fc1 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2015-04-06 18:05:45 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-06 18:06:19 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-06 18:06:19 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2015-04-06 18:06:19 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa242 Security Audit Success 12544 2015-04-06 18:06:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 18:06:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 18:06:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 18:06:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 18:06:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 18:06:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 18:06:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 18:06:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 18:06:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 18:06:27 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 18:06:27 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 18:06:27 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 18:06:28 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-06 18:06:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x1880a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 18:06:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18848 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 18:06:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x1880a Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-06 18:06:29 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12544 2015-04-06 18:06:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 18:06:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-06 18:06:30 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-06 18:06:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3c136 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-06 18:07:15 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-06 18:07:15 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 18:07:15 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-06 18:07:15 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-06 18:07:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 18:07:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-06 18:08:03 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 18:08:03 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 18:08:16 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-06 18:08:16 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 18:08:16 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-06 18:08:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 18:08:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-06 18:09:20 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 18:09:20 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-06 18:09:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 18:09:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 18:09:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 18:09:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 18:09:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 18:09:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-06 18:09:58 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1f94 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x125ec8 Security Audit Success 13568 2015-04-06 18:09:58 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1f94 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x125ec8 Security Audit Success 12544 2015-04-06 18:10:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 18:10:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 18:17:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 18:17:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 18:17:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 18:17:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 18:17:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 18:17:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-06 18:17:46 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1a20 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x2b75b1 Security Audit Success 13568 2015-04-06 18:17:46 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1a20 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x2b75b1 Security Audit Success 12545 2015-04-06 18:18:48 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18848 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-06 18:18:53 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x10d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-06 18:18:53 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x2ce9d3 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x10d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 18:18:53 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x2ce9ea Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x10d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 18:18:53 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x2ce9d3 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 18:32:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 18:32:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2015-04-06 18:59:15 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x2ce9ea This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-06 18:59:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 18:59:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-06 18:59:23 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-06 19:00:01 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-06 19:00:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2015-04-06 19:00:01 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x9b4a Security Audit Success 12544 2015-04-06 19:00:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 19:00:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 19:00:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 19:00:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 19:00:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 19:00:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 19:00:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 19:00:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 19:00:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 19:00:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 19:00:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 19:00:10 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-06 19:00:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17b2c Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 19:00:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17cca Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 19:00:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 19:00:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17b2c Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-06 19:00:11 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12544 2015-04-06 19:00:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 19:00:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-06 19:00:12 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-06 19:00:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x36b65 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-06 19:00:48 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-06 19:00:48 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 19:00:48 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-06 19:00:48 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-06 19:01:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 19:01:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-06 19:01:45 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 19:01:45 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 19:01:55 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-06 19:01:56 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 19:01:56 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-06 19:02:56 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 19:02:56 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-06 19:17:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x177b96 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: COSTEA-PC Source Network Address: 192.168.0.101 Source Port: 49184 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 19:17:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x177d90 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: COSTEA-PC Source Network Address: 192.168.0.101 Source Port: 49185 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2015-04-06 19:17:24 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x177b96 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2015-04-06 19:17:24 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x177d90 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2015-04-06 19:41:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 19:41:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 19:41:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 19:41:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-06 19:41:29 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xc8c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x2f63fe Security Audit Success 13568 2015-04-06 19:41:29 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xc8c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x2f63fe Security Audit Success 12290 2015-04-06 19:41:49 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-06 19:41:49 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-06 19:45:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-06 19:45:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 19:45:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-06 19:45:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-06 19:46:01 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x13dc Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x3e6796 Security Audit Success 13568 2015-04-06 19:46:01 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x13dc Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x3e6796 Security Audit Success 12544 2015-04-06 19:46:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 19:46:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 19:50:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 19:50:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-06 19:59:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 19:59:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2015-04-06 20:02:29 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17cca This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-06 20:02:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-06 20:02:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-06 20:02:36 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-07 07:55:37 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-07 07:55:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2015-04-07 07:55:37 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xae91 Security Audit Success 12544 2015-04-07 07:55:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 07:55:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 07:55:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 07:55:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-07 07:55:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-07 07:55:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-07 07:55:47 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 07:55:47 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 07:55:47 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 07:55:47 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-07 07:55:47 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-07 07:55:47 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-07 07:55:48 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 07:55:48 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-07 07:55:48 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x19b56 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 07:55:48 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x19b9c Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 07:55:48 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-07 07:55:48 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x19b56 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-07 07:55:49 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-07 07:55:50 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-07 07:56:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3cc6d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-07 07:56:43 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-07 07:56:43 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-07 07:56:43 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-07 07:56:43 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-07 07:57:19 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 07:57:19 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-07 07:57:36 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-07 07:57:36 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-07 07:57:46 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-07 07:57:47 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-07 07:57:47 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-07 07:58:47 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-07 07:58:47 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12545 2015-04-07 08:00:38 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x19b9c This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-07 08:00:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 08:00:39 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-07 08:00:44 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-07 10:21:15 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-07 10:21:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 10:21:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 10:21:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-07 10:21:15 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xb84a Security Audit Success 12544 2015-04-07 10:21:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 10:21:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 10:21:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-07 10:21:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-07 10:21:19 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 10:21:19 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 10:21:19 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 10:21:19 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 10:21:19 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-07 10:21:19 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-07 10:21:19 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-07 10:21:19 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-07 10:21:20 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-07 10:21:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x19515 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 10:21:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x195a7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 10:21:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x19515 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-07 10:21:21 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-07 10:21:21 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-07 10:21:53 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4bd9d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-07 10:21:59 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-07 10:21:59 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-07 10:21:59 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-07 10:21:59 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-07 10:22:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 10:22:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-07 10:23:08 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-07 10:23:08 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-07 10:23:19 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-07 10:23:20 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-07 10:23:20 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-07 10:24:20 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-07 10:24:20 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-07 10:24:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 10:24:27 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-07 10:26:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 10:26:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-07 10:26:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 10:26:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-07 10:40:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 10:40:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-07 10:55:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 10:55:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2015-04-07 11:34:31 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x195a7 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-07 11:34:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 11:34:32 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-07 11:34:37 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-07 12:20:37 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-07 12:20:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 12:20:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 12:20:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-07 12:20:38 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa02b Security Audit Success 12544 2015-04-07 12:20:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 12:20:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 12:20:39 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-07 12:20:39 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-07 12:20:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 12:20:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 12:20:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 12:20:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-07 12:20:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-07 12:20:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-07 12:20:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 12:20:45 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x220 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-07 12:20:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18150 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x220 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 12:20:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18176 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x220 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 12:20:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-07 12:20:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18150 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-07 12:20:46 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-07 12:20:48 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-07 12:21:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3a235 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-07 12:21:25 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-07 12:21:25 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-07 12:21:25 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-07 12:21:25 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-07 12:22:13 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 12:22:13 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-07 12:22:30 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-07 12:22:30 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-07 12:22:40 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-07 12:22:40 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-07 12:22:40 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-07 12:23:41 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-07 12:23:41 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-07 12:52:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 12:52:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-07 13:49:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 13:49:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2015-04-07 14:13:49 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18176 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-07 14:13:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 14:13:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-07 14:13:55 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-07 18:14:53 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-07 18:14:53 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 18:14:54 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 18:14:54 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-07 18:14:54 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa5d6 Security Audit Success 12544 2015-04-07 18:14:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 18:14:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 18:14:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-07 18:14:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-07 18:15:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 18:15:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 18:15:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 18:15:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-07 18:15:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-07 18:15:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-07 18:15:01 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-07 18:15:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17ad3 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-07 18:15:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17b10 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 18:15:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17ad3 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-07 18:15:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 18:15:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-07 18:15:03 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-07 18:15:04 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-07 18:15:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x403f0 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-07 18:15:33 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-07 18:15:33 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-07 18:15:33 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-07 18:15:33 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-07 18:16:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 18:16:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-07 18:16:47 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-07 18:16:47 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-07 18:16:57 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-07 18:16:58 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-07 18:16:58 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-07 18:17:58 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-07 18:17:58 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-07 18:27:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 18:27:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-07 20:10:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 20:10:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2015-04-07 21:31:09 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17b10 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-07 21:31:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-07 21:31:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-07 21:31:16 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-08 11:40:29 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-08 11:40:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2015-04-08 11:40:29 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa0f7 Security Audit Success 12544 2015-04-08 11:40:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 11:40:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 11:40:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 11:40:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-08 11:40:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-08 11:40:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-08 11:40:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 11:40:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 11:40:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 11:40:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 11:40:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-08 11:40:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-08 11:40:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-08 11:40:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-08 11:40:38 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x220 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-08 11:40:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x185f0 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x220 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 11:40:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x1861e Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x220 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 11:40:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x185f0 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-08 11:40:40 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-08 11:40:40 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-08 11:41:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3de1f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-08 11:41:13 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-08 11:41:13 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-08 11:41:13 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-08 11:41:13 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-08 11:42:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 11:42:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-08 11:42:20 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-08 11:42:20 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-08 11:42:30 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-08 11:42:31 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-08 11:42:31 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-08 11:43:31 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-08 11:43:31 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-08 11:45:13 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 11:45:13 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-08 12:09:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 12:09:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-08 12:13:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 12:13:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12288 2015-04-08 12:14:59 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-08 12:15:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 12:15:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 12:15:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 12:15:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 12:15:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-08 12:15:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-08 12:15:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-08 12:15:00 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa96e Security Audit Success 12544 2015-04-08 12:15:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 12:15:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-08 12:15:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 12:15:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 12:15:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 12:15:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-08 12:15:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-08 12:15:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 101 2015-04-08 12:15:04 Microsoft-Windows-Eventlog 1101: Audit events have been dropped by the transport. 0 Security Audit Success 12544 2015-04-08 12:15:05 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-08 12:15:05 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18518 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 12:15:05 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18582 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 12:15:05 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18518 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-08 12:15:06 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-08 12:15:09 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-08 12:15:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x48658 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-08 12:15:41 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-08 12:15:41 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-08 12:15:41 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-08 12:15:41 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-08 12:16:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 12:16:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-08 12:16:55 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-08 12:16:55 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-08 12:17:07 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-08 12:17:08 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-08 12:17:08 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-08 12:18:08 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-08 12:18:08 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-08 12:20:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 12:20:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-08 12:25:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 12:25:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-08 15:13:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 15:13:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2015-04-08 15:29:16 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18582 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-08 15:29:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 15:29:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-08 15:29:22 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-08 17:56:45 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-08 17:56:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2015-04-08 17:56:45 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa68c Security Audit Success 12544 2015-04-08 17:56:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 17:56:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 17:56:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 17:56:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-08 17:56:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-08 17:56:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-08 17:56:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 17:56:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 17:56:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 17:56:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-08 17:56:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-08 17:56:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-08 17:56:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 17:56:50 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x234 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-08 17:56:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18051 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x234 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-08 17:56:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18077 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x234 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 17:56:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-08 17:56:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18051 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-08 17:56:52 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-08 17:56:54 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-08 17:57:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3baaa Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-08 17:57:44 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-08 17:57:44 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-08 17:57:44 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-08 17:57:44 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-08 17:58:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-08 17:58:32 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-08 17:58:53 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-08 17:58:53 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-08 17:59:03 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-08 17:59:04 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-08 17:59:04 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-08 18:00:04 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-08 18:00:04 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-08 20:06:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2015-04-08 20:06:21 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18077 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12548 2015-04-08 20:06:21 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-08 20:06:26 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-09 10:29:06 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-09 10:29:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 10:29:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 10:29:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-09 10:29:06 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa340 Security Audit Success 12544 2015-04-09 10:29:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 10:29:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 10:29:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-09 10:29:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 10:29:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 10:29:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 10:29:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 10:29:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-09 10:29:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-09 10:29:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 10:29:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 10:29:12 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-09 10:29:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17fa3 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 10:29:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x181e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 10:29:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-09 10:29:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17fa3 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-09 10:29:13 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-09 10:29:14 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-09 10:29:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x36913 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-09 10:29:56 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-09 10:29:56 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 10:29:56 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-09 10:29:56 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-09 10:30:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 10:30:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-09 10:30:51 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 10:30:51 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-09 10:31:02 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-09 10:31:02 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 10:31:02 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-09 10:32:02 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 10:32:02 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-09 10:33:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 10:33:21 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 10:33:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 10:33:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 10:43:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 10:43:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 11:01:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 11:01:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 11:02:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 11:02:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 11:02:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-09 11:02:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 11:02:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x46ae55 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: COSTEA-PC Source Network Address: 192.168.0.101 Source Port: 49161 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 11:02:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x46bd6a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: COSTEA-PC Source Network Address: 192.168.0.101 Source Port: 49164 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2015-04-09 11:02:55 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x46ae55 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2015-04-09 11:02:55 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x46bd6a Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 13568 2015-04-09 11:03:03 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\frxmain.sdb Handle ID: 0x5c4 Process Information: Process ID: 0x1818 Process Name: C:\Windows\servicing\TrustedInstaller.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:03:06 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x16bc Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x4d9f91 Security Audit Success 13568 2015-04-09 11:03:06 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x16bc Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x4d9f91 Security Audit Success 12544 2015-04-09 11:14:48 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x745435 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: COSTEA-PC Source Network Address: 192.168.0.101 Source Port: 49349 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 11:14:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7455db Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: COSTEA-PC Source Network Address: 192.168.0.101 Source Port: 49350 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2015-04-09 11:15:01 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7455db Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2015-04-09 11:15:01 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x745435 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2015-04-09 11:18:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 11:18:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2015-04-09 11:26:11 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x181e5 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\frxmain.sdb Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aepic.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aeinv.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aepdu.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\generaltel.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\acmigration.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\devinv.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\invagent.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\hwcompat.txt Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\appraiser.sdb Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\hwexclude.txt Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\drvmain32.sdb Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\sysmain64runtime.sdb Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\imagingprovider.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\ffuprovider.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\compatprovider.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\diagtrack.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\drvmain64.sdb Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\compatctrl.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\dismapi.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\dismprov.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\sysmain32.sdb Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\setupcompat.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\cosquery.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\compatplugin.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\logprovider.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\sysmain64.sdb Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\sysmain32runtime.sdb Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\DevInv.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:12 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\wdscore.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:13 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\folderprovider.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:13 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\sdbapiu.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:13 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\wica.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:13 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\vhdprovider.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:13 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\dismcoreps.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:13 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\dismcore.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:13 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\wimprovider.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:13 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\diagtrackrunner.exe Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:13 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\CompliancePlugins\DVDPlaybackCompat.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:13 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\CompliancePlugins\SBCompatPlugin.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:13 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\CompliancePlugins\MediaCenterCompat.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:13 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\CompliancePlugins\TouchCompat.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 13568 2015-04-09 11:26:13 Microsoft-Windows-Security-Auditing 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTel\CompliancePlugins\GadgetCompliance.dll Handle ID: 0x18 Process Information: Process ID: 0xbb4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Security Audit Success 103 2015-04-09 11:26:19 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-09 13:35:00 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-09 13:35:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2015-04-09 13:35:01 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa040 Security Audit Success 12544 2015-04-09 13:35:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 13:35:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 13:35:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 13:35:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-09 13:35:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-09 13:35:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 13:35:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 13:35:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 13:35:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 13:35:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-09 13:35:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-09 13:35:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 13:35:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 13:35:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-09 13:35:12 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12544 2015-04-09 13:35:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 13:35:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-09 13:35:13 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-09 13:35:54 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2e990 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 13:36:58 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-09 13:36:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x4b2c5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 13:36:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x4b35a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 13:36:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x4b2c5 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 13:37:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 13:37:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-09 13:37:32 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-09 13:37:32 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 13:37:32 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-09 13:37:32 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-09 13:37:37 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 13:37:37 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-09 13:37:49 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-09 13:37:49 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 13:37:49 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-09 13:38:49 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 13:38:49 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-09 14:01:44 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 14:01:44 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-09 14:01:49 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 14:01:49 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-09 14:02:07 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 14:02:07 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12545 2015-04-09 14:07:23 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x4b35a This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-09 14:07:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 14:07:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-09 14:07:30 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-09 15:02:06 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-09 15:02:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2015-04-09 15:02:06 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa5e2 Security Audit Success 12544 2015-04-09 15:02:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 15:02:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 15:02:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 15:02:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-09 15:02:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-09 15:02:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 15:02:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 15:02:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 15:02:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 15:02:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-09 15:02:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-09 15:02:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 15:02:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 15:02:12 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-09 15:02:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18441 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 15:02:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18474 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 15:02:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-09 15:02:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18441 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-09 15:02:14 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-09 15:02:16 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-09 15:02:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2dd18 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-09 15:03:15 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-09 15:03:15 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 15:03:15 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-09 15:03:15 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-09 15:03:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 15:03:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 15:03:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 15:03:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-09 15:03:57 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 15:03:57 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-09 15:04:09 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-09 15:04:09 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 15:04:09 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-09 15:05:09 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 15:05:09 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12545 2015-04-09 15:08:56 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18474 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-09 15:08:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 15:08:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-09 15:09:04 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-09 16:12:51 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-09 16:12:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 16:12:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 16:12:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-09 16:12:51 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa4c5 Security Audit Success 12544 2015-04-09 16:12:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 16:12:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 16:12:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-09 16:12:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 16:12:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 16:12:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 16:12:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 16:12:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-09 16:12:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-09 16:12:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 16:12:57 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-09 16:12:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18032 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-09 16:12:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18058 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 16:12:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18032 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 16:12:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 16:12:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-09 16:12:59 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-09 16:13:02 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-09 16:13:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3d4b8 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-09 16:13:54 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-09 16:13:54 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 16:13:54 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-09 16:13:54 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-09 16:14:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 16:14:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-09 16:14:39 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 16:14:39 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-09 16:14:49 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-09 16:14:50 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 16:14:50 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-09 16:15:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 16:15:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-09 16:15:50 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-09 16:15:50 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-09 16:24:53 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 16:24:53 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 19:44:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 19:44:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 20:02:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 20:02:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-09 20:31:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 20:31:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2015-04-09 20:31:18 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18058 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-09 20:31:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-09 20:31:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-09 20:31:32 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-10 09:53:20 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-10 09:53:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 09:53:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 09:53:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 09:53:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 09:53:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 09:53:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 09:53:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-10 09:53:20 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa28c Security Audit Success 12544 2015-04-10 09:53:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 09:53:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 09:53:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 09:53:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 09:53:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 09:53:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 09:53:25 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-10 09:53:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17cfa Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 09:53:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17d30 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 09:53:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17cfa Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-10 09:53:26 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12544 2015-04-10 09:53:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 09:53:26 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-10 09:53:27 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-10 09:53:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x44197 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-10 09:54:16 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 09:54:16 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-10 09:54:17 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 09:54:17 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-10 09:54:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 09:54:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-10 09:55:12 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 09:55:12 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-10 09:55:22 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-10 09:55:23 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 09:55:23 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-10 09:56:23 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 09:56:23 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-10 09:58:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 09:58:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 11:18:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 11:18:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 11:41:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 11:41:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 11:51:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 11:51:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 11:51:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 11:51:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 11:52:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 11:52:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 12:43:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 12:43:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 12:45:18 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 12:45:18 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 12:56:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 12:56:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 12:56:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 12:56:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 12:56:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 12:56:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-10 12:57:21 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x14d4 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xec089c Security Audit Success 13568 2015-04-10 12:57:21 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x14d4 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xec089c Security Audit Success 12545 2015-04-10 13:16:24 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17d30 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-10 13:16:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 13:16:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-10 13:16:31 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-10 13:20:49 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-10 13:20:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 13:20:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 13:20:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 13:20:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 13:20:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 13:20:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 13:20:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-10 13:20:49 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa74f Security Audit Success 12544 2015-04-10 13:20:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 13:20:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 13:20:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 13:20:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 13:20:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 13:20:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 13:20:54 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 13:20:54 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-10 13:20:54 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18f14 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 13:20:54 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x190b0 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 13:20:54 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 13:20:54 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18f14 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-10 13:20:55 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-10 13:20:56 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-10 13:21:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3221b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-10 13:21:40 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-10 13:21:40 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 13:21:40 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-10 13:21:40 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-10 13:22:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 13:22:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-10 13:22:26 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 13:22:26 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-10 13:22:36 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-10 13:22:36 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 13:22:36 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-10 13:23:37 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 13:23:37 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-10 13:32:19 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 13:32:19 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 13:36:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 13:36:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 13:55:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 13:55:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2015-04-10 14:04:20 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x190b0 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2015-04-10 14:04:28 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-10 14:05:59 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-10 14:05:59 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 14:06:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 14:06:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 14:06:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 14:06:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 14:06:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 14:06:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-10 14:06:00 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xaacc Security Audit Success 12544 2015-04-10 14:06:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 14:06:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 14:06:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 14:06:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 14:06:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 14:06:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 14:06:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 14:06:04 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-10 14:06:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18832 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 14:06:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18883 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 14:06:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 14:06:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18832 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-10 14:06:06 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-10 14:06:07 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-10 14:06:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x34f54 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-10 14:06:47 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-10 14:06:47 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 14:06:47 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-10 14:06:47 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12545 2015-04-10 14:07:00 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18883 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-10 14:07:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 14:07:22 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-10 14:07:25 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-10 17:56:51 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-10 17:56:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2015-04-10 17:56:51 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xaa06 Security Audit Success 12544 2015-04-10 17:56:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 17:56:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 17:56:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 17:56:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 17:56:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 17:56:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 17:56:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 17:56:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 17:56:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 17:56:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 17:56:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 17:56:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 17:56:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 17:56:57 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-10 17:56:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x184c1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 17:56:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x184eb Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x250 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 17:56:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 17:56:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x184c1 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-10 17:56:59 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-10 17:57:00 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-10 17:57:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x39107 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-10 17:57:58 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 17:57:58 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-10 17:57:59 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 17:57:59 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-10 17:58:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 17:58:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 17:58:18 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 17:58:18 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-10 17:58:33 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 17:58:33 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-10 17:58:44 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-10 17:58:44 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 17:58:44 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-10 17:59:47 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 17:59:47 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-10 18:01:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:01:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 18:05:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:05:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 18:05:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 18:05:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:05:39 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 18:05:39 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-10 18:06:20 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1680 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x26c3e7 Security Audit Success 13568 2015-04-10 18:06:20 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1680 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x26c3e7 Security Audit Success 12545 2015-04-10 18:36:25 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x184eb This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-10 18:36:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:36:27 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-10 18:36:33 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-10 18:37:21 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-10 18:37:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2015-04-10 18:37:22 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x9b01 Security Audit Success 12544 2015-04-10 18:37:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:37:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 18:37:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 18:37:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:37:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 18:37:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 18:37:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 18:37:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 18:37:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:37:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 18:37:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 18:37:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 18:37:31 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-10 18:37:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x184d3 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 18:37:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18646 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:37:31 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x184d3 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-10 18:37:32 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12544 2015-04-10 18:37:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:37:32 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-10 18:37:33 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-10 18:37:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x354af Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-10 18:38:14 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-10 18:38:14 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 18:38:14 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-10 18:38:14 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12545 2015-04-10 18:38:21 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18646 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12544 2015-04-10 18:38:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:38:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 18:38:47 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:38:47 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-10 18:38:49 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-10 18:40:22 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-10 18:40:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 18:40:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:40:22 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-10 18:40:22 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa52c Security Audit Success 12544 2015-04-10 18:40:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 18:40:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:40:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 18:40:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 18:40:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 18:40:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 18:40:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:40:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 18:40:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 18:40:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 18:40:26 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-10 18:40:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18323 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 18:40:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18557 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 18:40:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:40:26 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18323 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 18:40:26 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-10 18:40:27 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-10 18:40:28 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-10 18:40:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3fe01 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-10 18:41:05 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 18:41:05 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-10 18:41:06 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 18:41:06 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-10 18:41:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:41:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-10 18:41:59 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 18:41:59 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-10 18:42:10 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-10 18:42:10 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 18:42:10 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-10 18:42:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:42:21 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 18:43:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 18:43:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:43:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 18:43:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-10 18:43:10 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 18:43:10 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 13568 2015-04-10 18:43:25 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x13bc Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x1079f3 Security Audit Success 13568 2015-04-10 18:43:25 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x13bc Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x1079f3 Security Audit Success 12290 2015-04-10 18:44:16 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 18:44:16 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-10 18:47:48 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 18:47:48 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 19:30:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2015-04-10 19:30:10 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x18557 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12548 2015-04-10 19:30:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-10 19:30:15 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-10 19:35:36 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-10 19:35:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2015-04-10 19:35:36 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x9d9b Security Audit Success 12544 2015-04-10 19:35:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 19:35:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 19:35:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 19:35:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 19:35:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 19:35:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 19:35:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 19:35:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 19:35:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 19:35:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 19:35:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 19:35:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 19:35:44 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x228 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-10 19:35:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17806 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x228 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 19:35:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x1786e Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x228 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 19:35:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x17806 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2015-04-10 19:35:45 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-10 19:35:45 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-10 19:35:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 19:35:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 19:36:05 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x422d7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-10 19:36:23 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12290 2015-04-10 19:36:23 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 19:36:23 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12292 2015-04-10 19:36:23 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-10 19:37:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2015-04-10 19:37:01 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x1786e This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12548 2015-04-10 19:37:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 103 2015-04-10 19:37:08 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2015-04-10 19:37:50 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-10 19:37:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2015-04-10 19:37:50 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa388 Security Audit Success 12288 2015-04-10 19:39:39 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2015-04-10 19:39:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 19:39:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 19:39:39 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2015-04-10 19:39:39 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xb08d Security Audit Success 12544 2015-04-10 19:39:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 19:39:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 19:39:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 19:39:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 19:39:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 19:39:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 19:39:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 19:39:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 19:39:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 19:39:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2015-04-10 19:39:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 19:39:43 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: ALEX Account Domain: ALEX-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x25c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2015-04-10 19:39:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x185c0 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x25c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2015-04-10 19:39:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x186ba Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x25c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ALEX-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 19:39:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2015-04-10 19:39:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3593775987-478510106-1758812537-1001 Account Name: ALEX Account Domain: ALEX-PC Logon ID: 0x185c0 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 101 2015-04-10 19:39:44 Microsoft-Windows-Eventlog 1101: Audit events have been dropped by the transport. 0 Security Audit Success 12292 2015-04-10 19:39:44 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2015-04-10 19:39:45 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2015-04-10 19:40:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4224f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2015-04-10 19:40:25 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 19:40:25 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-10 19:40:26 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: localhost Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 19:40:26 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: localhost Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\119fad08d42ffa6d95dcd9b526e7a420_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-10 19:40:59 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 19:40:59 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2015-04-10 19:41:16 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 19:41:16 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 9d2dbbd5-df6c-4d36-a5e4-ea9a576fe762 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b862a1c307e78ce5128e5cd4cbe127b2_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-10 19:41:26 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2015-04-10 19:41:27 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 19:41:27 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2015-04-10 19:42:28 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2015-04-10 19:42:28 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {7B853F40-1309-453C-A60D-AC34249B71E3} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\3c42173e09880ed4a37c6464814d2d74_3012167c-0e5d-41e6-b6ca-03acde5bdf19 Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2015-04-10 19:57:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ALEX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2015-04-10 19:57:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege System Warning None 2015-04-04 12:51:33 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Error None 2015-04-04 13:06:29 Service Control Manager 7034: The Samsung Link Service service terminated unexpectedly. It has done this 1 time(s). System Warning None 2015-04-05 09:52:38 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Error None 2015-04-05 10:03:54 AtcL001 194: System Error None 2015-04-05 10:03:54 AtcL001 194: System Error None 2015-04-05 10:03:54 AtcL001 194: System Warning None 2015-04-05 10:04:26 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name gdata.youtube.com timed out after none of the configured DNS servers responded. System Warning 212 2015-04-05 10:05:56 SYSTEM Microsoft-Windows-Kernel-PnP 219: System Warning None 2015-04-05 10:06:21 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-05 13:15:06 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Warning None 2015-04-05 17:01:36 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Warning None 2015-04-06 11:17:03 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Error None 2015-04-06 11:19:53 Service Control Manager 7034: The Samsung Link Service service terminated unexpectedly. It has done this 1 time(s). System Error None 2015-04-06 11:24:25 DCOM 10010: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. System Error None 2015-04-06 11:24:25 Service Control Manager 7011: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service. System Error None 2015-04-06 11:25:44 DCOM 10010: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout. System Error None 2015-04-06 11:25:44 Service Control Manager 7011: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service. System Warning None 2015-04-06 13:01:10 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Error None 2015-04-06 13:06:57 Service Control Manager 7031: The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Error None 2015-04-06 13:06:57 Service Control Manager 7034: The Application Information service terminated unexpectedly. It has done this 1 time(s). System Error None 2015-04-06 13:06:57 Service Control Manager 7031: The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Error None 2015-04-06 13:06:57 Service Control Manager 7031: The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:06:57 Service Control Manager 7031: The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:06:57 Service Control Manager 7031: The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Error None 2015-04-06 13:06:57 Service Control Manager 7031: The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:06:57 Service Control Manager 7031: The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:06:57 Service Control Manager 7031: The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:06:57 Service Control Manager 7031: The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Error None 2015-04-06 13:06:57 Service Control Manager 7031: The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:06:57 Service Control Manager 7031: The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Error None 2015-04-06 13:06:57 Service Control Manager 7031: The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Error None 2015-04-06 13:06:57 Service Control Manager 7031: The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:06:57 Service Control Manager 7031: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Warning None 2015-04-06 13:06:58 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Error None 2015-04-06 13:07:04 Service Control Manager 7031: The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Error None 2015-04-06 13:07:04 Service Control Manager 7031: The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:07:04 Service Control Manager 7031: The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:07:04 Service Control Manager 7031: The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Error None 2015-04-06 13:07:04 Service Control Manager 7031: The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. System Error None 2015-04-06 13:07:04 Service Control Manager 7031: The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Error None 2015-04-06 13:07:04 Service Control Manager 7031: The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Error None 2015-04-06 13:07:04 Service Control Manager 7031: The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:07:04 Service Control Manager 7031: The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:07:04 Service Control Manager 7034: The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s). System Error None 2015-04-06 13:07:57 Service Control Manager 7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: %%1056 System Error None 2015-04-06 13:07:57 Service Control Manager 7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Themes service, but this action failed with the following error: %%1056 System Error None 2015-04-06 13:08:57 Service Control Manager 7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: %%1056 System Error None 2015-04-06 13:08:57 Service Control Manager 7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: %%1056 System Error None 2015-04-06 13:08:57 Service Control Manager 7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: %%1056 System Error None 2015-04-06 13:08:57 Service Control Manager 7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: %%1056 System Error None 2015-04-06 13:09:04 Service Control Manager 7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Desktop Window Manager Session Manager service, but this action failed with the following error: %%1056 System Error None 2015-04-06 13:10:27 DCOM 10010: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. System Error None 2015-04-06 13:10:27 Service Control Manager 7011: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service. System Error None 2015-04-06 13:10:33 Service Control Manager 7006: The ScRegSetValueExW call failed for Start with the following error: %%5 System Error None 2015-04-06 13:10:36 Service Control Manager 7006: The ScRegSetValueExW call failed for FailureCommand with the following error: %%5 System Error None 2015-04-06 13:12:01 Service Control Manager 7011: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service. System Error None 2015-04-06 13:13:16 EventLog 6008: The previous system shutdown at 13:12:20 on ?06.?04.?2015 was unexpected. System Warning None 2015-04-06 13:13:50 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Error None 2015-04-06 13:16:44 Service Control Manager 7031: The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Error None 2015-04-06 13:16:44 Service Control Manager 7034: The Application Information service terminated unexpectedly. It has done this 1 time(s). System Error None 2015-04-06 13:16:44 Service Control Manager 7031: The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Error None 2015-04-06 13:16:44 Service Control Manager 7031: The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:16:44 Service Control Manager 7031: The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:16:44 Service Control Manager 7031: The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Error None 2015-04-06 13:16:44 Service Control Manager 7031: The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:16:44 Service Control Manager 7031: The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:16:44 Service Control Manager 7031: The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:16:44 Service Control Manager 7031: The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Error None 2015-04-06 13:16:44 Service Control Manager 7031: The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:16:44 Service Control Manager 7031: The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Error None 2015-04-06 13:16:44 Service Control Manager 7031: The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Error None 2015-04-06 13:16:44 Service Control Manager 7031: The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. System Error None 2015-04-06 13:16:44 Service Control Manager 7031: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System Warning None 2015-04-06 13:16:46 Server 2512: The server service was unable to change the domain name from WORKGROUP to WORKGROUP. System Warning None 2015-04-06 13:16:46 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Error None 2015-04-06 13:17:44 Service Control Manager 7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: %%1056 System Error None 2015-04-06 13:17:44 Service Control Manager 7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: %%1056 System Error None 2015-04-06 13:17:44 Service Control Manager 7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: %%1056 System Error None 2015-04-06 13:18:44 Service Control Manager 7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: %%1056 System Error None 2015-04-06 13:18:44 Service Control Manager 7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: %%1056 System Error None 2015-04-06 13:18:44 Service Control Manager 7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: %%1056 System Error None 2015-04-06 13:18:44 Service Control Manager 7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: %%1056 System Error None 2015-04-06 13:21:11 AtcL001 194: System Error None 2015-04-06 13:21:11 AtcL001 194: System Error None 2015-04-06 13:21:11 AtcL001 194: System Error None 2015-04-06 13:21:11 AtcL001 194: System Error None 2015-04-06 13:21:11 AtcL001 194: System Error None 2015-04-06 13:21:12 AtcL001 194: System Error None 2015-04-06 13:21:12 AtcL001 194: System Warning None 2015-04-06 13:23:12 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name hamachi-dc.logmein-gateway.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 13:27:03 LOCAL SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name www.microsoft.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 13:27:03 LOCAL SERVICE Microsoft-Windows-DNS-Client 1006: The client was unable to validate the following as active DNS server(s) that can service this client. The server(s) may be temporarily unavailable, or may be incorrectly configured. 02000000C0A800010000000000000000 System Error None 2015-04-06 13:27:52 AtcL001 194: System Error None 2015-04-06 13:27:52 AtcL001 194: System Warning None 2015-04-06 13:28:37 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name ipv6.msftncsi.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 13:29:49 LOCAL SERVICE Microsoft-Windows-DNS-Client 1006: The client was unable to validate the following as active DNS server(s) that can service this client. The server(s) may be temporarily unavailable, or may be incorrectly configured. 02000000C0A800010000000000000000 System Warning None 2015-04-06 13:30:40 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded. System Error None 2015-04-06 13:30:52 AtcL001 194: System Error None 2015-04-06 13:30:52 AtcL001 194: System Error None 2015-04-06 13:30:52 AtcL001 194: System Error None 2015-04-06 13:30:52 AtcL001 194: System Warning None 2015-04-06 13:31:40 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name www.gstatic.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 13:32:19 LOCAL SERVICE Microsoft-Windows-DNS-Client 1006: The client was unable to validate the following as active DNS server(s) that can service this client. The server(s) may be temporarily unavailable, or may be incorrectly configured. 02000000C0A800010000000000000000 System Warning None 2015-04-06 13:32:51 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name gdata.youtube.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 13:32:58 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded. System Error None 2015-04-06 13:33:43 AtcL001 194: System Error None 2015-04-06 13:33:44 AtcL001 194: System Error None 2015-04-06 13:33:44 AtcL001 194: System Error None 2015-04-06 13:33:44 AtcL001 194: System Error None 2015-04-06 13:33:44 AtcL001 194: System Warning None 2015-04-06 13:34:27 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name www.microsoft.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 13:34:50 LOCAL SERVICE Microsoft-Windows-DNS-Client 1006: The client was unable to validate the following as active DNS server(s) that can service this client. The server(s) may be temporarily unavailable, or may be incorrectly configured. 02000000C0A800010000000000000000 System Warning None 2015-04-06 13:35:42 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded. System Error None 2015-04-06 13:36:39 AtcL001 194: System Error None 2015-04-06 13:36:39 AtcL001 194: System Error None 2015-04-06 13:36:39 AtcL001 194: System Error None 2015-04-06 13:36:39 AtcL001 194: System Error None 2015-04-06 13:36:40 AtcL001 194: System Error None 2015-04-06 13:36:40 AtcL001 194: System Error None 2015-04-06 13:36:40 AtcL001 194: System Error None 2015-04-06 13:36:40 AtcL001 194: System Warning None 2015-04-06 13:37:29 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 13:38:56 LOCAL SERVICE Microsoft-Windows-DNS-Client 1006: The client was unable to validate the following as active DNS server(s) that can service this client. The server(s) may be temporarily unavailable, or may be incorrectly configured. 02000000C0A800010000000000000000 System Warning None 2015-04-06 13:39:48 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 17:38:09 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Error None 2015-04-06 17:47:45 Service Control Manager 7006: The ScRegSetValueExW call failed for Start with the following error: %%5 System Error None 2015-04-06 17:47:51 Service Control Manager 7006: The ScRegSetValueExW call failed for FailureCommand with the following error: %%5 System Error None 2015-04-06 17:53:28 AtcL001 194: System Error None 2015-04-06 17:53:28 AtcL001 194: System Error None 2015-04-06 17:53:28 AtcL001 194: System Error None 2015-04-06 17:53:28 AtcL001 194: System Error None 2015-04-06 17:53:28 AtcL001 194: System Error None 2015-04-06 17:53:29 AtcL001 194: System Error None 2015-04-06 17:53:29 AtcL001 194: System Error None 2015-04-06 17:53:29 AtcL001 194: System Error None 2015-04-06 17:53:29 AtcL001 194: System Warning None 2015-04-06 17:53:55 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name gdata.youtube.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 17:54:29 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name www.microsoft.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 17:55:00 LOCAL SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name www.microsoft.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 17:55:00 LOCAL SERVICE Microsoft-Windows-DNS-Client 1006: The client was unable to validate the following as active DNS server(s) that can service this client. The server(s) may be temporarily unavailable, or may be incorrectly configured. 02000000C0A800010000000000000000 System Warning None 2015-04-06 17:55:45 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name www.geekstogo.com timed out after none of the configured DNS servers responded. System Error None 2015-04-06 18:05:32 DCOM 10010: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. System Warning None 2015-04-06 18:06:52 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Warning None 2015-04-06 18:18:33 ALEX USER32 1073: The attempt by user ALEX-PC\ALEX to restart/shutdown computer ALEX-PC failed System Warning None 2015-04-06 18:42:21 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name www.minecraft-romania.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 19:00:33 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Error None 2015-04-06 19:19:56 Service Control Manager 7034: The Samsung Link Service service terminated unexpectedly. It has done this 1 time(s). System Warning None 2015-04-06 19:41:36 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name mtalk.google.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 19:41:39 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name mtalk.google.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 19:41:41 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name hamachi-dc.logmein-gateway.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 19:41:44 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name mtalk.google.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 19:41:48 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 19:41:49 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-06 19:41:51 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name www.google.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-07 07:56:21 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Warning None 2015-04-07 10:21:53 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Error None 2015-04-07 10:31:39 Service Control Manager 7006: The ScRegSetValueExW call failed for Start with the following error: %%5 System Error None 2015-04-07 10:31:53 Service Control Manager 7006: The ScRegSetValueExW call failed for FailureCommand with the following error: %%5 System Warning None 2015-04-07 12:21:12 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Error None 2015-04-07 12:30:52 Service Control Manager 7006: The ScRegSetValueExW call failed for Start with the following error: %%5 System Error None 2015-04-07 12:30:57 Service Control Manager 7006: The ScRegSetValueExW call failed for FailureCommand with the following error: %%5 System Error None 2015-04-07 13:47:28 Service Control Manager 7034: The Samsung Link Service service terminated unexpectedly. It has done this 1 time(s). System Warning None 2015-04-07 18:15:29 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Error None 2015-04-07 18:25:08 Service Control Manager 7006: The ScRegSetValueExW call failed for Start with the following error: %%5 System Error None 2015-04-07 18:25:21 Service Control Manager 7006: The ScRegSetValueExW call failed for FailureCommand with the following error: %%5 System Warning None 2015-04-08 11:41:09 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Error None 2015-04-08 12:15:03 EventLog 6008: The previous system shutdown at 12:13:25 on ?08.?04.?2015 was unexpected. System Warning None 2015-04-08 12:15:40 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Error None 2015-04-08 12:16:49 Service Control Manager 7034: The Samsung Link Service service terminated unexpectedly. It has done this 1 time(s). System Error None 2015-04-08 12:25:13 Service Control Manager 7006: The ScRegSetValueExW call failed for Start with the following error: %%5 System Error None 2015-04-08 12:25:16 Service Control Manager 7006: The ScRegSetValueExW call failed for FailureCommand with the following error: %%5 System Warning None 2015-04-08 17:57:32 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Error None 2015-04-08 18:06:55 Service Control Manager 7006: The ScRegSetValueExW call failed for Start with the following error: %%5 System Error None 2015-04-08 18:07:37 Service Control Manager 7006: The ScRegSetValueExW call failed for FailureCommand with the following error: %%5 System Warning None 2015-04-09 10:29:40 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Warning 212 2015-04-09 10:30:17 SYSTEM Microsoft-Windows-Kernel-PnP 219: System Error None 2015-04-09 10:42:26 Service Control Manager 7034: The Samsung Link Service service terminated unexpectedly. It has done this 1 time(s). System Error None 2015-04-09 11:01:23 Service Control Manager 7034: The Samsung Link Service service terminated unexpectedly. It has done this 2 time(s). System Warning None 2015-04-09 11:10:55 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name www.forceds.ro timed out after none of the configured DNS servers responded. System Warning None 2015-04-09 11:11:25 Microsoft Antimalware 1116: Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:IRC/Generic&threatid=2147600687 Name: Worm:IRC/Generic ID: 2147600687 Severity: Severe Category: Worm Path: containerfile:_C:\Users\ALEX\Desktop\TrivBot2002ro.zip;file:_C:\Users\ALEX\Desktop\TrivBot2002ro.zip->Trivbot2002r/dialog.ini;webfile:_C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{EA33DE33-EF1C-40F7-88AA-B0463F229C13}-TrivBot2002ro.zip|http://www.adyspeed.3x.ro/Download/TrivBot2002ro.zip;webfile:_C:\Users\ALEX\Desktop\TrivBot2002ro.zip|http://www.adyspeed.3x.ro/Download/TrivBot2002ro.zip Detection Origin: Internet Detection Type: Concrete Detection Source: Downloads and attachments User: ALEX-PC\ALEX Process Name: Unknown Signature Version: AV: 1.195.2452.0, AS: 1.195.2452.0, NIS: 114.3.0.0 Engine Version: AM: 1.1.11502.0, NIS: 2.1.11502.0 System Warning None 2015-04-09 11:14:10 Microsoft Antimalware 1116: Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:IRC/Generic&threatid=2147600687 Name: Worm:IRC/Generic ID: 2147600687 Severity: Severe Category: Worm Path: containerfile:_C:\Users\ALEX\Desktop\TrivBot2002ro.zip;file:_C:\Users\ALEX\Desktop\TrivBot2002ro.zip->Trivbot2002r/dialog.ini;webfile:_C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{54E634CF-8E9B-4071-AD01-01CA1A895857}-TrivBot2002ro.zip|http://www.adyspeed.3x.ro/Download/TrivBot2002ro.zip;webfile:_C:\Users\ALEX\Desktop\TrivBot2002ro.zip|http://www.adyspeed.3x.ro/Download/TrivBot2002ro.zip Detection Origin: Internet Detection Type: Concrete Detection Source: Downloads and attachments User: ALEX-PC\ALEX Process Name: Unknown Signature Version: AV: 1.195.2452.0, AS: 1.195.2452.0, NIS: 114.3.0.0 Engine Version: AM: 1.1.11502.0, NIS: 2.1.11502.0 System Warning None 2015-04-09 13:35:56 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Error None 2015-04-09 13:45:13 Service Control Manager 7006: The ScRegSetValueExW call failed for Start with the following error: %%5 System Error None 2015-04-09 13:45:20 Service Control Manager 7006: The ScRegSetValueExW call failed for FailureCommand with the following error: %%5 System Warning None 2015-04-09 14:01:49 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name mtalk.google.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-09 14:01:52 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name mtalk.google.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-09 14:02:02 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-09 14:02:04 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name www.msftncsi.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-09 14:02:06 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name ipv6.msftncsi.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-09 15:02:33 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Warning None 2015-04-09 16:13:22 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Warning None 2015-04-10 09:53:56 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Warning None 2015-04-10 10:33:14 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name zenobank.com timed out after none of the configured DNS servers responded. System Warning None 2015-04-10 10:36:06 Microsoft Antimalware 1116: Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Gendows&threatid=2147646077 Name: HackTool:Win32/Gendows ID: 2147646077 Severity: Medium Category: Tool Path: file:_D:\BitComet\Downloads\Windows Loader v2.2.1-Daz\Windows Loader.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: ALEX-PC\ALEX Process Name: D:\utorrent\uTorrent.exe Signature Version: AV: 1.195.2452.0, AS: 1.195.2452.0, NIS: 114.3.0.0 Engine Version: AM: 1.1.11502.0, NIS: 2.1.11502.0 System Error None 2015-04-10 12:34:06 Service Control Manager 7034: The Samsung Link Service service terminated unexpectedly. It has done this 1 time(s). System Warning 212 2015-04-10 12:35:30 SYSTEM Microsoft-Windows-Kernel-PnP 219: System Warning None 2015-04-10 13:21:10 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Warning 212 2015-04-10 13:22:11 SYSTEM Microsoft-Windows-Kernel-PnP 219: System Error None 2015-04-10 13:38:19 Disk 11: The driver detected a controller error on \Device\Harddisk1\DR1. System Error None 2015-04-10 13:38:20 Disk 11: The driver detected a controller error on \Device\Harddisk1\DR1. System Error None 2015-04-10 13:38:20 Disk 11: The driver detected a controller error on \Device\Harddisk1\DR1. System Error None 2015-04-10 13:38:21 Disk 11: The driver detected a controller error on \Device\Harddisk1\DR1. System Error None 2015-04-10 13:38:21 Disk 11: The driver detected a controller error on \Device\Harddisk1\DR1. System Error None 2015-04-10 13:55:33 Disk 11: The driver detected a controller error on \Device\Harddisk1\DR1. System Error None 2015-04-10 13:55:34 Disk 11: The driver detected a controller error on \Device\Harddisk1\DR1. System Error None 2015-04-10 13:55:34 Disk 11: The driver detected a controller error on \Device\Harddisk1\DR1. System Error None 2015-04-10 13:55:35 Disk 11: The driver detected a controller error on \Device\Harddisk1\DR1. System Error None 2015-04-10 13:55:35 Disk 11: The driver detected a controller error on \Device\Harddisk1\DR1. System Warning None 2015-04-10 14:06:22 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Warning None 2015-04-10 17:57:16 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Warning 212 2015-04-10 17:58:19 SYSTEM Microsoft-Windows-Kernel-PnP 219: System Warning None 2015-04-10 18:37:48 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Warning 212 2015-04-10 18:38:47 SYSTEM Microsoft-Windows-Kernel-PnP 219: System Warning None 2015-04-10 18:40:43 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Warning 212 2015-04-10 18:41:42 SYSTEM Microsoft-Windows-Kernel-PnP 219: System Error None 2015-04-10 18:49:45 Service Control Manager 7011: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service. System Error None 2015-04-10 18:50:15 Service Control Manager 7011: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. System Error None 2015-04-10 18:50:16 Disk 11: The driver detected a controller error on \Device\Harddisk1\DR2. System Warning None 2015-04-10 18:51:27 Disk 51: An error was detected on device \Device\Harddisk1\DR2 during a paging operation. System Warning None 2015-04-10 19:35:46 Disk 51: An error was detected on device \Device\Harddisk1\DR1 during a paging operation. System Warning None 2015-04-10 19:36:06 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Warning 212 2015-04-10 19:37:03 SYSTEM Microsoft-Windows-Kernel-PnP 219: System Error None 2015-04-10 19:39:42 EventLog 6008: The previous system shutdown at 19:37:53 on ?10.?04.?2015 was unexpected. System Warning None 2015-04-10 19:40:00 Server 2511: The server service was unable to recreate the share My Apps because the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps no longer exists. Please run "net share My Apps /delete" to delete the share, or recreate the directory D:\Programe\Bluestacks\BlueStacks\UserData\Library\My Apps. System Warning 212 2015-04-10 19:41:01 SYSTEM Microsoft-Windows-Kernel-PnP 219: --------[ Database Software ]------------------------------------------------------------------------------------------- Database Drivers: Borland Database Engine - Borland InterBase Client - Easysoft ODBC-InterBase 6 - Easysoft ODBC-InterBase 7 - Firebird Client - Jet Engine 4.00.9756.0 MDAC 6.1.7601.17514 (win7sp1_rtm.101119-1850) ODBC 6.1.7601.17514 (win7sp1_rtm.101119-1850) MySQL Connector/ODBC - Oracle Client - PsqlODBC - Sybase ASE ODBC - Database Servers: Borland InterBase Server - Firebird Server - Microsoft SQL Server - Microsoft SQL Server Compact Edition 3.00.5300.0 Microsoft SQL Server Express Edition - MySQL Server - Oracle Server - PostgreSQL Server - Sybase SQL Server - --------[ ODBC Drivers ]------------------------------------------------------------------------------------------------ Driver da Microsoft para arquivos texto (*.txt; *.csv) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.,*.asc,*.csv,*.tab,*.txt,*.csv Driver do Microsoft Access (*.mdb) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.mdb [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] Driver do Microsoft Excel(*.xls) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.xls Driver do Microsoft Paradox (*.db ) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.db [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] Microsoft Access dBASE Driver (*.dbf, *.ndx, *.mdx) aceodbc.dll 14.0.4732.1000 *.dbf, *.ndx, *.mdx Microsoft Access Driver (*.mdb) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.mdb [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] Microsoft Access Text Driver (*.txt, *.csv) aceodbc.dll 14.0.4732.1000 *.txt, *.csv Microsoft Access-Treiber (*.mdb) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.mdb [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] Microsoft dBase VFP Driver (*.dbf) vfpodbc.dll 1.0.2.0 *.dbf,*.cdx,*.idx,*.fpt Microsoft dBase-Treiber (*.dbf) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.dbf,*.ndx,*.mdx [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] Microsoft Excel Driver (*.xls, *.xlsx, *.xlsm, *.xlsb) aceodbc.dll 14.0.4732.1000 *.xls,*.xlsx, *.xlsb Microsoft Excel-Treiber (*.xls) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.xls [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] Microsoft ODBC for Oracle msorcl32.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) Microsoft Paradox Driver (*.db ) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.db [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] Microsoft Text Driver (*.txt; *.csv) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.,*.asc,*.csv,*.tab,*.txt,*.csv Microsoft Text-Treiber (*.txt; *.csv) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.,*.asc,*.csv,*.tab,*.txt,*.csv [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] Microsoft Visual FoxPro-Treiber vfpodbc.dll 1.0.2.0 *.dbf,*.cdx,*.idx,*.fpt SQL Server sqlsrv32.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) --------[ ODBC Data Sources ]------------------------------------------------------------------------------------------- dBASE Files Microsoft Access dBASE Driver (*.dbf, *.ndx, *.mdx) User aceodbc.dll Excel Files Microsoft Excel Driver (*.xls, *.xlsx, *.xlsm, *.xlsb) User aceodbc.dll MS Access Database Microsoft Access Driver (*.mdb, *.accdb) User aceodbc.dll --------[ Memory Read ]------------------------------------------------------------------------------------------------- 6x Core i7-4930K HT 3400 MHz Gigabyte GA-X79-UD3 X79 Quad DDR3-1866 9-10-9-27 CR2 52561 MB/s 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 45640 MB/s 6x Core i7-5820K HT 3300 MHz Gigabyte GA-X99-UD4 X99 Quad DDR4-2133 15-15-15-36 CR2 42841 MB/s 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 38087 MB/s 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 26472 MB/s 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 26305 MB/s 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 23630 MB/s 4x Xeon E3-1245 v3 HT 3400 MHz Supermicro X10SAE C226 Int. Dual DDR3-1600 11-11-11-28 CR1 23131 MB/s 4x Core i7-4770 HT 3400 MHz Intel DZ87KLT-75K Z87 Int. Dual DDR3-1600 9-9-9-27 CR2 23089 MB/s 8x Atom C2750 2400 MHz Supermicro A1SAi-2750F Avoton Dual DDR3-1600 11-11-11-28 CR1 21570 MB/s 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 21525 MB/s 4x A10-5800K 3800 MHz Asus F2A55-M A55 Int. Dual DDR3-1866 9-10-9-27 CR2 21522 MB/s 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 21426 MB/s 4x A10-6800K 4100 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-2133 9-11-10-27 CR2 21184 MB/s 4x A10-7850K 3700 MHz Gigabyte GA-F2A88XM-D3H A88X Int. Dual DDR3-2133 9-11-10-31 CR2 21092 MB/s 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 19981 MB/s 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 19661 MB/s 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 19097 MB/s 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 17907 MB/s 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 16607 MB/s 6x Phenom II X6 Black 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 14977 MB/s 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 13835 MB/s 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 12074 MB/s 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 11239 MB/s 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 10333 MB/s 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 10142 MB/s 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 9607 MB/s 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 9005 MB/s 4x Athlon 5350 2050 MHz ASRock AM1B-ITX Yangtze Int. DDR3-1600 SDRAM 11-11-11-28 CR2 8679 MB/s 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 8395 MB/s 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 8078 MB/s P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 7967 MB/s 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 7838 MB/s 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 7572 MB/s 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 7535 MB/s 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 6938 MB/s 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 6563 MB/s 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 6320 MB/s Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 6216 MB/s 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 6210 MB/s 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 6072 MB/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 6035 MB/s Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 5366 MB/s 2x Core Duo T2500 2000 MHz Asus N4L-VM DH i945GT Int. Dual DDR2-667 5-5-5-15 4826 MB/s 2x Core 2 Duo E4400 2000 MHz [ TRIAL VERSION ] i945P Dual DDR2-667 5-5-5-15 4642 MB/s 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 4547 MB/s P4EE 3466 MHz ASRock 775Dual-880Pro PT880Pro Dual DDR2-400 3-3-3-8 CR2 4387 MB/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 3931 MB/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 3917 MB/s 2x Xeon 3066 MHz Asus PCH-DL i875P + PAT Dual DDR333 2.5-3-3-7 3871 MB/s Pentium M 730 1600 MHz AOpen i915Ga-HFS i915G Int. Dual DDR2-533 4-4-4-12 3715 MB/s 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 3657 MB/s Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 3640 MB/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 3467 MB/s P4 2400 MHz Abit SI7 SiSR658 Dual PC1066 RDRAM - 3413 MB/s 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 3328 MB/s AthlonXP 3200+ 2200 MHz Asus A7N8X-E nForce2-U400 Dual DDR400 2.5-4-4-8 CR1 2979 MB/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 2945 MB/s P4 2800 MHz MSI 848P Neo-S i848P DDR400 SDRAM 2.5-3-3-8 2903 MB/s Celeron 2000 MHz Gigabyte GA-8TRS350MT RS350 Int. Dual DDR400 2-2-4-6 CR1 2765 MB/s P4 1600 MHz Abit TH7II i850 Dual PC800 RDRAM - 2751 MB/s Celeron 215 1333 MHz Intel D201GLY SiS662 Int. DDR2-533 5-4-4-12 2687 MB/s Celeron M 320 1300 MHz DFI 855GME-MGF i855GME Int. DDR333 SDRAM 2.5-3-3-7 2462 MB/s Duron 1600 MHz MSI KT6V-LSR KT600 DDR400 SDRAM 3-3-3-8 CR2 1994 MB/s Efficeon 8600 1000 MHz ECS 532 Notebook Efficeon DDR266 SDRAM 1926 MB/s Athlon 1400 MHz PCChips M817LMR MAGiK1 DDR266 SDRAM 2-2-2-6 1279 MB/s Duron 600 MHz Abit KG7-Lite AMD-760 DDR200R SDRAM 2-2-2-5 1126 MB/s C7 1500 MHz VIA EPIA EN CN700 Int. DDR2-533 SDRAM 4-4-4-12 CR2 1110 MB/s 2x PIII-E 733 MHz Tyan Thunder 2500 ServerSet3HE PC133R SDRAM 3-3-3-6 1047 MB/s Celeron 1700 MHz Asus P4B i845 PC133 SDRAM 3-3-3-6 1042 MB/s 2x PIII-S 1266 MHz MSI Pro266TD Master-LR ApolloPro266TD DDR266 SDRAM 2-3-3-6 CR2 1041 MB/s AthlonXP 1600+ 1400 MHz Acorp 7KMM1 KM133A Int. PC133 SDRAM 3-3-3-6 932 MB/s Crusoe 5800 1000 MHz ECS A530 DeskNote Crusoe DDR266 SDRAM 893 MB/s Athlon 750 MHz Epox EP-7KXA KX133 PC133 SDRAM 3-3-3-6 763 MB/s C3 1333 MHz VIA EPIA SP CN400 Int. DDR400 SDRAM 3-3-3-8 CR2 695 MB/s 2x PIII 500 MHz Epox KP6-BS i440BX PC100R SDRAM 3-3-3-? 621 MB/s C3 800 MHz VIA EPIA PLE133 Int. PC133 SDRAM 3-3-3-6 604 MB/s PIII 450 MHz Asus P3C-S i820 PC600 RDRAM - 525 MB/s 2x PII 333 MHz Intel DK440LX i440LX PC66 SDRAM 3-2-2-? 371 MB/s Celeron 266 MHz Epox P2-100B ApolloPro PC66 SDRAM 3-2-2-5 360 MB/s K6-III 400 MHz Epox EP-MVP3G-M MVP3 PC100 SDRAM 2-2-2-5 262 MB/s 2x PentiumPro 200 MHz Compaq ProLiant 800 i440FX Dual EDO - 259 MB/s 2x PentiumMMX 200 MHz Gigabyte GA-586DX i430HX Dual EDO - 231 MB/s Pentium 166 MHz Asus TX97-X i430TX PC66 SDRAM 2-2-3-4 228 MB/s K5 PR166 116 MHz Asus P5A ALADDiN5 PC66 SDRAM 2-2-2-6 167 MB/s K6-2 333 MHz Amptron PM-9100LMR SiS5597 Ext. PC66 SDRAM 3-3-3-6 149 MB/s Celeron 700 MHz PCChips M758LT SiS630ET Int. PC100 SDRAM 3-3-3-6 116 MB/s MediaGXm 233 MHz ALD NPC6836 Cx5520 PC60 SDRAM 3-3-3-6 112 MB/s --------[ Memory Write ]------------------------------------------------------------------------------------------------ 6x Core i7-4930K HT 3400 MHz Gigabyte GA-X79-UD3 X79 Quad DDR3-1866 9-10-9-27 CR2 53221 MB/s 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 46057 MB/s 6x Core i7-5820K HT 3300 MHz Gigabyte GA-X99-UD4 X99 Quad DDR4-2133 15-15-15-36 CR2 45466 MB/s 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 27407 MB/s 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 24109 MB/s 4x Xeon E3-1245 v3 HT 3400 MHz Supermicro X10SAE C226 Int. Dual DDR3-1600 11-11-11-28 CR1 23244 MB/s 4x Core i7-4770 HT 3400 MHz Intel DZ87KLT-75K Z87 Int. Dual DDR3-1600 9-9-9-27 CR2 22972 MB/s 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 19334 MB/s 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 18145 MB/s 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 17573 MB/s 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 17100 MB/s 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 16692 MB/s 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 14910 MB/s 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 14814 MB/s 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 13225 MB/s 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 12788 MB/s 4x A10-7850K 3700 MHz Gigabyte GA-F2A88XM-D3H A88X Int. Dual DDR3-2133 9-11-10-31 CR2 12332 MB/s 8x Atom C2750 2400 MHz Supermicro A1SAi-2750F Avoton Dual DDR3-1600 11-11-11-28 CR1 12298 MB/s 4x A10-6800K 4100 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-2133 9-11-10-27 CR2 10444 MB/s 4x A10-5800K 3800 MHz Asus F2A55-M A55 Int. Dual DDR3-1866 9-10-9-27 CR2 10109 MB/s 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 9971 MB/s 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 8909 MB/s 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 8867 MB/s 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 7833 MB/s Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 7526 MB/s 6x Phenom II X6 Black 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 7443 MB/s 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 7104 MB/s 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 7097 MB/s 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 6712 MB/s 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 5663 MB/s P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 5651 MB/s 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 5641 MB/s 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 5633 MB/s 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 5471 MB/s P4EE 3466 MHz ASRock 775Dual-880Pro PT880Pro Dual DDR2-400 3-3-3-8 CR2 5432 MB/s 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 4875 MB/s 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 4832 MB/s 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 4714 MB/s 4x Athlon 5350 2050 MHz ASRock AM1B-ITX Yangtze Int. DDR3-1600 SDRAM 11-11-11-28 CR2 4702 MB/s 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 4260 MB/s 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 4233 MB/s 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 4162 MB/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 4106 MB/s 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 4050 MB/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 3823 MB/s 2x Core 2 Duo E4400 2000 MHz [ TRIAL VERSION ] i945P Dual DDR2-667 5-5-5-15 3658 MB/s Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 3589 MB/s 2x Core Duo T2500 2000 MHz Asus N4L-VM DH i945GT Int. Dual DDR2-667 5-5-5-15 3553 MB/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 3163 MB/s AthlonXP 3200+ 2200 MHz Asus A7N8X-E nForce2-U400 Dual DDR400 2.5-4-4-8 CR1 3119 MB/s P4 2800 MHz MSI 848P Neo-S i848P DDR400 SDRAM 2.5-3-3-8 2886 MB/s P4 2400 MHz Abit SI7 SiSR658 Dual PC1066 RDRAM - 2845 MB/s 2x Xeon 3066 MHz Asus PCH-DL i875P + PAT Dual DDR333 2.5-3-3-7 2838 MB/s Pentium M 730 1600 MHz AOpen i915Ga-HFS i915G Int. Dual DDR2-533 4-4-4-12 2837 MB/s Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 2836 MB/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 2813 MB/s 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 2484 MB/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 2364 MB/s 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 2330 MB/s Celeron 2000 MHz Gigabyte GA-8TRS350MT RS350 Int. Dual DDR400 2-2-4-6 CR1 2151 MB/s P4 1600 MHz Abit TH7II i850 Dual PC800 RDRAM - 2134 MB/s Celeron M 320 1300 MHz DFI 855GME-MGF i855GME Int. DDR333 SDRAM 2.5-3-3-7 2134 MB/s Duron 1600 MHz MSI KT6V-LSR KT600 DDR400 SDRAM 3-3-3-8 CR2 1944 MB/s Celeron 215 1333 MHz Intel D201GLY SiS662 Int. DDR2-533 5-4-4-12 1882 MB/s C7 1500 MHz VIA EPIA EN CN700 Int. DDR2-533 SDRAM 4-4-4-12 CR2 1590 MB/s Athlon 1400 MHz PCChips M817LMR MAGiK1 DDR266 SDRAM 2-2-2-6 1323 MB/s Duron 600 MHz Abit KG7-Lite AMD-760 DDR200R SDRAM 2-2-2-5 1194 MB/s C3 1333 MHz VIA EPIA SP CN400 Int. DDR400 SDRAM 3-3-3-8 CR2 1047 MB/s Celeron 1700 MHz Asus P4B i845 PC133 SDRAM 3-3-3-6 1040 MB/s 2x PIII-S 1266 MHz MSI Pro266TD Master-LR ApolloPro266TD DDR266 SDRAM 2-3-3-6 CR2 1040 MB/s Athlon 750 MHz Epox EP-7KXA KX133 PC133 SDRAM 3-3-3-6 1026 MB/s AthlonXP 1600+ 1400 MHz Acorp 7KMM1 KM133A Int. PC133 SDRAM 3-3-3-6 943 MB/s 2x PIII-E 733 MHz Tyan Thunder 2500 ServerSet3HE PC133R SDRAM 3-3-3-6 840 MB/s 2x PIII 500 MHz Epox KP6-BS i440BX PC100R SDRAM 3-3-3-? 769 MB/s PIII 450 MHz Asus P3C-S i820 PC600 RDRAM - 752 MB/s Efficeon 8600 1000 MHz ECS 532 Notebook Efficeon DDR266 SDRAM 751 MB/s Crusoe 5800 1000 MHz ECS A530 DeskNote Crusoe DDR266 SDRAM 355 MB/s 2x PII 333 MHz Intel DK440LX i440LX PC66 SDRAM 3-2-2-? 213 MB/s C3 800 MHz VIA EPIA PLE133 Int. PC133 SDRAM 3-3-3-6 181 MB/s 2x PentiumMMX 200 MHz Gigabyte GA-586DX i430HX Dual EDO - 177 MB/s Celeron 700 MHz PCChips M758LT SiS630ET Int. PC100 SDRAM 3-3-3-6 171 MB/s Pentium 166 MHz Asus TX97-X i430TX PC66 SDRAM 2-2-3-4 149 MB/s Celeron 266 MHz Epox P2-100B ApolloPro PC66 SDRAM 3-2-2-5 139 MB/s K6-III 400 MHz Epox EP-MVP3G-M MVP3 PC100 SDRAM 2-2-2-5 126 MB/s 2x PentiumPro 200 MHz Compaq ProLiant 800 i440FX Dual EDO - 87 MB/s K6-2 333 MHz Amptron PM-9100LMR SiS5597 Ext. PC66 SDRAM 3-3-3-6 76 MB/s MediaGXm 233 MHz ALD NPC6836 Cx5520 PC60 SDRAM 3-3-3-6 70 MB/s K5 PR166 116 MHz Asus P5A ALADDiN5 PC66 SDRAM 2-2-2-6 65 MB/s --------[ Memory Copy ]------------------------------------------------------------------------------------------------- 6x Core i7-4930K HT 3400 MHz Gigabyte GA-X79-UD3 X79 Quad DDR3-1866 9-10-9-27 CR2 50540 MB/s 6x Core i7-5820K HT 3300 MHz Gigabyte GA-X99-UD4 X99 Quad DDR4-2133 15-15-15-36 CR2 45344 MB/s 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 42756 MB/s 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 35029 MB/s 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 24271 MB/s 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 23088 MB/s 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 22890 MB/s 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 22344 MB/s 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 21465 MB/s 4x Core i7-4770 HT 3400 MHz Intel DZ87KLT-75K Z87 Int. Dual DDR3-1600 9-9-9-27 CR2 21292 MB/s 4x Xeon E3-1245 v3 HT 3400 MHz Supermicro X10SAE C226 Int. Dual DDR3-1600 11-11-11-28 CR1 20969 MB/s 4x A10-7850K 3700 MHz Gigabyte GA-F2A88XM-D3H A88X Int. Dual DDR3-2133 9-11-10-31 CR2 20806 MB/s 4x A10-6800K 4100 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-2133 9-11-10-27 CR2 18377 MB/s 4x A10-5800K 3800 MHz Asus F2A55-M A55 Int. Dual DDR3-1866 9-10-9-27 CR2 18034 MB/s 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 17426 MB/s 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 17403 MB/s 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 17395 MB/s 8x Atom C2750 2400 MHz Supermicro A1SAi-2750F Avoton Dual DDR3-1600 11-11-11-28 CR1 16693 MB/s 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 15611 MB/s 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 13979 MB/s 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 13950 MB/s 6x Phenom II X6 Black 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 13272 MB/s 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 12982 MB/s 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 9969 MB/s 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 9690 MB/s 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 9015 MB/s 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 8522 MB/s 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 8006 MB/s 4x Athlon 5350 2050 MHz ASRock AM1B-ITX Yangtze Int. DDR3-1600 SDRAM 11-11-11-28 CR2 7694 MB/s 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 7378 MB/s 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 6997 MB/s 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 6816 MB/s 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 6356 MB/s P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 6292 MB/s Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 5778 MB/s 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 5537 MB/s 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 5476 MB/s 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 5292 MB/s 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 4995 MB/s 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 4922 MB/s 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 4825 MB/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 4564 MB/s 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 4277 MB/s Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 4195 MB/s 2x Core Duo T2500 2000 MHz Asus N4L-VM DH i945GT Int. Dual DDR2-667 5-5-5-15 3968 MB/s 2x Core 2 Duo E4400 2000 MHz [ TRIAL VERSION ] i945P Dual DDR2-667 5-5-5-15 3962 MB/s P4EE 3466 MHz ASRock 775Dual-880Pro PT880Pro Dual DDR2-400 3-3-3-8 CR2 3955 MB/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 3803 MB/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 3376 MB/s 2x Xeon 3066 MHz Asus PCH-DL i875P + PAT Dual DDR333 2.5-3-3-7 3206 MB/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 3201 MB/s Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 3072 MB/s AthlonXP 3200+ 2200 MHz Asus A7N8X-E nForce2-U400 Dual DDR400 2.5-4-4-8 CR1 3026 MB/s 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 2992 MB/s 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 2984 MB/s Pentium M 730 1600 MHz AOpen i915Ga-HFS i915G Int. Dual DDR2-533 4-4-4-12 2981 MB/s P4 2400 MHz Abit SI7 SiSR658 Dual PC1066 RDRAM - 2706 MB/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 2610 MB/s P4 2800 MHz MSI 848P Neo-S i848P DDR400 SDRAM 2.5-3-3-8 2595 MB/s P4 1600 MHz Abit TH7II i850 Dual PC800 RDRAM - 2206 MB/s Celeron 2000 MHz Gigabyte GA-8TRS350MT RS350 Int. Dual DDR400 2-2-4-6 CR1 2186 MB/s Celeron 215 1333 MHz Intel D201GLY SiS662 Int. DDR2-533 5-4-4-12 2162 MB/s Celeron M 320 1300 MHz DFI 855GME-MGF i855GME Int. DDR333 SDRAM 2.5-3-3-7 2089 MB/s Duron 1600 MHz MSI KT6V-LSR KT600 DDR400 SDRAM 3-3-3-8 CR2 1949 MB/s C7 1500 MHz VIA EPIA EN CN700 Int. DDR2-533 SDRAM 4-4-4-12 CR2 1259 MB/s Athlon 1400 MHz PCChips M817LMR MAGiK1 DDR266 SDRAM 2-2-2-6 1253 MB/s Duron 600 MHz Abit KG7-Lite AMD-760 DDR200R SDRAM 2-2-2-5 1175 MB/s Celeron 1700 MHz Asus P4B i845 PC133 SDRAM 3-3-3-6 1024 MB/s 2x PIII-S 1266 MHz MSI Pro266TD Master-LR ApolloPro266TD DDR266 SDRAM 2-3-3-6 CR2 1022 MB/s AthlonXP 1600+ 1400 MHz Acorp 7KMM1 KM133A Int. PC133 SDRAM 3-3-3-6 942 MB/s 2x PIII-E 733 MHz Tyan Thunder 2500 ServerSet3HE PC133R SDRAM 3-3-3-6 915 MB/s Athlon 750 MHz Epox EP-7KXA KX133 PC133 SDRAM 3-3-3-6 854 MB/s C3 1333 MHz VIA EPIA SP CN400 Int. DDR400 SDRAM 3-3-3-8 CR2 743 MB/s Efficeon 8600 1000 MHz ECS 532 Notebook Efficeon DDR266 SDRAM 662 MB/s PIII 450 MHz Asus P3C-S i820 PC600 RDRAM - 580 MB/s 2x PIII 500 MHz Epox KP6-BS i440BX PC100R SDRAM 3-3-3-? 549 MB/s Crusoe 5800 1000 MHz ECS A530 DeskNote Crusoe DDR266 SDRAM 488 MB/s C3 800 MHz VIA EPIA PLE133 Int. PC133 SDRAM 3-3-3-6 241 MB/s 2x PII 333 MHz Intel DK440LX i440LX PC66 SDRAM 3-2-2-? 222 MB/s 2x PentiumMMX 200 MHz Gigabyte GA-586DX i430HX Dual EDO - 198 MB/s Pentium 166 MHz Asus TX97-X i430TX PC66 SDRAM 2-2-3-4 181 MB/s K6-III 400 MHz Epox EP-MVP3G-M MVP3 PC100 SDRAM 2-2-2-5 160 MB/s Celeron 266 MHz Epox P2-100B ApolloPro PC66 SDRAM 3-2-2-5 142 MB/s Celeron 700 MHz PCChips M758LT SiS630ET Int. PC100 SDRAM 3-3-3-6 139 MB/s 2x PentiumPro 200 MHz Compaq ProLiant 800 i440FX Dual EDO - 132 MB/s K6-2 333 MHz Amptron PM-9100LMR SiS5597 Ext. PC66 SDRAM 3-3-3-6 100 MB/s MediaGXm 233 MHz ALD NPC6836 Cx5520 PC60 SDRAM 3-3-3-6 85 MB/s K5 PR166 116 MHz Asus P5A ALADDiN5 PC66 SDRAM 2-2-2-6 81 MB/s --------[ Memory Latency ]---------------------------------------------------------------------------------------------- Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 54.9 ns Core i7-3770K 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 57.6 ns Xeon E3-1245 v3 3400 MHz Supermicro X10SAE C226 Int. Dual DDR3-1600 11-11-11-28 CR1 58.6 ns A10-6800K 4100 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-2133 9-11-10-27 CR2 59.6 ns FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 61.0 ns FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 61.3 ns Core i7-4930K 3400 MHz Gigabyte GA-X79-UD3 X79 Quad DDR3-1866 9-10-9-27 CR2 62.0 ns A10-5800K 3800 MHz Asus F2A55-M A55 Int. Dual DDR3-1866 9-10-9-27 CR2 62.0 ns Core i7-965 Extreme 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 62.7 ns Core i7-4770 3400 MHz Intel DZ87KLT-75K Z87 Int. Dual DDR3-1600 9-9-9-27 CR2 63.0 ns Core i7-2600 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 66.5 ns Core i7-990X Extreme 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 66.8 ns Core i7-3960X Extreme 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 67.3 ns Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 69.2 ns Xeon X5550 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 69.8 ns Phenom II X6 Black 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 69.9 ns Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 71.9 ns Core i7-5820K 3300 MHz Gigabyte GA-X99-UD4 X99 Quad DDR4-2133 15-15-15-36 CR2 74.7 ns Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 75.5 ns A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 75.8 ns Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 76.2 ns Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 76.9 ns Pentium EE 955 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 78.1 ns Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 79.6 ns A10-7850K 3700 MHz Gigabyte GA-F2A88XM-D3H A88X Int. Dual DDR3-2133 9-11-10-31 CR2 79.6 ns Xeon E5-2670 2600 MHz Supermicro X9DR6-F C600 Quad DDR3-1333 9-9-9-24 80.2 ns Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 80.9 ns P4EE 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 82.1 ns Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 87.3 ns Opteron 6274 2200 MHz Supermicro H8DGI-F SR5690 Dual DDR3-1600R 11-11-11-28 CR1 87.7 ns Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 89.0 ns Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 90.9 ns Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 93.1 ns AthlonXP 3200+ 2200 MHz Asus A7N8X-E nForce2-U400 Dual DDR400 2.5-4-4-8 CR1 93.3 ns Atom C2750 2400 MHz Supermicro A1SAi-2750F Avoton Dual DDR3-1600 11-11-11-28 CR1 95.2 ns Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 95.2 ns Core i5-650 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 95.4 ns Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 99.3 ns Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 101.0 ns Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 103.0 ns Atom 230 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 104.8 ns Core 2 Duo E4400 2000 MHz [ TRIAL VERSION ] i945P Dual DDR2-667 5-5-5-15 106.3 ns E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 107.4 ns Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 109.0 ns Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 112.3 ns Pentium M 730 1600 MHz AOpen i915Ga-HFS i915G Int. Dual DDR2-533 4-4-4-12 113.6 ns Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 114.0 ns Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 114.0 ns Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 118.3 ns P4 2800 MHz MSI 848P Neo-S i848P DDR400 SDRAM 2.5-3-3-8 118.6 ns Core Duo T2500 2000 MHz Asus N4L-VM DH i945GT Int. Dual DDR2-667 5-5-5-15 120.7 ns Xeon 3066 MHz Asus PCH-DL i875P + PAT Dual DDR333 2.5-3-3-7 121.6 ns Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 121.8 ns Xeon 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 124.1 ns Celeron M 320 1300 MHz DFI 855GME-MGF i855GME Int. DDR333 SDRAM 2.5-3-3-7 124.6 ns Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 127.2 ns Athlon 5350 2050 MHz ASRock AM1B-ITX Yangtze Int. DDR3-1600 SDRAM 11-11-11-28 CR2 129.3 ns Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 136.3 ns PIII-S 1266 MHz MSI Pro266TD Master-LR ApolloPro266TD DDR266 SDRAM 2-3-3-6 CR2 141.2 ns P4EE 3466 MHz ASRock 775Dual-880Pro PT880Pro Dual DDR2-400 3-3-3-8 CR2 142.0 ns Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 143.1 ns Crusoe 5800 1000 MHz ECS A530 DeskNote Crusoe DDR266 SDRAM 144.5 ns Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 151.1 ns PIII-E 733 MHz Tyan Thunder 2500 ServerSet3HE PC133R SDRAM 3-3-3-6 154.6 ns P4 2400 MHz Abit SI7 SiSR658 Dual PC1066 RDRAM - 157.9 ns Celeron 2000 MHz Gigabyte GA-8TRS350MT RS350 Int. Dual DDR400 2-2-4-6 CR1 158.0 ns P4 1600 MHz Abit TH7II i850 Dual PC800 RDRAM - 161.7 ns Duron 1600 MHz MSI KT6V-LSR KT600 DDR400 SDRAM 3-3-3-8 CR2 166.4 ns Efficeon 8600 1000 MHz ECS 532 Notebook Efficeon DDR266 SDRAM 175.0 ns C3 1333 MHz VIA EPIA SP CN400 Int. DDR400 SDRAM 3-3-3-8 CR2 175.8 ns Celeron 1700 MHz Asus P4B i845 PC133 SDRAM 3-3-3-6 186.0 ns Duron 600 MHz Abit KG7-Lite AMD-760 DDR200R SDRAM 2-2-2-5 188.2 ns Celeron 215 1333 MHz Intel D201GLY SiS662 Int. DDR2-533 5-4-4-12 190.2 ns PIII 500 MHz Epox KP6-BS i440BX PC100R SDRAM 3-3-3-? 197.3 ns Pentium 166 MHz Asus TX97-X i430TX PC66 SDRAM 2-2-3-4 197.4 ns C3 800 MHz VIA EPIA PLE133 Int. PC133 SDRAM 3-3-3-6 198.0 ns MediaGXm 233 MHz ALD NPC6836 Cx5520 PC60 SDRAM 3-3-3-6 201.9 ns C7 1500 MHz VIA EPIA EN CN700 Int. DDR2-533 SDRAM 4-4-4-12 CR2 203.4 ns Athlon 1400 MHz PCChips M817LMR MAGiK1 DDR266 SDRAM 2-2-2-6 210.1 ns AthlonXP 1600+ 1400 MHz Acorp 7KMM1 KM133A Int. PC133 SDRAM 3-3-3-6 214.6 ns K6-2 333 MHz Amptron PM-9100LMR SiS5597 Ext. PC66 SDRAM 3-3-3-6 215.2 ns PentiumMMX 200 MHz Gigabyte GA-586DX i430HX Dual EDO - 218.3 ns PIII 450 MHz Asus P3C-S i820 PC600 RDRAM - 220.4 ns PentiumPro 200 MHz Compaq ProLiant 800 i440FX Dual EDO - 231.4 ns Athlon 750 MHz Epox EP-7KXA KX133 PC133 SDRAM 3-3-3-6 241.7 ns K5 PR166 116 MHz Asus P5A ALADDiN5 PC66 SDRAM 2-2-2-6 260.3 ns K6-III 400 MHz Epox EP-MVP3G-M MVP3 PC100 SDRAM 2-2-2-5 288.0 ns PII 333 MHz Intel DK440LX i440LX PC66 SDRAM 3-2-2-? 299.3 ns Celeron 700 MHz PCChips M758LT SiS630ET Int. PC100 SDRAM 3-3-3-6 325.5 ns Celeron 266 MHz Epox P2-100B ApolloPro PC66 SDRAM 3-2-2-5 348.3 ns --------[ CPU Queen ]--------------------------------------------------------------------------------------------------- 16x Xeon E5-2670 HT 2600 MHz Supermicro X9DR6-F C600 Quad DDR3-1333 9-9-9-24 112181 6x Core i7-4930K HT 3400 MHz Gigabyte GA-X79-UD3 X79 Quad DDR3-1866 9-10-9-27 CR2 63239 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 61860 6x Core i7-5820K HT 3300 MHz Gigabyte GA-X99-UD4 X99 Quad DDR4-2133 15-15-15-36 CR2 61732 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 57896 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 57158 32x Opteron 6274 2200 MHz Supermicro H8DGI-F SR5690 Dual DDR3-1600R 11-11-11-28 CR1 54021 4x Core i7-4770 HT 3400 MHz Intel DZ87KLT-75K Z87 Int. Dual DDR3-1600 9-9-9-27 CR2 49406 4x Xeon E3-1245 v3 HT 3400 MHz Supermicro X10SAE C226 Int. Dual DDR3-1600 11-11-11-28 CR1 48447 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 48066 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 45446 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 42691 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 41396 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 39033 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 36172 8x Atom C2750 2400 MHz Supermicro A1SAi-2750F Avoton Dual DDR3-1600 11-11-11-28 CR1 33603 6x Phenom II X6 Black 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 32616 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 32296 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 30929 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 27840 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 25309 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 22686 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 22085 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 22053 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 22000 4x A10-6800K 4100 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-2133 9-11-10-27 CR2 21717 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 21390 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 21086 4x A10-5800K 3800 MHz Asus F2A55-M A55 Int. Dual DDR3-1866 9-10-9-27 CR2 20220 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 19830 4x A10-7850K 3700 MHz Gigabyte GA-F2A88XM-D3H A88X Int. Dual DDR3-2133 9-11-10-31 CR2 19296 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 16151 4x Athlon 5350 2050 MHz ASRock AM1B-ITX Yangtze Int. DDR3-1600 SDRAM 11-11-11-28 CR2 14184 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 12562 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 12438 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 11137 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 9568 2x Core 2 Duo E4400 2000 MHz [ TRIAL VERSION ] i945P Dual DDR2-667 5-5-5-15 8303 2x Core Duo T2500 2000 MHz Asus N4L-VM DH i945GT Int. Dual DDR2-667 5-5-5-15 7796 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 7630 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 7533 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 7247 2x Xeon 3066 MHz Asus PCH-DL i875P + PAT Dual DDR333 2.5-3-3-7 6218 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 5692 Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 5532 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 4973 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 4846 2x PIII-S 1266 MHz MSI Pro266TD Master-LR ApolloPro266TD DDR266 SDRAM 2-3-3-6 CR2 4843 P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 4158 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 4150 Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 3831 Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 3761 P4EE 3466 MHz ASRock 775Dual-880Pro PT880Pro Dual DDR2-400 3-3-3-8 CR2 3506 Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 3484 AthlonXP 3200+ 2200 MHz Asus A7N8X-E nForce2-U400 Dual DDR400 2.5-4-4-8 CR1 3470 Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 3417 Pentium M 730 1600 MHz AOpen i915Ga-HFS i915G Int. Dual DDR2-533 4-4-4-12 3107 P4 2800 MHz MSI 848P Neo-S i848P DDR400 SDRAM 2.5-3-3-8 2838 2x PIII-E 733 MHz Tyan Thunder 2500 ServerSet3HE PC133R SDRAM 3-3-3-6 2803 Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 2797 Celeron 215 1333 MHz Intel D201GLY SiS662 Int. DDR2-533 5-4-4-12 2601 Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 2570 Celeron M 320 1300 MHz DFI 855GME-MGF i855GME Int. DDR333 SDRAM 2.5-3-3-7 2539 Duron 1600 MHz MSI KT6V-LSR KT600 DDR400 SDRAM 3-3-3-8 CR2 2535 P4 2400 MHz Abit SI7 SiSR658 Dual PC1066 RDRAM - 2440 Athlon 1400 MHz PCChips M817LMR MAGiK1 DDR266 SDRAM 2-2-2-6 2221 AthlonXP 1600+ 1400 MHz Acorp 7KMM1 KM133A Int. PC133 SDRAM 3-3-3-6 2202 Celeron 2000 MHz Gigabyte GA-8TRS350MT RS350 Int. Dual DDR400 2-2-4-6 CR1 2042 2x PIII 500 MHz Epox KP6-BS i440BX PC100R SDRAM 3-3-3-? 1922 Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 1904 Celeron 1700 MHz Asus P4B i845 PC133 SDRAM 3-3-3-6 1762 P4 1600 MHz Abit TH7II i850 Dual PC800 RDRAM - 1608 C7 1500 MHz VIA EPIA EN CN700 Int. DDR2-533 SDRAM 4-4-4-12 CR2 1559 Efficeon 8600 1000 MHz ECS 532 Notebook Efficeon DDR266 SDRAM 1459 Celeron 700 MHz PCChips M758LT SiS630ET Int. PC100 SDRAM 3-3-3-6 1343 Athlon 750 MHz Epox EP-7KXA KX133 PC133 SDRAM 3-3-3-6 1185 2x PII 333 MHz Intel DK440LX i440LX PC66 SDRAM 3-2-2-? 1142 C3 1333 MHz VIA EPIA SP CN400 Int. DDR400 SDRAM 3-3-3-8 CR2 1096 Duron 600 MHz Abit KG7-Lite AMD-760 DDR200R SDRAM 2-2-2-5 951 Crusoe 5800 1000 MHz ECS A530 DeskNote Crusoe DDR266 SDRAM 872 PIII 450 MHz Asus P3C-S i820 PC600 RDRAM - 870 K6-III 400 MHz Epox EP-MVP3G-M MVP3 PC100 SDRAM 2-2-2-5 810 K6-2 333 MHz Amptron PM-9100LMR SiS5597 Ext. PC66 SDRAM 3-3-3-6 692 2x PentiumMMX 200 MHz Gigabyte GA-586DX i430HX Dual EDO - 662 C3 800 MHz VIA EPIA PLE133 Int. PC133 SDRAM 3-3-3-6 574 2x PentiumPro 200 MHz Compaq ProLiant 800 i440FX Dual EDO - 533 Celeron 266 MHz Epox P2-100B ApolloPro PC66 SDRAM 3-2-2-5 456 Pentium 166 MHz Asus TX97-X i430TX PC66 SDRAM 2-2-3-4 231 K5 PR166 116 MHz Asus P5A ALADDiN5 PC66 SDRAM 2-2-2-6 202 MediaGXm 233 MHz ALD NPC6836 Cx5520 PC60 SDRAM 3-3-3-6 184 --------[ CPU PhotoWorxx ]---------------------------------------------------------------------------------------------- 6x Core i7-5820K HT 3300 MHz Gigabyte GA-X99-UD4 X99 Quad DDR4-2133 15-15-15-36 CR2 25995 MPixel/s 6x Core i7-4930K HT 3400 MHz Gigabyte GA-X79-UD3 X79 Quad DDR3-1866 9-10-9-27 CR2 25667 MPixel/s 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 22721 MPixel/s 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 20506 MPixel/s 16x Xeon E5-2670 HT 2600 MHz Supermicro X9DR6-F C600 Quad DDR3-1333 9-9-9-24 19558 MPixel/s 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 14009 MPixel/s 4x Xeon E3-1245 v3 HT 3400 MHz Supermicro X10SAE C226 Int. Dual DDR3-1600 11-11-11-28 CR1 13344 MPixel/s 4x Core i7-4770 HT 3400 MHz Intel DZ87KLT-75K Z87 Int. Dual DDR3-1600 9-9-9-27 CR2 13291 MPixel/s 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 12922 MPixel/s 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 12482 MPixel/s 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 12319 MPixel/s 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 11898 MPixel/s 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 10949 MPixel/s 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 10703 MPixel/s 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 10060 MPixel/s 4x A10-6800K 4100 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-2133 9-11-10-27 CR2 9517 MPixel/s 4x A10-5800K 3800 MHz Asus F2A55-M A55 Int. Dual DDR3-1866 9-10-9-27 CR2 9019 MPixel/s 4x A10-7850K 3700 MHz Gigabyte GA-F2A88XM-D3H A88X Int. Dual DDR3-2133 9-11-10-31 CR2 8803 MPixel/s 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 8548 MPixel/s 8x Atom C2750 2400 MHz Supermicro A1SAi-2750F Avoton Dual DDR3-1600 11-11-11-28 CR1 8320 MPixel/s 32x Opteron 6274 2200 MHz Supermicro H8DGI-F SR5690 Dual DDR3-1600R 11-11-11-28 CR1 8195 MPixel/s 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 7677 MPixel/s 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 6886 MPixel/s 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 6879 MPixel/s 6x Phenom II X6 Black 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 6621 MPixel/s 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 5247 MPixel/s 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 4747 MPixel/s 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 4183 MPixel/s 4x Athlon 5350 2050 MHz ASRock AM1B-ITX Yangtze Int. DDR3-1600 SDRAM 11-11-11-28 CR2 4076 MPixel/s 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 3985 MPixel/s 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 3770 MPixel/s 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 3464 MPixel/s 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 2924 MPixel/s 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 2793 MPixel/s 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 2786 MPixel/s 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 2683 MPixel/s Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 2560 MPixel/s 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 2378 MPixel/s 2x Core 2 Duo E4400 2000 MHz [ TRIAL VERSION ] i945P Dual DDR2-667 5-5-5-15 2365 MPixel/s P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 2024 MPixel/s 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 1913 MPixel/s 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 1880 MPixel/s 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 1865 MPixel/s 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 1864 MPixel/s Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 1813 MPixel/s 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 1783 MPixel/s 2x Xeon 3066 MHz Asus PCH-DL i875P + PAT Dual DDR333 2.5-3-3-7 1724 MPixel/s 2x Core Duo T2500 2000 MHz Asus N4L-VM DH i945GT Int. Dual DDR2-667 5-5-5-15 1709 MPixel/s 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 1678 MPixel/s P4EE 3466 MHz ASRock 775Dual-880Pro PT880Pro Dual DDR2-400 3-3-3-8 CR2 1491 MPixel/s 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 1336 MPixel/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 1277 MPixel/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 1196 MPixel/s P4 2800 MHz MSI 848P Neo-S i848P DDR400 SDRAM 2.5-3-3-8 1188 MPixel/s P4 2400 MHz Abit SI7 SiSR658 Dual PC1066 RDRAM - 1141 MPixel/s Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 1086 MPixel/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 1086 MPixel/s Pentium M 730 1600 MHz AOpen i915Ga-HFS i915G Int. Dual DDR2-533 4-4-4-12 952 MPixel/s AthlonXP 3200+ 2200 MHz Asus A7N8X-E nForce2-U400 Dual DDR400 2.5-4-4-8 CR1 902 MPixel/s P4 1600 MHz Abit TH7II i850 Dual PC800 RDRAM - 874 MPixel/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 827 MPixel/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 820 MPixel/s Celeron 2000 MHz Gigabyte GA-8TRS350MT RS350 Int. Dual DDR400 2-2-4-6 CR1 818 MPixel/s Celeron 215 1333 MHz Intel D201GLY SiS662 Int. DDR2-533 5-4-4-12 814 MPixel/s Celeron M 320 1300 MHz DFI 855GME-MGF i855GME Int. DDR333 SDRAM 2.5-3-3-7 714 MPixel/s Duron 1600 MHz MSI KT6V-LSR KT600 DDR400 SDRAM 3-3-3-8 CR2 551 MPixel/s Efficeon 8600 1000 MHz ECS 532 Notebook Efficeon DDR266 SDRAM 537 MPixel/s Celeron 1700 MHz Asus P4B i845 PC133 SDRAM 3-3-3-6 506 MPixel/s C7 1500 MHz VIA EPIA EN CN700 Int. DDR2-533 SDRAM 4-4-4-12 CR2 478 MPixel/s 2x PIII-S 1266 MHz MSI Pro266TD Master-LR ApolloPro266TD DDR266 SDRAM 2-3-3-6 CR2 348 MPixel/s AthlonXP 1600+ 1400 MHz Acorp 7KMM1 KM133A Int. PC133 SDRAM 3-3-3-6 320 MPixel/s Athlon 1400 MHz PCChips M817LMR MAGiK1 DDR266 SDRAM 2-2-2-6 304 MPixel/s 2x PIII-E 733 MHz Tyan Thunder 2500 ServerSet3HE PC133R SDRAM 3-3-3-6 285 MPixel/s Duron 600 MHz Abit KG7-Lite AMD-760 DDR200R SDRAM 2-2-2-5 248 MPixel/s 2x PIII 500 MHz Epox KP6-BS i440BX PC100R SDRAM 3-3-3-? 211 MPixel/s Athlon 750 MHz Epox EP-7KXA KX133 PC133 SDRAM 3-3-3-6 202 MPixel/s C3 1333 MHz VIA EPIA SP CN400 Int. DDR400 SDRAM 3-3-3-8 CR2 181 MPixel/s Crusoe 5800 1000 MHz ECS A530 DeskNote Crusoe DDR266 SDRAM 163 MPixel/s PIII 450 MHz Asus P3C-S i820 PC600 RDRAM - 156 MPixel/s 2x PII 333 MHz Intel DK440LX i440LX PC66 SDRAM 3-2-2-? 101 MPixel/s C3 800 MHz VIA EPIA PLE133 Int. PC133 SDRAM 3-3-3-6 99 MPixel/s K6-III 400 MHz Epox EP-MVP3G-M MVP3 PC100 SDRAM 2-2-2-5 77 MPixel/s 2x PentiumPro 200 MHz Compaq ProLiant 800 i440FX Dual EDO - 61 MPixel/s Celeron 700 MHz PCChips M758LT SiS630ET Int. PC100 SDRAM 3-3-3-6 60 MPixel/s Celeron 266 MHz Epox P2-100B ApolloPro PC66 SDRAM 3-2-2-5 54 MPixel/s 2x PentiumMMX 200 MHz Gigabyte GA-586DX i430HX Dual EDO - 52 MPixel/s K6-2 333 MHz Amptron PM-9100LMR SiS5597 Ext. PC66 SDRAM 3-3-3-6 43 MPixel/s MediaGXm 233 MHz ALD NPC6836 Cx5520 PC60 SDRAM 3-3-3-6 30 MPixel/s Pentium 166 MHz Asus TX97-X i430TX PC66 SDRAM 2-2-3-4 27 MPixel/s K5 PR166 116 MHz Asus P5A ALADDiN5 PC66 SDRAM 2-2-2-6 26 MPixel/s --------[ CPU ZLib ]---------------------------------------------------------------------------------------------------- 6x Core i7-4930K HT 3400 MHz Gigabyte GA-X79-UD3 X79 Quad DDR3-1866 9-10-9-27 CR2 438.2 MB/s 6x Core i7-5820K HT 3300 MHz Gigabyte GA-X99-UD4 X99 Quad DDR4-2133 15-15-15-36 CR2 436.5 MB/s 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 427.9 MB/s 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 366.2 MB/s 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 361.1 MB/s 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 350.5 MB/s 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 334.9 MB/s 4x Core i7-4770 HT 3400 MHz Intel DZ87KLT-75K Z87 Int. Dual DDR3-1600 9-9-9-27 CR2 309.3 MB/s 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 304.1 MB/s 4x Xeon E3-1245 v3 HT 3400 MHz Supermicro X10SAE C226 Int. Dual DDR3-1600 11-11-11-28 CR1 297.9 MB/s 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 278.6 MB/s 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 266.9 MB/s 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 264.7 MB/s 6x Phenom II X6 Black 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 244.8 MB/s 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 232.8 MB/s 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 228.5 MB/s 8x Atom C2750 2400 MHz Supermicro A1SAi-2750F Avoton Dual DDR3-1600 11-11-11-28 CR1 203.5 MB/s 4x A10-7850K 3700 MHz Gigabyte GA-F2A88XM-D3H A88X Int. Dual DDR3-2133 9-11-10-31 CR2 182.5 MB/s 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 180.9 MB/s 4x A10-6800K 4100 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-2133 9-11-10-27 CR2 175.7 MB/s 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 168.6 MB/s 4x A10-5800K 3800 MHz Asus F2A55-M A55 Int. Dual DDR3-1866 9-10-9-27 CR2 160.4 MB/s 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 147.0 MB/s 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 144.9 MB/s 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 144.5 MB/s 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 130.1 MB/s 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 112.9 MB/s 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 108.2 MB/s 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 107.4 MB/s 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 104.5 MB/s 4x Athlon 5350 2050 MHz ASRock AM1B-ITX Yangtze Int. DDR3-1600 SDRAM 11-11-11-28 CR2 92.1 MB/s 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 79.5 MB/s 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 71.6 MB/s 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 70.8 MB/s 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 63.9 MB/s 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 62.1 MB/s 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 54.1 MB/s 2x Xeon 3066 MHz Asus PCH-DL i875P + PAT Dual DDR333 2.5-3-3-7 50.3 MB/s 2x Core 2 Duo E4400 2000 MHz [ TRIAL VERSION ] i945P Dual DDR2-667 5-5-5-15 48.4 MB/s 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 45.3 MB/s 2x Core Duo T2500 2000 MHz Asus N4L-VM DH i945GT Int. Dual DDR2-667 5-5-5-15 43.7 MB/s 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 42.4 MB/s P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 34.2 MB/s Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 32.3 MB/s 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 30.1 MB/s 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 29.5 MB/s 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 29.4 MB/s P4EE 3466 MHz ASRock 775Dual-880Pro PT880Pro Dual DDR2-400 3-3-3-8 CR2 28.1 MB/s 2x PIII-S 1266 MHz MSI Pro266TD Master-LR ApolloPro266TD DDR266 SDRAM 2-3-3-6 CR2 27.9 MB/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 23.7 MB/s AthlonXP 3200+ 2200 MHz Asus A7N8X-E nForce2-U400 Dual DDR400 2.5-4-4-8 CR1 23.6 MB/s P4 2800 MHz MSI 848P Neo-S i848P DDR400 SDRAM 2.5-3-3-8 22.9 MB/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 22.1 MB/s Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 19.5 MB/s P4 2400 MHz Abit SI7 SiSR658 Dual PC1066 RDRAM - 19.5 MB/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 17.9 MB/s Pentium M 730 1600 MHz AOpen i915Ga-HFS i915G Int. Dual DDR2-533 4-4-4-12 17.6 MB/s Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 17.3 MB/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 15.9 MB/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 15.0 MB/s AthlonXP 1600+ 1400 MHz Acorp 7KMM1 KM133A Int. PC133 SDRAM 3-3-3-6 14.7 MB/s Athlon 1400 MHz PCChips M817LMR MAGiK1 DDR266 SDRAM 2-2-2-6 14.5 MB/s Celeron 215 1333 MHz Intel D201GLY SiS662 Int. DDR2-533 5-4-4-12 14.5 MB/s Celeron M 320 1300 MHz DFI 855GME-MGF i855GME Int. DDR333 SDRAM 2.5-3-3-7 14.4 MB/s 2x PIII-E 733 MHz Tyan Thunder 2500 ServerSet3HE PC133R SDRAM 3-3-3-6 14.3 MB/s P4 1600 MHz Abit TH7II i850 Dual PC800 RDRAM - 12.5 MB/s Celeron 2000 MHz Gigabyte GA-8TRS350MT RS350 Int. Dual DDR400 2-2-4-6 CR1 12.1 MB/s Duron 1600 MHz MSI KT6V-LSR KT600 DDR400 SDRAM 3-3-3-8 CR2 11.1 MB/s Efficeon 8600 1000 MHz ECS 532 Notebook Efficeon DDR266 SDRAM 10.2 MB/s 2x PIII 500 MHz Epox KP6-BS i440BX PC100R SDRAM 3-3-3-? 9.6 MB/s Celeron 1700 MHz Asus P4B i845 PC133 SDRAM 3-3-3-6 9.2 MB/s Crusoe 5800 1000 MHz ECS A530 DeskNote Crusoe DDR266 SDRAM 9.2 MB/s C7 1500 MHz VIA EPIA EN CN700 Int. DDR2-533 SDRAM 4-4-4-12 CR2 7.5 MB/s Athlon 750 MHz Epox EP-7KXA KX133 PC133 SDRAM 3-3-3-6 7.2 MB/s 2x PII 333 MHz Intel DK440LX i440LX PC66 SDRAM 3-2-2-? 6.2 MB/s Duron 600 MHz Abit KG7-Lite AMD-760 DDR200R SDRAM 2-2-2-5 5.1 MB/s C3 1333 MHz VIA EPIA SP CN400 Int. DDR400 SDRAM 3-3-3-8 CR2 4.7 MB/s PIII 450 MHz Asus P3C-S i820 PC600 RDRAM - 4.4 MB/s K6-III 400 MHz Epox EP-MVP3G-M MVP3 PC100 SDRAM 2-2-2-5 3.8 MB/s 2x PentiumPro 200 MHz Compaq ProLiant 800 i440FX Dual EDO - 3.7 MB/s Celeron 700 MHz PCChips M758LT SiS630ET Int. PC100 SDRAM 3-3-3-6 2.8 MB/s C3 800 MHz VIA EPIA PLE133 Int. PC133 SDRAM 3-3-3-6 2.8 MB/s 2x PentiumMMX 200 MHz Gigabyte GA-586DX i430HX Dual EDO - 2.4 MB/s K6-2 333 MHz Amptron PM-9100LMR SiS5597 Ext. PC66 SDRAM 3-3-3-6 2.0 MB/s Celeron 266 MHz Epox P2-100B ApolloPro PC66 SDRAM 3-2-2-5 1.7 MB/s Pentium 166 MHz Asus TX97-X i430TX PC66 SDRAM 2-2-3-4 1.0 MB/s K5 PR166 116 MHz Asus P5A ALADDiN5 PC66 SDRAM 2-2-2-6 1.0 MB/s MediaGXm 233 MHz ALD NPC6836 Cx5520 PC60 SDRAM 3-3-3-6 0.9 MB/s --------[ CPU AES ]----------------------------------------------------------------------------------------------------- 16x Xeon E5-2670 HT 2600 MHz Supermicro X9DR6-F C600 Quad DDR3-1333 9-9-9-24 47041 MB/s 32x Opteron 6274 2200 MHz Supermicro H8DGI-F SR5690 Dual DDR3-1600R 11-11-11-28 CR1 36470 MB/s 6x Core i7-5820K HT 3300 MHz Gigabyte GA-X99-UD4 X99 Quad DDR4-2133 15-15-15-36 CR2 23020 MB/s 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 21169 MB/s 6x Core i7-4930K HT 3400 MHz Gigabyte GA-X79-UD3 X79 Quad DDR3-1866 9-10-9-27 CR2 21151 MB/s 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 16926 MB/s 4x Core i7-4770 HT 3400 MHz Intel DZ87KLT-75K Z87 Int. Dual DDR3-1600 9-9-9-27 CR2 16670 MB/s 4x Xeon E3-1245 v3 HT 3400 MHz Supermicro X10SAE C226 Int. Dual DDR3-1600 11-11-11-28 CR1 16195 MB/s 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 14798 MB/s 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 14492 MB/s 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 13721 MB/s 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 12257 MB/s 4x A10-6800K 4100 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-2133 9-11-10-27 CR2 8907 MB/s 4x A10-7850K 3700 MHz Gigabyte GA-F2A88XM-D3H A88X Int. Dual DDR3-2133 9-11-10-31 CR2 8392 MB/s 4x A10-5800K 3800 MHz Asus F2A55-M A55 Int. Dual DDR3-1866 9-10-9-27 CR2 8217 MB/s 4x Athlon 5350 2050 MHz ASRock AM1B-ITX Yangtze Int. DDR3-1600 SDRAM 11-11-11-28 CR2 6453 MB/s 8x Atom C2750 2400 MHz Supermicro A1SAi-2750F Avoton Dual DDR3-1600 11-11-11-28 CR1 3997 MB/s 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 3784 MB/s Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 2916 MB/s C7 1500 MHz VIA EPIA EN CN700 Int. DDR2-533 SDRAM 4-4-4-12 CR2 1617 MB/s 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 1526 MB/s C3 1333 MHz VIA EPIA SP CN400 Int. DDR400 SDRAM 3-3-3-8 CR2 1466 MB/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 1455 MB/s 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 1103 MB/s 6x Phenom II X6 Black 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 1066 MB/s 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 1017 MB/s 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 1012 MB/s 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 694 MB/s 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 691 MB/s 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 674 MB/s 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 643 MB/s 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 643 MB/s 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 544 MB/s 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 483 MB/s 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 460 MB/s 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 446 MB/s 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 419 MB/s 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 332 MB/s 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 295 MB/s 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 266 MB/s 2x Xeon 3066 MHz Asus PCH-DL i875P + PAT Dual DDR333 2.5-3-3-7 247 MB/s 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 245 MB/s 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 238 MB/s 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 214 MB/s 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 204 MB/s 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 192 MB/s 2x Core Duo T2500 2000 MHz Asus N4L-VM DH i945GT Int. Dual DDR2-667 5-5-5-15 179 MB/s 2x Core 2 Duo E4400 2000 MHz [ TRIAL VERSION ] i945P Dual DDR2-667 5-5-5-15 179 MB/s P4EE 3466 MHz ASRock 775Dual-880Pro PT880Pro Dual DDR2-400 3-3-3-8 CR2 139 MB/s P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 131 MB/s 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 130 MB/s 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 128 MB/s P4 2800 MHz MSI 848P Neo-S i848P DDR400 SDRAM 2.5-3-3-8 112 MB/s 2x PIII-S 1266 MHz MSI Pro266TD Master-LR ApolloPro266TD DDR266 SDRAM 2-3-3-6 CR2 104 MB/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 102 MB/s P4 2400 MHz Abit SI7 SiSR658 Dual PC1066 RDRAM - 97 MB/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 97 MB/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 92 MB/s AthlonXP 3200+ 2200 MHz Asus A7N8X-E nForce2-U400 Dual DDR400 2.5-4-4-8 CR1 89 MB/s Celeron 2000 MHz Gigabyte GA-8TRS350MT RS350 Int. Dual DDR400 2-2-4-6 CR1 81 MB/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 74 MB/s 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 73 MB/s Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 72 MB/s Pentium M 730 1600 MHz AOpen i915Ga-HFS i915G Int. Dual DDR2-533 4-4-4-12 71 MB/s Celeron 1700 MHz Asus P4B i845 PC133 SDRAM 3-3-3-6 65 MB/s Duron 1600 MHz MSI KT6V-LSR KT600 DDR400 SDRAM 3-3-3-8 CR2 65 MB/s P4 1600 MHz Abit TH7II i850 Dual PC800 RDRAM - 63 MB/s 2x PIII-E 733 MHz Tyan Thunder 2500 ServerSet3HE PC133R SDRAM 3-3-3-6 60 MB/s Celeron 215 1333 MHz Intel D201GLY SiS662 Int. DDR2-533 5-4-4-12 60 MB/s Celeron M 320 1300 MHz DFI 855GME-MGF i855GME Int. DDR333 SDRAM 2.5-3-3-7 58 MB/s AthlonXP 1600+ 1400 MHz Acorp 7KMM1 KM133A Int. PC133 SDRAM 3-3-3-6 57 MB/s Athlon 1400 MHz PCChips M817LMR MAGiK1 DDR266 SDRAM 2-2-2-6 57 MB/s Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 43 MB/s Efficeon 8600 1000 MHz ECS 532 Notebook Efficeon DDR266 SDRAM 41 MB/s 2x PIII 500 MHz Epox KP6-BS i440BX PC100R SDRAM 3-3-3-? 40 MB/s Athlon 750 MHz Epox EP-7KXA KX133 PC133 SDRAM 3-3-3-6 30 MB/s Celeron 700 MHz PCChips M758LT SiS630ET Int. PC100 SDRAM 3-3-3-6 29 MB/s 2x PII 333 MHz Intel DK440LX i440LX PC66 SDRAM 3-2-2-? 27 MB/s Crusoe 5800 1000 MHz ECS A530 DeskNote Crusoe DDR266 SDRAM 25 MB/s Duron 600 MHz Abit KG7-Lite AMD-760 DDR200R SDRAM 2-2-2-5 24 MB/s PIII 450 MHz Asus P3C-S i820 PC600 RDRAM - 18 MB/s 2x PentiumPro 200 MHz Compaq ProLiant 800 i440FX Dual EDO - 16 MB/s K6-III 400 MHz Epox EP-MVP3G-M MVP3 PC100 SDRAM 2-2-2-5 13 MB/s Celeron 266 MHz Epox P2-100B ApolloPro PC66 SDRAM 3-2-2-5 10 MB/s C3 800 MHz VIA EPIA PLE133 Int. PC133 SDRAM 3-3-3-6 9 MB/s K6-2 333 MHz Amptron PM-9100LMR SiS5597 Ext. PC66 SDRAM 3-3-3-6 9 MB/s 2x PentiumMMX 200 MHz Gigabyte GA-586DX i430HX Dual EDO - 6 MB/s K5 PR166 116 MHz Asus P5A ALADDiN5 PC66 SDRAM 2-2-2-6 4 MB/s MediaGXm 233 MHz ALD NPC6836 Cx5520 PC60 SDRAM 3-3-3-6 3 MB/s Pentium 166 MHz Asus TX97-X i430TX PC66 SDRAM 2-2-3-4 2 MB/s --------[ CPU Hash ]---------------------------------------------------------------------------------------------------- 32x Opteron 6274 2200 MHz Supermicro H8DGI-F SR5690 Dual DDR3-1600R 11-11-11-28 CR1 8923 MB/s 16x Xeon E5-2670 HT 2600 MHz Supermicro X9DR6-F C600 Quad DDR3-1333 9-9-9-24 8688 MB/s 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 4806 MB/s 6x Core i7-4930K HT 3400 MHz Gigabyte GA-X79-UD3 X79 Quad DDR3-1866 9-10-9-27 CR2 4371 MB/s 6x Core i7-5820K HT 3300 MHz Gigabyte GA-X99-UD4 X99 Quad DDR4-2133 15-15-15-36 CR2 4194 MB/s 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 4077 MB/s 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 3910 MB/s 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 3661 MB/s 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 3559 MB/s 6x Phenom II X6 Black 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 3315 MB/s 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 3244 MB/s 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 3204 MB/s 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 3198 MB/s 4x Core i7-4770 HT 3400 MHz Intel DZ87KLT-75K Z87 Int. Dual DDR3-1600 9-9-9-27 CR2 3038 MB/s 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 2994 MB/s 4x Xeon E3-1245 v3 HT 3400 MHz Supermicro X10SAE C226 Int. Dual DDR3-1600 11-11-11-28 CR1 2952 MB/s 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 2541 MB/s 4x A10-7850K 3700 MHz Gigabyte GA-F2A88XM-D3H A88X Int. Dual DDR3-2133 9-11-10-31 CR2 2431 MB/s 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 2332 MB/s 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 2260 MB/s 4x A10-6800K 4100 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-2133 9-11-10-27 CR2 2143 MB/s 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 2004 MB/s 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 2002 MB/s 4x A10-5800K 3800 MHz Asus F2A55-M A55 Int. Dual DDR3-1866 9-10-9-27 CR2 1968 MB/s 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 1935 MB/s 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 1911 MB/s 8x Atom C2750 2400 MHz Supermicro A1SAi-2750F Avoton Dual DDR3-1600 11-11-11-28 CR1 1859 MB/s 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 1680 MB/s 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 1677 MB/s 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 1461 MB/s 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 1455 MB/s 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 1088 MB/s 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 998 MB/s 4x Athlon 5350 2050 MHz ASRock AM1B-ITX Yangtze Int. DDR3-1600 SDRAM 11-11-11-28 CR2 989 MB/s Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 978 MB/s 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 969 MB/s 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 923 MB/s 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 769 MB/s 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 752 MB/s 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 717 MB/s 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 634 MB/s 2x Core 2 Duo E4400 2000 MHz [ TRIAL VERSION ] i945P Dual DDR2-667 5-5-5-15 626 MB/s 2x Xeon 3066 MHz Asus PCH-DL i875P + PAT Dual DDR333 2.5-3-3-7 614 MB/s 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 575 MB/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 493 MB/s 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 423 MB/s 2x Core Duo T2500 2000 MHz Asus N4L-VM DH i945GT Int. Dual DDR2-667 5-5-5-15 416 MB/s P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 412 MB/s C7 1500 MHz VIA EPIA EN CN700 Int. DDR2-533 SDRAM 4-4-4-12 CR2 360 MB/s P4EE 3466 MHz ASRock 775Dual-880Pro PT880Pro Dual DDR2-400 3-3-3-8 CR2 345 MB/s 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 343 MB/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 333 MB/s 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 322 MB/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 303 MB/s AthlonXP 3200+ 2200 MHz Asus A7N8X-E nForce2-U400 Dual DDR400 2.5-4-4-8 CR1 284 MB/s P4 2800 MHz MSI 848P Neo-S i848P DDR400 SDRAM 2.5-3-3-8 279 MB/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 259 MB/s Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 251 MB/s 2x PIII-S 1266 MHz MSI Pro266TD Master-LR ApolloPro266TD DDR266 SDRAM 2-3-3-6 CR2 247 MB/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 243 MB/s P4 2400 MHz Abit SI7 SiSR658 Dual PC1066 RDRAM - 241 MB/s Duron 1600 MHz MSI KT6V-LSR KT600 DDR400 SDRAM 3-3-3-8 CR2 207 MB/s Celeron 2000 MHz Gigabyte GA-8TRS350MT RS350 Int. Dual DDR400 2-2-4-6 CR1 202 MB/s Athlon 1400 MHz PCChips M817LMR MAGiK1 DDR266 SDRAM 2-2-2-6 181 MB/s AthlonXP 1600+ 1400 MHz Acorp 7KMM1 KM133A Int. PC133 SDRAM 3-3-3-6 181 MB/s Efficeon 8600 1000 MHz ECS 532 Notebook Efficeon DDR266 SDRAM 170 MB/s Pentium M 730 1600 MHz AOpen i915Ga-HFS i915G Int. Dual DDR2-533 4-4-4-12 166 MB/s Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 162 MB/s Celeron 1700 MHz Asus P4B i845 PC133 SDRAM 3-3-3-6 160 MB/s P4 1600 MHz Abit TH7II i850 Dual PC800 RDRAM - 150 MB/s 2x PIII-E 733 MHz Tyan Thunder 2500 ServerSet3HE PC133R SDRAM 3-3-3-6 143 MB/s Celeron 215 1333 MHz Intel D201GLY SiS662 Int. DDR2-533 5-4-4-12 139 MB/s Celeron M 320 1300 MHz DFI 855GME-MGF i855GME Int. DDR333 SDRAM 2.5-3-3-7 136 MB/s 2x PIII 500 MHz Epox KP6-BS i440BX PC100R SDRAM 3-3-3-? 98 MB/s Athlon 750 MHz Epox EP-7KXA KX133 PC133 SDRAM 3-3-3-6 97 MB/s Crusoe 5800 1000 MHz ECS A530 DeskNote Crusoe DDR266 SDRAM 88 MB/s Duron 600 MHz Abit KG7-Lite AMD-760 DDR200R SDRAM 2-2-2-5 77 MB/s Celeron 700 MHz PCChips M758LT SiS630ET Int. PC100 SDRAM 3-3-3-6 68 MB/s 2x PII 333 MHz Intel DK440LX i440LX PC66 SDRAM 3-2-2-? 63 MB/s C3 1333 MHz VIA EPIA SP CN400 Int. DDR400 SDRAM 3-3-3-8 CR2 59 MB/s PIII 450 MHz Asus P3C-S i820 PC600 RDRAM - 44 MB/s C3 800 MHz VIA EPIA PLE133 Int. PC133 SDRAM 3-3-3-6 35 MB/s 2x PentiumPro 200 MHz Compaq ProLiant 800 i440FX Dual EDO - 34 MB/s Celeron 266 MHz Epox P2-100B ApolloPro PC66 SDRAM 3-2-2-5 25 MB/s K6-III 400 MHz Epox EP-MVP3G-M MVP3 PC100 SDRAM 2-2-2-5 24 MB/s 2x PentiumMMX 200 MHz Gigabyte GA-586DX i430HX Dual EDO - 24 MB/s K6-2 333 MHz Amptron PM-9100LMR SiS5597 Ext. PC66 SDRAM 3-3-3-6 19 MB/s K5 PR166 116 MHz Asus P5A ALADDiN5 PC66 SDRAM 2-2-2-6 11 MB/s Pentium 166 MHz Asus TX97-X i430TX PC66 SDRAM 2-2-3-4 10 MB/s MediaGXm 233 MHz ALD NPC6836 Cx5520 PC60 SDRAM 3-3-3-6 8 MB/s --------[ FPU VP8 ]----------------------------------------------------------------------------------------------------- 6x Core i7-4930K HT 3400 MHz Gigabyte GA-X79-UD3 X79 Quad DDR3-1866 9-10-9-27 CR2 5979 16x Xeon E5-2670 HT 2600 MHz Supermicro X9DR6-F C600 Quad DDR3-1333 9-9-9-24 5838 6x Core i7-5820K HT 3300 MHz Gigabyte GA-X99-UD4 X99 Quad DDR4-2133 15-15-15-36 CR2 5732 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 5700 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 5599 4x Core i7-4770 HT 3400 MHz Intel DZ87KLT-75K Z87 Int. Dual DDR3-1600 9-9-9-27 CR2 5589 4x Xeon E3-1245 v3 HT 3400 MHz Supermicro X10SAE C226 Int. Dual DDR3-1600 11-11-11-28 CR1 5455 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 4936 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 4774 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 4600 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 4376 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 4296 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 4276 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 4060 6x Phenom II X6 Black 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 3968 4x A10-7850K 3700 MHz Gigabyte GA-F2A88XM-D3H A88X Int. Dual DDR3-2133 9-11-10-31 CR2 3594 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 3592 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 3584 4x A10-6800K 4100 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-2133 9-11-10-27 CR2 3408 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 3381 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 3298 32x Opteron 6274 2200 MHz Supermicro H8DGI-F SR5690 Dual DDR3-1600R 11-11-11-28 CR1 3125 4x A10-5800K 3800 MHz Asus F2A55-M A55 Int. Dual DDR3-1866 9-10-9-27 CR2 3030 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 3012 8x Atom C2750 2400 MHz Supermicro A1SAi-2750F Avoton Dual DDR3-1600 11-11-11-28 CR1 2956 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 2906 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 2858 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 2336 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 2320 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 2304 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 2211 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 2196 4x Athlon 5350 2050 MHz ASRock AM1B-ITX Yangtze Int. DDR3-1600 SDRAM 11-11-11-28 CR2 2181 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 1646 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 1566 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 1508 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 1443 2x Core 2 Duo E4400 2000 MHz [ TRIAL VERSION ] i945P Dual DDR2-667 5-5-5-15 1215 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 1150 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 1127 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 1095 Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 1018 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 1013 2x Core Duo T2500 2000 MHz Asus N4L-VM DH i945GT Int. Dual DDR2-667 5-5-5-15 997 P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 929 2x Xeon 3066 MHz Asus PCH-DL i875P + PAT Dual DDR333 2.5-3-3-7 829 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 792 Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 755 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 745 Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 681 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 657 P4EE 3466 MHz ASRock 775Dual-880Pro PT880Pro Dual DDR2-400 3-3-3-8 CR2 642 Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 617 Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 586 Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 578 P4 2800 MHz MSI 848P Neo-S i848P DDR400 SDRAM 2.5-3-3-8 544 Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 494 Celeron 215 1333 MHz Intel D201GLY SiS662 Int. DDR2-533 5-4-4-12 489 P4 2400 MHz Abit SI7 SiSR658 Dual PC1066 RDRAM - 488 Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 487 Pentium M 730 1600 MHz AOpen i915Ga-HFS i915G Int. Dual DDR2-533 4-4-4-12 487 AthlonXP 3200+ 2200 MHz Asus A7N8X-E nForce2-U400 Dual DDR400 2.5-4-4-8 CR1 457 2x PIII-S 1266 MHz MSI Pro266TD Master-LR ApolloPro266TD DDR266 SDRAM 2-3-3-6 CR2 400 Celeron M 320 1300 MHz DFI 855GME-MGF i855GME Int. DDR333 SDRAM 2.5-3-3-7 386 Celeron 2000 MHz Gigabyte GA-8TRS350MT RS350 Int. Dual DDR400 2-2-4-6 CR1 375 P4 1600 MHz Abit TH7II i850 Dual PC800 RDRAM - 359 Duron 1600 MHz MSI KT6V-LSR KT600 DDR400 SDRAM 3-3-3-8 CR2 358 Celeron 1700 MHz Asus P4B i845 PC133 SDRAM 3-3-3-6 343 C7 1500 MHz VIA EPIA EN CN700 Int. DDR2-533 SDRAM 4-4-4-12 CR2 315 Athlon 1400 MHz PCChips M817LMR MAGiK1 DDR266 SDRAM 2-2-2-6 313 AthlonXP 1600+ 1400 MHz Acorp 7KMM1 KM133A Int. PC133 SDRAM 3-3-3-6 313 2x PIII-E 733 MHz Tyan Thunder 2500 ServerSet3HE PC133R SDRAM 3-3-3-6 269 Efficeon 8600 1000 MHz ECS 532 Notebook Efficeon DDR266 SDRAM 239 Athlon 750 MHz Epox EP-7KXA KX133 PC133 SDRAM 3-3-3-6 199 Crusoe 5800 1000 MHz ECS A530 DeskNote Crusoe DDR266 SDRAM 197 PIII 450 MHz Asus P3C-S i820 PC600 RDRAM - 182 2x PIII 500 MHz Epox KP6-BS i440BX PC100R SDRAM 3-3-3-? 180 Duron 600 MHz Abit KG7-Lite AMD-760 DDR200R SDRAM 2-2-2-5 163 Celeron 700 MHz PCChips M758LT SiS630ET Int. PC100 SDRAM 3-3-3-6 148 C3 800 MHz VIA EPIA PLE133 Int. PC133 SDRAM 3-3-3-6 139 K6-III 400 MHz Epox EP-MVP3G-M MVP3 PC100 SDRAM 2-2-2-5 137 2x PII 333 MHz Intel DK440LX i440LX PC66 SDRAM 3-2-2-? 119 C3 1333 MHz VIA EPIA SP CN400 Int. DDR400 SDRAM 3-3-3-8 CR2 104 K6-2 333 MHz Amptron PM-9100LMR SiS5597 Ext. PC66 SDRAM 3-3-3-6 96 2x PentiumMMX 200 MHz Gigabyte GA-586DX i430HX Dual EDO - 95 Celeron 266 MHz Epox P2-100B ApolloPro PC66 SDRAM 3-2-2-5 94 K5 PR166 116 MHz Asus P5A ALADDiN5 PC66 SDRAM 2-2-2-6 64 2x PentiumPro 200 MHz Compaq ProLiant 800 i440FX Dual EDO - 60 Pentium 166 MHz Asus TX97-X i430TX PC66 SDRAM 2-2-3-4 42 --------[ FPU Julia ]--------------------------------------------------------------------------------------------------- 16x Xeon E5-2670 HT 2600 MHz Supermicro X9DR6-F C600 Quad DDR3-1333 9-9-9-24 58128 6x Core i7-5820K HT 3300 MHz Gigabyte GA-X99-UD4 X99 Quad DDR4-2133 15-15-15-36 CR2 40501 32x Opteron 6274 2200 MHz Supermicro H8DGI-F SR5690 Dual DDR3-1600R 11-11-11-28 CR1 28132 4x Core i7-4770 HT 3400 MHz Intel DZ87KLT-75K Z87 Int. Dual DDR3-1600 9-9-9-27 CR2 26942 4x Xeon E3-1245 v3 HT 3400 MHz Supermicro X10SAE C226 Int. Dual DDR3-1600 11-11-11-28 CR1 26912 6x Core i7-4930K HT 3400 MHz Gigabyte GA-X79-UD3 X79 Quad DDR3-1866 9-10-9-27 CR2 26601 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 25689 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 18227 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 17624 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 17015 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 16843 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 15624 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 13544 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 12012 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 11280 6x Phenom II X6 Black 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 10785 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 10535 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 10416 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 8882 8x Atom C2750 2400 MHz Supermicro A1SAi-2750F Avoton Dual DDR3-1600 11-11-11-28 CR1 8497 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 7411 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 7281 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 7077 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 6508 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 6373 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 6274 4x A10-6800K 4100 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-2133 9-11-10-27 CR2 6245 4x A10-7850K 3700 MHz Gigabyte GA-F2A88XM-D3H A88X Int. Dual DDR3-2133 9-11-10-31 CR2 5941 4x A10-5800K 3800 MHz Asus F2A55-M A55 Int. Dual DDR3-1866 9-10-9-27 CR2 5744 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 5552 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 5327 4x Athlon 5350 2050 MHz ASRock AM1B-ITX Yangtze Int. DDR3-1600 SDRAM 11-11-11-28 CR2 5245 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 4771 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 3509 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 2731 2x Core 2 Duo E4400 2000 MHz [ TRIAL VERSION ] i945P Dual DDR2-667 5-5-5-15 2366 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 2307 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 2255 2x Xeon 3066 MHz Asus PCH-DL i875P + PAT Dual DDR333 2.5-3-3-7 2141 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 2039 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 1815 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 1738 Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 1723 P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 1239 P4EE 3466 MHz ASRock 775Dual-880Pro PT880Pro Dual DDR2-400 3-3-3-8 CR2 1203 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 1187 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 1086 2x Core Duo T2500 2000 MHz Asus N4L-VM DH i945GT Int. Dual DDR2-667 5-5-5-15 1021 P4 2800 MHz MSI 848P Neo-S i848P DDR400 SDRAM 2.5-3-3-8 974 Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 954 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 914 P4 2400 MHz Abit SI7 SiSR658 Dual PC1066 RDRAM - 839 Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 795 Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 783 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 724 Celeron 2000 MHz Gigabyte GA-8TRS350MT RS350 Int. Dual DDR400 2-2-4-6 CR1 703 Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 624 AthlonXP 3200+ 2200 MHz Asus A7N8X-E nForce2-U400 Dual DDR400 2.5-4-4-8 CR1 607 Celeron 1700 MHz Asus P4B i845 PC133 SDRAM 3-3-3-6 594 2x PIII-S 1266 MHz MSI Pro266TD Master-LR ApolloPro266TD DDR266 SDRAM 2-3-3-6 CR2 578 Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 568 P4 1600 MHz Abit TH7II i850 Dual PC800 RDRAM - 560 Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 550 Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 456 Duron 1600 MHz MSI KT6V-LSR KT600 DDR400 SDRAM 3-3-3-8 CR2 443 Pentium M 730 1600 MHz AOpen i915Ga-HFS i915G Int. Dual DDR2-533 4-4-4-12 403 AthlonXP 1600+ 1400 MHz Acorp 7KMM1 KM133A Int. PC133 SDRAM 3-3-3-6 385 Athlon 1400 MHz PCChips M817LMR MAGiK1 DDR266 SDRAM 2-2-2-6 381 Celeron 215 1333 MHz Intel D201GLY SiS662 Int. DDR2-533 5-4-4-12 340 Celeron M 320 1300 MHz DFI 855GME-MGF i855GME Int. DDR333 SDRAM 2.5-3-3-7 332 Efficeon 8600 1000 MHz ECS 532 Notebook Efficeon DDR266 SDRAM 327 2x PIII-E 733 MHz Tyan Thunder 2500 ServerSet3HE PC133R SDRAM 3-3-3-6 321 C7 1500 MHz VIA EPIA EN CN700 Int. DDR2-533 SDRAM 4-4-4-12 CR2 231 2x PIII 500 MHz Epox KP6-BS i440BX PC100R SDRAM 3-3-3-? 220 Athlon 750 MHz Epox EP-7KXA KX133 PC133 SDRAM 3-3-3-6 206 Duron 600 MHz Abit KG7-Lite AMD-760 DDR200R SDRAM 2-2-2-5 165 Celeron 700 MHz PCChips M758LT SiS630ET Int. PC100 SDRAM 3-3-3-6 149 C3 1333 MHz VIA EPIA SP CN400 Int. DDR400 SDRAM 3-3-3-8 CR2 146 PIII 450 MHz Asus P3C-S i820 PC600 RDRAM - 100 K6-III 400 MHz Epox EP-MVP3G-M MVP3 PC100 SDRAM 2-2-2-5 86 C3 800 MHz VIA EPIA PLE133 Int. PC133 SDRAM 3-3-3-6 80 K6-2 333 MHz Amptron PM-9100LMR SiS5597 Ext. PC66 SDRAM 3-3-3-6 71 Crusoe 5800 1000 MHz ECS A530 DeskNote Crusoe DDR266 SDRAM 61 2x PII 333 MHz Intel DK440LX i440LX PC66 SDRAM 3-2-2-? 61 2x PentiumPro 200 MHz Compaq ProLiant 800 i440FX Dual EDO - 37 2x PentiumMMX 200 MHz Gigabyte GA-586DX i430HX Dual EDO - 30 Celeron 266 MHz Epox P2-100B ApolloPro PC66 SDRAM 3-2-2-5 25 Pentium 166 MHz Asus TX97-X i430TX PC66 SDRAM 2-2-3-4 13 K5 PR166 116 MHz Asus P5A ALADDiN5 PC66 SDRAM 2-2-2-6 8 MediaGXm 233 MHz ALD NPC6836 Cx5520 PC60 SDRAM 3-3-3-6 4 --------[ FPU Mandel ]-------------------------------------------------------------------------------------------------- 16x Xeon E5-2670 HT 2600 MHz Supermicro X9DR6-F C600 Quad DDR3-1333 9-9-9-24 29515 6x Core i7-5820K HT 3300 MHz Gigabyte GA-X99-UD4 X99 Quad DDR4-2133 15-15-15-36 CR2 21171 32x Opteron 6274 2200 MHz Supermicro H8DGI-F SR5690 Dual DDR3-1600R 11-11-11-28 CR1 14493 4x Core i7-4770 HT 3400 MHz Intel DZ87KLT-75K Z87 Int. Dual DDR3-1600 9-9-9-27 CR2 14083 4x Xeon E3-1245 v3 HT 3400 MHz Supermicro X10SAE C226 Int. Dual DDR3-1600 11-11-11-28 CR1 14073 6x Core i7-4930K HT 3400 MHz Gigabyte GA-X79-UD3 X79 Quad DDR3-1866 9-10-9-27 CR2 13559 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 12984 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 9288 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 8906 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 8478 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 8382 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 8047 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 7074 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 6096 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 5850 6x Phenom II X6 Black 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 5555 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 5365 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 5256 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 4481 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 3804 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 3802 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 3352 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 3348 4x A10-6800K 4100 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-2133 9-11-10-27 CR2 3323 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 3310 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 3212 4x A10-5800K 3800 MHz Asus F2A55-M A55 Int. Dual DDR3-1866 9-10-9-27 CR2 3042 4x A10-7850K 3700 MHz Gigabyte GA-F2A88XM-D3H A88X Int. Dual DDR3-2133 9-11-10-31 CR2 2996 8x Atom C2750 2400 MHz Supermicro A1SAi-2750F Avoton Dual DDR3-1600 11-11-11-28 CR1 2981 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 2801 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 2618 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 2446 4x Athlon 5350 2050 MHz ASRock AM1B-ITX Yangtze Int. DDR3-1600 SDRAM 11-11-11-28 CR2 2325 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 1770 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 1428 2x Core 2 Duo E4400 2000 MHz [ TRIAL VERSION ] i945P Dual DDR2-667 5-5-5-15 1192 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 1180 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 1155 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 1129 2x Xeon 3066 MHz Asus PCH-DL i875P + PAT Dual DDR333 2.5-3-3-7 1096 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 1050 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 888 Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 808 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 687 P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 620 P4EE 3466 MHz ASRock 775Dual-880Pro PT880Pro Dual DDR2-400 3-3-3-8 CR2 616 2x Core Duo T2500 2000 MHz Asus N4L-VM DH i945GT Int. Dual DDR2-667 5-5-5-15 511 P4 2800 MHz MSI 848P Neo-S i848P DDR400 SDRAM 2.5-3-3-8 498 Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 481 P4 2400 MHz Abit SI7 SiSR658 Dual PC1066 RDRAM - 429 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 427 Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 400 Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 400 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 376 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 364 Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 361 Celeron 2000 MHz Gigabyte GA-8TRS350MT RS350 Int. Dual DDR400 2-2-4-6 CR1 360 Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 328 Celeron 1700 MHz Asus P4B i845 PC133 SDRAM 3-3-3-6 305 P4 1600 MHz Abit TH7II i850 Dual PC800 RDRAM - 287 AthlonXP 3200+ 2200 MHz Asus A7N8X-E nForce2-U400 Dual DDR400 2.5-4-4-8 CR1 278 Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 264 Pentium M 730 1600 MHz AOpen i915Ga-HFS i915G Int. Dual DDR2-533 4-4-4-12 206 Duron 1600 MHz MSI KT6V-LSR KT600 DDR400 SDRAM 3-3-3-8 CR2 203 2x PIII-S 1266 MHz MSI Pro266TD Master-LR ApolloPro266TD DDR266 SDRAM 2-3-3-6 CR2 188 AthlonXP 1600+ 1400 MHz Acorp 7KMM1 KM133A Int. PC133 SDRAM 3-3-3-6 177 Athlon 1400 MHz PCChips M817LMR MAGiK1 DDR266 SDRAM 2-2-2-6 176 Celeron 215 1333 MHz Intel D201GLY SiS662 Int. DDR2-533 5-4-4-12 170 Efficeon 8600 1000 MHz ECS 532 Notebook Efficeon DDR266 SDRAM 162 Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 158 Celeron M 320 1300 MHz DFI 855GME-MGF i855GME Int. DDR333 SDRAM 2.5-3-3-7 154 2x PIII-E 733 MHz Tyan Thunder 2500 ServerSet3HE PC133R SDRAM 3-3-3-6 113 Athlon 750 MHz Epox EP-7KXA KX133 PC133 SDRAM 3-3-3-6 94 C7 1500 MHz VIA EPIA EN CN700 Int. DDR2-533 SDRAM 4-4-4-12 CR2 88 2x PIII 500 MHz Epox KP6-BS i440BX PC100R SDRAM 3-3-3-? 78 Duron 600 MHz Abit KG7-Lite AMD-760 DDR200R SDRAM 2-2-2-5 76 Crusoe 5800 1000 MHz ECS A530 DeskNote Crusoe DDR266 SDRAM 70 C3 1333 MHz VIA EPIA SP CN400 Int. DDR400 SDRAM 3-3-3-8 CR2 62 Celeron 700 MHz PCChips M758LT SiS630ET Int. PC100 SDRAM 3-3-3-6 54 2x PII 333 MHz Intel DK440LX i440LX PC66 SDRAM 3-2-2-? 51 PIII 450 MHz Asus P3C-S i820 PC600 RDRAM - 35 2x PentiumPro 200 MHz Compaq ProLiant 800 i440FX Dual EDO - 31 C3 800 MHz VIA EPIA PLE133 Int. PC133 SDRAM 3-3-3-6 26 2x PentiumMMX 200 MHz Gigabyte GA-586DX i430HX Dual EDO - 24 Celeron 266 MHz Epox P2-100B ApolloPro PC66 SDRAM 3-2-2-5 21 K6-III 400 MHz Epox EP-MVP3G-M MVP3 PC100 SDRAM 2-2-2-5 16 K6-2 333 MHz Amptron PM-9100LMR SiS5597 Ext. PC66 SDRAM 3-3-3-6 13 Pentium 166 MHz Asus TX97-X i430TX PC66 SDRAM 2-2-3-4 10 K5 PR166 116 MHz Asus P5A ALADDiN5 PC66 SDRAM 2-2-2-6 5 MediaGXm 233 MHz ALD NPC6836 Cx5520 PC60 SDRAM 3-3-3-6 3 --------[ FPU SinJulia ]------------------------------------------------------------------------------------------------ 16x Xeon E5-2670 HT 2600 MHz Supermicro X9DR6-F C600 Quad DDR3-1333 9-9-9-24 16009 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 7493 6x Core i7-4930K HT 3400 MHz Gigabyte GA-X79-UD3 X79 Quad DDR3-1866 9-10-9-27 CR2 7267 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 7205 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 7042 32x Opteron 6274 2200 MHz Supermicro H8DGI-F SR5690 Dual DDR3-1600R 11-11-11-28 CR1 6904 6x Core i7-5820K HT 3300 MHz Gigabyte GA-X99-UD4 X99 Quad DDR4-2133 15-15-15-36 CR2 6503 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 4975 4x Core i7-4770 HT 3400 MHz Intel DZ87KLT-75K Z87 Int. Dual DDR3-1600 9-9-9-27 CR2 4708 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 4672 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 4657 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 4633 4x Xeon E3-1245 v3 HT 3400 MHz Supermicro X10SAE C226 Int. Dual DDR3-1600 11-11-11-28 CR1 4577 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 4135 6x Phenom II X6 Black 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 3215 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 3104 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 2847 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 2668 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 2594 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 2314 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 2271 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 2221 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 2208 8x Atom C2750 2400 MHz Supermicro A1SAi-2750F Avoton Dual DDR3-1600 11-11-11-28 CR1 2031 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 1939 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 1872 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 1859 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 1619 4x A10-6800K 4100 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-2133 9-11-10-27 CR2 1482 4x A10-7850K 3700 MHz Gigabyte GA-F2A88XM-D3H A88X Int. Dual DDR3-2133 9-11-10-31 CR2 1480 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 1422 4x A10-5800K 3800 MHz Asus F2A55-M A55 Int. Dual DDR3-1866 9-10-9-27 CR2 1378 4x Athlon 5350 2050 MHz ASRock AM1B-ITX Yangtze Int. DDR3-1600 SDRAM 11-11-11-28 CR2 1261 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 1179 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 1049 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 1023 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 962 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 941 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 831 2x Core 2 Duo E4400 2000 MHz [ TRIAL VERSION ] i945P Dual DDR2-667 5-5-5-15 692 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 685 2x Core Duo T2500 2000 MHz Asus N4L-VM DH i945GT Int. Dual DDR2-667 5-5-5-15 663 2x Xeon 3066 MHz Asus PCH-DL i875P + PAT Dual DDR333 2.5-3-3-7 658 P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 516 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 505 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 458 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 453 2x PIII-S 1266 MHz MSI Pro266TD Master-LR ApolloPro266TD DDR266 SDRAM 2-3-3-6 CR2 421 P4EE 3466 MHz ASRock 775Dual-880Pro PT880Pro Dual DDR2-400 3-3-3-8 CR2 370 Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 361 AthlonXP 3200+ 2200 MHz Asus A7N8X-E nForce2-U400 Dual DDR400 2.5-4-4-8 CR1 357 Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 328 P4 2800 MHz MSI 848P Neo-S i848P DDR400 SDRAM 2.5-3-3-8 299 Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 286 Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 278 Pentium M 730 1600 MHz AOpen i915Ga-HFS i915G Int. Dual DDR2-533 4-4-4-12 272 Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 263 Duron 1600 MHz MSI KT6V-LSR KT600 DDR400 SDRAM 3-3-3-8 CR2 261 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 261 P4 2400 MHz Abit SI7 SiSR658 Dual PC1066 RDRAM - 258 2x PIII-E 733 MHz Tyan Thunder 2500 ServerSet3HE PC133R SDRAM 3-3-3-6 238 AthlonXP 1600+ 1400 MHz Acorp 7KMM1 KM133A Int. PC133 SDRAM 3-3-3-6 227 Athlon 1400 MHz PCChips M817LMR MAGiK1 DDR266 SDRAM 2-2-2-6 225 Celeron M 320 1300 MHz DFI 855GME-MGF i855GME Int. DDR333 SDRAM 2.5-3-3-7 224 Celeron 215 1333 MHz Intel D201GLY SiS662 Int. DDR2-533 5-4-4-12 221 Celeron 2000 MHz Gigabyte GA-8TRS350MT RS350 Int. Dual DDR400 2-2-4-6 CR1 216 Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 206 Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 204 Celeron 1700 MHz Asus P4B i845 PC133 SDRAM 3-3-3-6 188 P4 1600 MHz Abit TH7II i850 Dual PC800 RDRAM - 169 2x PIII 500 MHz Epox KP6-BS i440BX PC100R SDRAM 3-3-3-? 163 Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 131 Athlon 750 MHz Epox EP-7KXA KX133 PC133 SDRAM 3-3-3-6 121 Celeron 700 MHz PCChips M758LT SiS630ET Int. PC100 SDRAM 3-3-3-6 114 2x PII 333 MHz Intel DK440LX i440LX PC66 SDRAM 3-2-2-? 109 Efficeon 8600 1000 MHz ECS 532 Notebook Efficeon DDR266 SDRAM 106 Duron 600 MHz Abit KG7-Lite AMD-760 DDR200R SDRAM 2-2-2-5 96 PIII 450 MHz Asus P3C-S i820 PC600 RDRAM - 74 Crusoe 5800 1000 MHz ECS A530 DeskNote Crusoe DDR266 SDRAM 71 2x PentiumMMX 200 MHz Gigabyte GA-586DX i430HX Dual EDO - 65 2x PentiumPro 200 MHz Compaq ProLiant 800 i440FX Dual EDO - 65 K6-III 400 MHz Epox EP-MVP3G-M MVP3 PC100 SDRAM 2-2-2-5 51 C7 1500 MHz VIA EPIA EN CN700 Int. DDR2-533 SDRAM 4-4-4-12 CR2 46 Celeron 266 MHz Epox P2-100B ApolloPro PC66 SDRAM 3-2-2-5 43 K6-2 333 MHz Amptron PM-9100LMR SiS5597 Ext. PC66 SDRAM 3-3-3-6 41 C3 1333 MHz VIA EPIA SP CN400 Int. DDR400 SDRAM 3-3-3-8 CR2 36 Pentium 166 MHz Asus TX97-X i430TX PC66 SDRAM 2-2-3-4 27 C3 800 MHz VIA EPIA PLE133 Int. PC133 SDRAM 3-3-3-6 21 MediaGXm 233 MHz ALD NPC6836 Cx5520 PC60 SDRAM 3-3-3-6 17 K5 PR166 116 MHz Asus P5A ALADDiN5 PC66 SDRAM 2-2-2-6 6 --------[ Debug - PCI ]------------------------------------------------------------------------------------------------- B00 D00 F00: Intel 82945P Memory Controller Hub [A-2] Offset 000: 86 80 70 27 06 00 90 20 02 00 00 06 00 00 00 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 78 81 Offset 030: 00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00 00 Offset 040: 01 90 D1 FE 01 40 D1 FE 05 00 00 F0 01 80 D1 FE Offset 050: 00 00 02 00 03 00 00 10 00 00 00 00 00 00 00 00 Offset 060: 00 30 D1 FE 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 10 11 11 01 00 33 33 00 FF 03 00 00 C0 0A 38 00 Offset 0A0: 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 Offset 0E0: 09 00 09 51 CA E1 9B 98 06 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 86 0F 03 00 00 00 00 00 B00 D01 F00: Intel 82945P PCI Express Root Port [A-2] Offset 000: 86 80 71 27 07 01 10 00 02 00 04 06 04 00 01 00 Offset 010: 00 00 00 00 00 00 00 00 00 05 05 00 E0 E0 00 20 Offset 020: 00 DC F0 DD 01 DE F1 EF 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 88 00 00 00 00 00 00 00 10 01 1A 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 Offset 080: 01 90 02 C8 00 00 00 00 0D 80 00 00 86 80 00 00 Offset 090: 05 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 10 00 41 01 00 00 00 00 00 00 00 00 01 25 01 02 Offset 0B0: 40 00 01 11 80 25 00 00 C0 01 48 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 01 00 00 00 00 00 86 0F 03 00 00 00 00 00 B00 D1B F00: Intel 82801GB ICH7 - High Definition Audio Controller [A-1] Offset 000: 86 80 D8 27 06 00 10 00 01 00 03 04 04 00 00 00 Offset 010: 04 80 CF DB 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 49 82 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 13 01 00 00 Offset 040: 03 00 00 03 07 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 60 42 C8 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 05 70 80 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 10 00 91 00 00 00 00 00 00 08 10 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 86 0F 01 00 00 00 00 00 B00 D1C F00: Intel 82801GB ICH7 - PCI Express Root Port 1 [A-1] Offset 000: 86 80 D0 27 05 01 10 00 01 00 04 06 04 00 81 00 Offset 010: 00 00 00 00 00 00 00 00 00 04 04 00 D0 D0 00 20 Offset 020: F0 FF 00 00 F1 FF 01 00 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 40 00 00 00 00 00 00 00 10 01 06 00 Offset 040: 10 80 41 01 C0 0F 00 00 00 00 10 00 11 2C 11 01 Offset 050: 40 00 01 10 60 05 08 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 0D A0 00 00 43 10 79 81 00 00 00 00 00 00 00 00 Offset 0A0: 01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 Offset 0E0: 00 00 C7 00 06 07 08 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 86 0F 01 00 00 00 00 00 B00 D1C F02: Intel 82801GB ICH7 - PCI Express Root Port 3 [A-1] Offset 000: 86 80 D4 27 07 01 10 00 01 00 04 06 04 00 81 00 Offset 010: 00 00 00 00 00 00 00 00 00 03 03 00 C0 C0 00 00 Offset 020: F0 DB F0 DB F1 FF 01 00 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 40 00 00 00 00 00 00 00 12 03 06 00 Offset 040: 10 80 41 00 C0 0F 00 00 00 00 10 00 11 2C 11 03 Offset 050: 40 00 11 30 60 05 18 00 00 00 48 01 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 0D A0 00 00 43 10 79 81 00 00 00 00 00 00 00 00 Offset 0A0: 01 00 02 C8 00 01 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 Offset 0E0: 00 00 C7 00 06 07 08 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 86 0F 01 00 00 00 00 00 B00 D1C F03: Intel 82801GB ICH7 - PCI Express Root Port 4 [A-1] Offset 000: 86 80 D6 27 07 01 10 00 01 00 04 06 04 00 81 00 Offset 010: 00 00 00 00 00 00 00 00 00 02 02 00 A0 B0 00 00 Offset 020: E0 DB E0 DB F1 FF 01 00 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 40 00 00 00 00 00 00 00 13 04 06 00 Offset 040: 10 80 41 00 C0 0F 00 00 00 00 10 00 11 2C 11 04 Offset 050: 40 00 11 30 60 05 20 00 00 00 48 01 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 0D A0 00 00 43 10 79 81 00 00 00 00 00 00 00 00 Offset 0A0: 01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 Offset 0E0: 00 00 C7 00 06 07 08 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 86 0F 01 00 00 00 00 00 B00 D1D F00: Intel 82801GB ICH7 - USB Universal Host Controller [A-1] Offset 000: 86 80 C8 27 05 00 80 02 01 00 03 0C 00 00 80 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 01 60 00 00 00 00 00 00 00 00 00 00 43 10 79 81 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 14 01 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 20 00 00 00 00 00 00 00 00 01 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 86 0F 01 00 00 00 00 00 B00 D1D F01: Intel 82801GB ICH7 - USB Universal Host Controller [A-1] Offset 000: 86 80 C9 27 05 00 80 02 01 00 03 0C 00 00 00 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 01 64 00 00 00 00 00 00 00 00 00 00 43 10 79 81 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 11 02 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 20 00 00 00 00 00 00 00 00 01 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 86 0F 01 00 00 00 00 00 B00 D1D F02: Intel 82801GB ICH7 - USB Universal Host Controller [A-1] Offset 000: 86 80 CA 27 05 00 80 02 01 00 03 0C 00 00 00 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 01 68 00 00 00 00 00 00 00 00 00 00 43 10 79 81 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 12 03 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 20 00 00 00 00 00 00 00 00 01 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 86 0F 01 00 00 00 00 00 B00 D1D F03: Intel 82801GB ICH7 - USB Universal Host Controller [A-1] Offset 000: 86 80 CB 27 05 00 80 02 01 00 03 0C 00 00 00 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 01 70 00 00 00 00 00 00 00 00 00 00 43 10 79 81 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 13 04 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 20 00 00 00 00 00 00 00 00 01 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 86 0F 01 00 00 00 00 00 B00 D1D F07: Intel 82801GB ICH7 - Enhanced USB2 Controller [A-1] Offset 000: 86 80 CC 27 06 00 90 02 01 20 03 0C 00 00 00 00 Offset 010: 00 FC CF DB 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 79 81 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 14 01 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 58 C2 C9 00 00 00 00 0A 00 A0 20 00 00 00 00 Offset 060: 20 20 FF 01 00 00 00 00 01 00 00 00 00 20 00 C0 Offset 070: 00 00 DF 3F 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 AA FF 00 FF 00 FF 00 20 00 00 88 Offset 0E0: 00 00 00 00 DB B6 6D 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 80 00 09 88 85 40 00 86 0F 01 00 06 17 02 20 B00 D1E F00: Intel 82801GB I/O Controller Hub 7 (ICH7) [A-1] Offset 000: 86 80 4E 24 07 01 10 00 E1 01 04 06 00 00 01 00 Offset 010: 00 00 00 00 00 00 00 00 00 01 01 20 90 90 80 22 Offset 020: D0 DB D0 DB F1 FF 01 00 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 00 00 06 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 12 00 00 Offset 050: 0D 00 00 00 43 10 79 81 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 86 0F 01 00 00 00 00 00 B00 D1F F00: Intel 82801GB ICH7 - LPC Bridge [A-1] Offset 000: 86 80 B8 27 07 00 10 02 01 00 01 06 00 00 80 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 79 81 Offset 030: 00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00 00 Offset 040: 01 08 00 00 80 00 00 00 81 04 00 00 10 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 85 8B 8B 8A D0 00 00 00 83 80 80 8B 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 0F 14 00 00 00 00 91 02 04 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 28 02 00 00 29 00 00 00 13 00 00 00 00 03 00 00 Offset 0B0: 00 00 F0 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 33 22 11 00 67 45 00 00 C0 80 00 00 00 00 00 00 Offset 0E0: 09 00 0C 10 A8 00 24 00 00 00 00 00 00 00 00 00 Offset 0F0: 01 C0 D1 FE 00 00 00 00 86 0F 01 00 00 00 00 00 B00 D1F F01: Intel 82801GB ICH7 - ATA-100 IDE Controller [A-1] Offset 000: 86 80 DF 27 05 00 80 02 01 8A 01 01 00 00 00 00 Offset 010: 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 Offset 020: A1 FF 00 00 00 00 00 00 00 00 00 00 43 10 79 81 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 Offset 040: 03 A3 00 80 00 00 00 00 01 00 02 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 86 0F 01 00 00 00 00 00 B00 D1F F02: Intel 82801GB ICH7 - SATA Controller [A-1] Offset 000: 86 80 C0 27 05 00 B0 02 01 8F 01 01 00 00 00 00 Offset 010: 01 88 00 00 01 84 00 00 01 80 00 00 01 78 00 00 Offset 020: 01 74 00 00 00 00 00 00 00 00 00 00 43 10 01 26 Offset 030: 00 00 00 00 70 00 00 00 00 00 00 00 17 02 00 00 Offset 040: 07 A3 00 80 00 00 00 00 01 00 01 00 00 00 00 00 Offset 050: 00 00 00 00 30 10 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 01 00 02 40 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 05 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 1F 00 80 01 00 40 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 86 0F 01 00 00 00 00 00 B00 D1F F03: Intel 82801GB ICH7 - SMBus Controller [A-1] Offset 000: 86 80 DA 27 01 00 80 02 01 00 05 0C 00 00 00 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 01 04 00 00 00 00 00 00 00 00 00 00 43 10 79 81 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 0B 02 00 00 Offset 040: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 86 0F 01 00 00 00 00 00 B01 D04 F00: VIA VT6308 Fire IIM IEEE1394 Host Controller Offset 000: 06 11 44 30 17 00 10 02 C0 10 00 0C 04 40 00 00 Offset 010: 00 F8 DF DB 01 98 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 FE 81 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 17 01 00 20 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 00 02 E4 00 00 00 00 00 00 00 00 43 10 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B02 D00 F00: JMicron JMB360 SATA-II AHCI Controller Offset 000: 7B 19 60 23 07 00 10 00 02 85 01 01 04 00 00 00 Offset 010: 01 B8 00 00 01 B4 00 00 01 B0 00 00 01 A8 00 00 Offset 020: 01 A4 00 00 00 E0 EF DB 00 00 00 00 43 10 08 82 Offset 030: 00 00 00 00 68 00 00 00 00 00 00 00 13 01 00 00 Offset 040: 11 51 00 20 00 00 7F 75 30 00 00 3F 00 00 00 00 Offset 050: 10 00 11 02 00 00 00 00 00 20 08 00 11 44 02 01 Offset 060: 40 00 11 10 00 00 00 00 01 50 02 40 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: C3 8B 38 00 03 45 02 00 00 00 3F 00 00 00 00 00 Offset 0D0: 18 00 80 80 01 00 00 00 00 00 EB 00 00 00 00 01 Offset 0E0: 00 00 00 00 00 00 00 00 98 34 27 C0 49 4E 00 89 Offset 0F0: 00 00 00 00 00 00 00 00 40 00 40 00 00 00 00 00 B03 D00 F00: Attansic L1 Gigabit Ethernet Adapter Offset 000: 69 19 48 10 06 00 10 00 B0 00 00 02 04 00 00 00 Offset 010: 04 00 FC DB 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 26 82 Offset 030: 00 00 00 00 40 00 00 00 00 00 00 00 12 01 00 00 Offset 040: 01 48 02 C0 00 01 00 00 05 58 80 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 10 00 01 00 80 7F 28 00 Offset 060: 00 20 1A 00 11 F4 03 00 40 00 11 10 03 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 69 19 48 10 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B05 D00 F00: nVIDIA GeForce 210 Video Adapter Offset 000: DE 10 65 0A 07 00 10 00 A2 00 00 03 04 00 80 00 Offset 010: 00 00 00 DC 0C 00 00 E0 00 00 00 00 0C 00 00 DE Offset 020: 00 00 00 00 01 E8 00 00 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 60 00 00 00 00 00 00 00 10 01 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 00 00 00 01 00 00 00 CE D6 23 00 00 00 00 00 Offset 060: 01 68 03 00 08 00 00 00 05 78 80 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 10 B4 02 00 E0 8D 2C 01 Offset 080: 10 29 00 00 01 3D 05 00 48 01 01 11 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 09 00 14 01 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B05 D00 F01: nVIDIA GT218 - High Definition Audio Controller Offset 000: DE 10 E3 0B 06 00 10 00 A1 00 03 04 04 00 80 00 Offset 010: 00 C0 FF DD 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 60 00 00 00 00 00 00 00 11 02 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 CE D6 23 00 00 00 00 00 Offset 060: 01 68 03 00 08 00 00 00 05 78 80 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 10 00 02 00 A0 8D 2C 01 Offset 080: 10 29 00 00 01 3D 04 00 4B 01 01 11 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCI-8086-2770: Intel i945/955/975/E7230 MCHBAR Offset 100: 00 00 10 20 00 00 00 00 00 33 00 00 38 00 00 00 Offset 110: E8 38 40 DB 33 8C 78 54 5F 02 00 80 FF 01 FF 03 Offset 120: 06 4B 00 40 00 05 00 80 F0 11 00 00 00 00 00 00 Offset 130: C4 06 00 00 6D 06 1A 87 01 02 08 00 00 00 00 00 Offset 140: 00 00 00 00 00 00 00 00 02 04 0C 0C 1A 1A 00 7E Offset 150: 22 A9 39 E1 78 92 B0 CB 00 7E 21 00 00 00 00 00 Offset 160: 00 00 00 00 20 00 00 00 00 92 62 43 98 87 22 E0 Offset 170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 180: 30 40 50 60 00 00 00 00 33 33 00 00 3F 00 00 00 Offset 190: E8 38 40 DB 33 8C 78 54 5F 02 00 80 FF 01 FF 03 Offset 1A0: 06 4B 00 40 00 05 00 80 00 00 00 00 00 00 00 00 PCI-8086-2770: Intel i945/955/975/E7230 MCHBAR Offset 200: 01 04 0F 00 00 00 00 00 30 01 02 04 08 00 00 00 Offset 210: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCI-8086-2770: Intel i945/955/975/E7230 MCHBAR Offset C00: 32 00 00 20 01 01 01 01 00 00 00 00 00 00 00 00 Offset C10: 00 00 00 00 03 02 80 00 1F 1F 2F 3E 60 66 54 42 Offset C20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset C30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset C40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset C50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset C60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset C70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset C80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset C90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset CA0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset CB0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset CC0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset CD0: 01 01 01 01 00 00 00 00 01 00 00 FF 00 00 00 00 Offset CE0: 00 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 Offset CF0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 --------[ Debug - Video BIOS ]------------------------------------------------------------------------------------------ C000:0000 U.s.K7400.L.w.VIDEO ..........IBM VGA Compatible......+.05/11/11 C000:0040 ............y...._*......#............;>....D..EPMIDl.o....... C000:0080 .....3GeForce 210 VGA BIOS...................................... C000:00C0 .......................Version 70.18.5F.00.00 ...Copyright (C) 1 C000:0100 996-2010 NVIDIA Corp........b-....BIOS-P/N@N8571................ C000:0140 .....Chip Rev ................................................ C000:0180 ........PCIR..e.........s.......HYB$..BIT......E2...,.B. .8.C... C000:01C0 X.D...f.A...j.I...m.L....M.....N.....P.(...S.....T.....U.....V. C000:0200 ....x.....d.....p.....i.A.....).&...t.}.................._.p.J.. C000:0240 ..............\\....0.................e..A.........(...c...`.c.. C000:0280 ..............t..._.......^...w...................Q.....P.....(& C000:02C0 ..:.#".#E....].................C........._.p...u.V.j...03/24/10. C000:0300 .........d..............300.08730000........w.......E.>...x.r.r. C000:0340 ....s..... .w.......E.>...x.r.r.,...y...1.e.e...5.e.....z....... C000:0380 ..G.....L.Y.(...Q...E.........d...e.e...e.e.....a.e.x...f....... C000:03C0 ........n.w...q...v.t.Q...Y.x.>.z...........#.#.#.M.r.r...G.*... --------[ Debug - Unknown ]--------------------------------------------------------------------------------------------- Optical DTSOFT Virtual CdRom Device ------------------------------------------------------------------------------------------------------------------------ The names of actual companies and products mentioned herein may be the trademarks of their respective owners.